. [ 31.590693] audit: type=1800 audit(1569429154.264:34): pid=6814 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 [ 31.721432] random: sshd: uninitialized urandom read (32 bytes read) [ 31.979636] audit: type=1400 audit(1569429154.674:35): avc: denied { map } for pid=6984 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 32.031162] random: sshd: uninitialized urandom read (32 bytes read) [ 32.676398] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. syzkaller login: [ 38.207704] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/25 16:32:41 fuzzer started [ 38.404415] audit: type=1400 audit(1569429161.104:36): avc: denied { map } for pid=6994 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.298085] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/25 16:32:42 dialing manager at 10.128.0.105:37791 2019/09/25 16:32:42 syscalls: 2472 2019/09/25 16:32:42 code coverage: enabled 2019/09/25 16:32:42 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/25 16:32:42 extra coverage: extra coverage is not supported by the kernel 2019/09/25 16:32:42 setuid sandbox: enabled 2019/09/25 16:32:42 namespace sandbox: enabled 2019/09/25 16:32:42 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/25 16:32:42 fault injection: enabled 2019/09/25 16:32:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/25 16:32:42 net packet injection: enabled 2019/09/25 16:32:42 net device setup: enabled [ 41.387085] random: crng init done 16:34:11 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) 16:34:11 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x2c, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0) [ 128.290232] audit: type=1400 audit(1569429250.984:37): avc: denied { map } for pid=6994 comm="syz-fuzzer" path="/root/syzkaller-shm553827269" dev="sda1" ino=16490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 16:34:11 executing program 2: r0 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair(0x14, 0x0, 0x0, &(0x7f0000000900)) 16:34:11 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCDELDLCI(r0, 0x8981, 0x0) 16:34:11 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvfrom$inet(r0, 0x0, 0x0, 0x147, 0x0, 0x0) 16:34:11 executing program 4: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) read(r0, &(0x7f0000000100)=""/41, 0x2) close(r0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000), 0x43578cf5) splice(r0, 0x0, r1, 0x0, 0x200, 0x0) [ 128.316977] audit: type=1400 audit(1569429250.994:38): avc: denied { map } for pid=7012 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13818 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 128.561107] IPVS: ftp: loaded support on port[0] = 21 [ 129.330711] IPVS: ftp: loaded support on port[0] = 21 [ 129.387389] chnl_net:caif_netlink_parms(): no params data found [ 129.431047] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.437560] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.444773] device bridge_slave_0 entered promiscuous mode [ 129.452701] IPVS: ftp: loaded support on port[0] = 21 [ 129.464230] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.471169] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.478291] device bridge_slave_1 entered promiscuous mode [ 129.512007] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.545186] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.572429] chnl_net:caif_netlink_parms(): no params data found [ 129.594623] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 129.602503] team0: Port device team_slave_0 added [ 129.613649] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 129.620906] team0: Port device team_slave_1 added [ 129.628237] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 129.641260] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 129.691954] IPVS: ftp: loaded support on port[0] = 21 [ 129.713081] device hsr_slave_0 entered promiscuous mode [ 129.770489] device hsr_slave_1 entered promiscuous mode [ 129.845467] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 129.853079] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 129.865723] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.872499] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.879567] device bridge_slave_0 entered promiscuous mode [ 129.886911] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.893367] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.900506] device bridge_slave_1 entered promiscuous mode [ 129.967951] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.976924] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.983452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.990458] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.996808] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.013410] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.034049] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.041959] team0: Port device team_slave_0 added [ 130.049402] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.058206] team0: Port device team_slave_1 added [ 130.063412] chnl_net:caif_netlink_parms(): no params data found [ 130.083933] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 130.091562] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 130.172488] device hsr_slave_0 entered promiscuous mode [ 130.210469] device hsr_slave_1 entered promiscuous mode [ 130.257079] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.263888] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.271095] device bridge_slave_0 entered promiscuous mode [ 130.278049] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.284924] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.292247] device bridge_slave_1 entered promiscuous mode [ 130.298399] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 130.319474] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 130.330435] IPVS: ftp: loaded support on port[0] = 21 [ 130.346352] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 130.356085] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.389006] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.396754] team0: Port device team_slave_0 added [ 130.404413] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.411848] team0: Port device team_slave_1 added [ 130.421151] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.438724] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.459632] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 130.468972] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 130.480102] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 130.518766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.574134] device hsr_slave_0 entered promiscuous mode [ 130.610424] device hsr_slave_1 entered promiscuous mode [ 130.652766] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 130.659881] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 130.669046] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 130.675781] chnl_net:caif_netlink_parms(): no params data found [ 130.718019] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 130.727322] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 130.733671] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.753465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 130.761361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.775717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.786061] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 130.793684] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 130.795308] IPVS: ftp: loaded support on port[0] = 21 [ 130.800156] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.813001] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.820076] device bridge_slave_0 entered promiscuous mode [ 130.827383] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 130.843143] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 130.852360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 130.861957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.869838] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.876324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.883328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 130.890328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.897237] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.904916] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.911977] device bridge_slave_1 entered promiscuous mode [ 130.926724] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 130.933251] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.943496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 130.953649] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 130.993732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.001824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.009721] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.016150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.023006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.031251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.038762] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.045170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.052156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 131.064711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 131.093885] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 131.103884] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 131.115792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 131.123942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.131814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.139549] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.145955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.154613] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 131.170995] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 131.195459] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 131.202814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 131.211056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 131.219461] chnl_net:caif_netlink_parms(): no params data found [ 131.249074] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 131.258189] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 131.275024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 131.285059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.293109] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.302717] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 131.309889] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 131.317391] team0: Port device team_slave_0 added [ 131.324119] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 131.331534] team0: Port device team_slave_1 added [ 131.337366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.362214] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.369178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.377899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.385821] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.393330] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.403472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.411123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 131.451696] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 131.461361] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 131.468645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.476523] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.484607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.492296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.500206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.507673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.549283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 131.583405] device hsr_slave_0 entered promiscuous mode [ 131.620490] device hsr_slave_1 entered promiscuous mode [ 131.661018] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 131.667304] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 131.684295] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 131.691991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.699581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.707738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.715737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.725795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 131.735230] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 131.742662] chnl_net:caif_netlink_parms(): no params data found [ 131.751774] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.758164] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.765887] device bridge_slave_0 entered promiscuous mode [ 131.773819] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.781007] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.788058] device bridge_slave_1 entered promiscuous mode [ 131.794660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.802568] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.811224] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 131.823901] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 131.831397] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.843577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 131.851165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 131.860010] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 131.866151] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.887094] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 131.896464] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 131.903092] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.915189] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 131.925532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.935777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.944636] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.951264] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.959490] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 131.983787] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.990430] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.997422] device bridge_slave_0 entered promiscuous mode [ 132.004641] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 132.013336] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.021693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 132.029208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 132.037207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 132.044897] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.051280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.068611] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 132.075432] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.081990] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.089080] device bridge_slave_1 entered promiscuous mode [ 132.110723] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 132.127794] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 132.136191] team0: Port device team_slave_0 added [ 132.142852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 132.150549] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 132.157642] team0: Port device team_slave_1 added [ 132.164530] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 132.172752] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 132.183470] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 132.194844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 132.203096] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 132.228835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.241752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 132.250599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.265844] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 132.279291] team0: Port device team_slave_0 added [ 132.285316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 132.332126] device hsr_slave_0 entered promiscuous mode [ 132.390455] device hsr_slave_1 entered promiscuous mode [ 132.431313] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 132.438612] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 132.451807] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 132.458907] team0: Port device team_slave_1 added [ 132.468957] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 132.485502] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 132.497076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 132.506160] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 132.515479] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 132.523003] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 132.531261] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 132.544459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 132.554757] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 132.568251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 132.576362] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 132.585514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 132.594365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 16:34:15 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet_msfilter(r1, 0x0, 0x29, 0x0, 0x0) 16:34:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f0000000080), &(0x7f00000000c0)=0x4) [ 132.683764] device hsr_slave_0 entered promiscuous mode [ 132.716169] device hsr_slave_1 entered promiscuous mode 16:34:15 executing program 2: clone(0x800007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="13d50f34"], 0x4}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000040)}], 0x3}}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYRES64, @ANYRESDEC, @ANYRES32, @ANYPTR], 0x0, 0x28}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 132.750831] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 132.757859] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 132.774896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.789034] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 16:34:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x3, &(0x7f0000000280)=0x7, 0x54) 16:34:15 executing program 2: seccomp(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x5}]}) [ 132.797059] ptrace attach of "/root/syz-executor.2"[7067] was attempted by "/root/syz-executor.2"[7068] [ 132.808941] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 132.820509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 132.828141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 132.838877] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 16:34:15 executing program 2: ioperm(0x0, 0x3, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 16:34:15 executing program 0: r0 = socket(0x100000000011, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000002c0)={'lo\x00\x00\x00\x04\x00\x00\x00\x00\x00\x0f\x00\x00\xce\x00'}) [ 132.864131] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 132.880740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 132.913643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 132.920560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 132.927452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 132.956799] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 132.975209] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 132.982150] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.003790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.014362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.028413] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.042937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.051952] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 133.059240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.068290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.076278] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.082982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.089996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.101464] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 133.108366] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.118065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.130335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.138093] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.144744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.154392] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 133.163338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 133.170818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.177980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.185301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 133.194400] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 133.202219] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 133.208309] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.219499] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.226908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.234788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.241848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 133.252074] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 133.258150] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.267597] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.277405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.285500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.294104] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 133.302478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.312737] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.319742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.327916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.335618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.343553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.351665] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.358162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.366428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.384037] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.396682] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 133.406201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 133.414078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.422035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.429780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.437571] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.443980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.451574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.459609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.467419] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.473922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.481032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 133.488563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 133.496077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 133.504481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 16:34:16 executing program 1: syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT') 16:34:16 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) readv(r0, &(0x7f0000000600)=[{&(0x7f0000000580)=""/101, 0x360}], 0x1) recvmmsg(r0, &(0x7f0000000180), 0x221, 0x0, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) [ 133.512917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.521472] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 133.534166] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.544327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 133.559532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.571808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.582738] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.589218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.599491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 133.612982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 133.624123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.632010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 133.641722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 133.652982] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.664061] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.675677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 133.683507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.692901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.701509] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 133.709592] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.718063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.725526] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 133.737864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.746241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.754217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.762304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.774592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.782153] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 133.788589] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 133.797959] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 133.806768] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 133.814048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.821739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.830682] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 133.837830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 133.845949] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 133.859335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.868605] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 133.884392] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 133.893079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 133.903466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 133.911865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 133.919394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 133.932174] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 133.938242] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 133.952515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 133.960452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 133.967940] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 133.976958] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 133.986086] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 133.993017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 134.004290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.019246] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 134.032138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.417272] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 134.426567] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 16:34:17 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x7, 0x0, "b60110a74706edd7db86023058a70eba75a39952af8867fecf10e977fc68128194f12e155cb09c730647d05a80bad555a8c93b0d74e646cf055643eeff28e8d3db4764ef9b69fb290d3431f218f22c2d"}, 0xd8) sendto$inet(r0, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) 16:34:17 executing program 0: pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000540)=0x80005) getpid() r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) r1 = open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000007c0)={0x0, 0xffffffff, 0x0, 0x0, 0x1, [{}]}) [ 135.318676] audit: type=1804 audit(1569429258.014:39): pid=7135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir287825504/syzkaller.Ifp28y/3/bus" dev="sda1" ino=16542 res=1 [ 135.346333] hrtimer: interrupt took 25242 ns 16:34:18 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0x165801) r1 = memfd_create(&(0x7f0000000380)='\x00\xac=\x00\xd2[\xad\xbf%\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\x02\xf0\x86\\\x04\xce\xd3\xde/\xcc\xa3\xb3\xae0\x9f\xc1\x0f\x84HEHx\x00r\xb6\x87\xe0\xd1Fb\xb6\x97{\x18\x94\xeb\xdd\x84\x95\xbbu\x96~\xc8M\x95\x167\xe4F\xcc\xf4\x019|i\x9fS\xc3\x8c\tH\x1d\xf2A\x11\x96>\x9fkh\x87\x8f\xc0\xa0/\t\xe9u\x9a\x1e%\xa8\x11\x9b;Y\x99\x86\xf9\x8c\xfc\xc4/\x9f\xadi\xe688:\x02[\xd2\x83Q\xd2\x85\xcbO\xb4\xa4\xce\xefG\xdc\x14*.\xb1S\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00He|\xc5\xcc7\xde#\x16 \xcd\x87V\xfb\x02\x1c\xfbn%\xcb\x8fu\x02\xf02\x1eS%wk\xf2\x91\xe7\xa5\xb4N`\xa3\xceF\x8e\xe0\xea-\xfa\x8d\xab(>[\xe5-\x84,\x9f\x01\x8c 1\xc3\xb0\xed_ez9\x18^\xbc^\x0f\v\xbc\xdalB\x7fA\xb02>\xddRgs\x1dYE3\x9b1\xc2\xedu\xf4\x0eq\xf2ZNg\x80\xe3\xa1\x8f\x9f5\xa3B\xfb\x1eH\x05\b\xe9\x8d\x92\x8bV\xd5[\xd7\xd7\xff \xac\xc0\xa6\x83\t(\x0fg\x01PRP\x19\x93\xf7\xdd\xa4\xd9]\x1c\x7f\xad\xe55\xbeIE\xfa\f\xb0m\x84\x11.L\xb4[%R|_G\xc5\x00\xff\xc0\x88f\v/@\xf5$\xd7\x99:w\xbb\x80X\xd3;I\r\r\xd6\x91a\r\x9b\xec\x85\xe6\x96\xea\xf8\xbcX\xbau4x\b\")\xae', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0) 16:34:18 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x2) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x0, 0x2}, 0x20) 16:34:18 executing program 2: r0 = socket$inet(0x2, 0x3, 0x17) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000900)=ANY=[@ANYBLOB="e0000002ac1414aa0000000002000000ac1814aa00000000a199f8a888a92bf46e20a9b78003d91876c91bb5895cde5a8a60bd5ef900000080000000005cf3a3e292dd240ffb4b0a5961332a4569740308b3d3f90897ae90cda9829b22b7cf5f7cc678e055906d6c220f70e197d886c9581a1b3bfede9b89a80e46767f55640fde7c53e5ab563e6608d9ec3b7bd0072fe6f224e0026aa05105afedb90ac59314b8a0d5a6e74a82278d7f5d307668924e483f37c14df6f403d572095e5a2042c18ad5a4513f8fbc9484cfd089b1f9614ca45274bf0500000000000000eae611bb8a05d3b7036841d4a1fb46821e3a0aba38dab932c3cbef4bed4b06d4c81cfadd7cda098de62103b229352fc45187481d3b9959384b5e7d3caf7592bf5b6595997cb7cfbfd1cfee9edf32f52ed09840f6b52b09debdac4a8e77ca389831afb729ce2ac2cfea789f51dab4ca4940add9d2a3ca932fc2203fdfab37d83bb798982ede9820c45cb993654d6d6c629979fdeb69fbd8295ddc2f69c8fc7226e1eb2635d3e35d8e7585a49485672bd12b135bc817420a790c2d771cf07cd859fda1f7d4becf72d84000000000adf3b5c59c264cd05aa9c0318143a7a351749de7b74faf41bc09036366e8040ad66acf628bf980802063a731f43f75a59266b95233289e96c0272125fd8a027f9629bc858af022b675dc16ff394ee1a7fae644808c61358d895e8005741bf1f3bf325ff974e879fb0963000000000000d4a1e9cabca227269bc319a4a32baa870cd37c83e952d3bf8f6d48af7529f21a08ccb84548dc656537ffe7a1093cc6cc05b4a22e0343278b0ac19e588790fec6093caf4a7f152f7b6f227820a771676bcf4024e02ab544312ba631c5367033dcfeb7798fc9d64caa6df68e126123cb6bb1ca1cfd9d3abcbeda24a17e6e694a342f372e4f934e5f593798148a5a14096727de84db1c8c78389974731779c14f72ef09152901d0def18eea9f5f013065a2ce3b4e5d7da6bf4dd0367c9c4a06a467cc888a86bb5bdd85de28de16e0f682d65a3a85e060b3808bc6d6805d966670703946f0d776afd7aa941d34809758fede93a60e85c1bbc7ccdef6ab842602be7fc5296ba29eac7716fc19bc75943c04811396f2f2d97abc5047f1fcc1949f87908516a565fea56f23094ec02c82e9f38f84a704d1ea531e0b8adb29a4b73661b3fbef5aa380e0b7626c28969af5e712a6ff4b1d05f47136c8813c3a9a648f807f75664769924292edb32d7a509e491162fabf85ff6a7fea32d229b56eda4b0b87b10f2cabb2b89b51b5487be6ee521cfd22c5b4221c765b3d3528443c589a5b5690291539e28c4cb3f6b96578f67d4c5e47a907fbe7cb9ca5d7d1f7aabc77b7fa362883698c9f8d99d9e10d1a7e3f229f5a3870bc6ae2f533e17f65e3275a7d85736a931fd25644d8256077a5315067e9717a4f350c738a57eb1fbdb4f608b35bcc5563c5be0e4f058b2a3d3200"/1075], 0x18) 16:34:18 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="a4ab12f728db4b2b4d2f98e263ea4970d0d2cead772a050f34a2b8f2a7b79694f34b3b264b1f54debfda82355eaadea97954", 0x32}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:34:18 executing program 5: r0 = socket(0x10, 0x80002, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newtfilter={0x78, 0x2c, 0x701, 0x0, 0x0, {0x0, r2, {}, {}, {0x1}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x4c, 0x2, [@TCA_BPF_POLICE={0x40, 0x2, @TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}}, @TCA_BPF_FD={0x8}]}}]}, 0x78}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x332, 0x0) 16:34:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) fsetxattr$security_capability(r0, &(0x7f0000000000)='security.capability\x00', &(0x7f0000000040)=@v2, 0x14, 0x0) 16:34:18 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x211, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) write$binfmt_script(r0, &(0x7f00000009c0)=ANY=[], 0x378) [ 135.482295] ptrace attach of "/root/syz-executor.3"[7147] was attempted by "/root/syz-executor.3"[7151] 16:34:18 executing program 3: r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffffffffffff) 16:34:18 executing program 4: r0 = timerfd_create(0x7, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) [ 135.511976] audit: type=1400 audit(1569429258.204:40): avc: denied { map } for pid=7146 comm="syz-executor.4" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=25425 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 16:34:18 executing program 5: add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000440)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) 16:34:18 executing program 1: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 16:34:18 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup\x00\x1e\xa7\xd4\xea.G\x1c\x99\xa6\xb45\xfd\xbe\x80l(i\xe0\xda\x1e\xb5\x94\xf1y\xc8.\xe2c\xb8\xa0\xe8\xe2\xa2(\\y<;\xc1$<\x8c5B?1\xe3\xba\x96Z/\xf5\xce0\xc5\x86\xcf\xad\'v\xbe\xfb\xb6\x8e\xb7>\xd6#\xe1^\xa5\xfb\xfe\x03\xf8\vH\x92<~y\xc5o\xb7\'V\xc8\\fP\xc6\x12\vd\xf1\xf4N\xd6\x13\x8b\xf6I\x17p\x91\"!\x80\xa8=\xa1\xa0\xda\xbb\xae\xf4\x96\xfb\xaf\xdf\x06\xf4\x93\t3\x97\x17\x97\xa6\x0f\x9a\fT\x8e\x81`\xdd\xb3+\x17g\xcb\xcc\xd76H\xc9\xfa\x97\xe7\xe6\xa7)\x10\x17+\xc6\xb5\xb7\xe6\xe4P\x04*v=\x7f,\x1fB\x96?\xf0\\sE\xa8k\xfe\xef\xd0F\xdc\xbf,\xb2\x90\xc0\x86\x86WZ.\x02\xc2\xb4\xa6\xf31\xcc\xc1\xd9\rH\x93\x1a\xa7\xf1\xe4*\x9cl\x06\xff\x91!\b\x7f\xe4\xc6\xacWX\x95h\x94:6\x90r\x93_\xef(\x8f\ni\xb4\a\xa7\x15xF\xbb\xfasFo6~\xcc\x9ej\xa1\xb2X\x8e)?\xf5\xe8\xf2)\xb6\xc4P\x1f\xbc\xf1-4\x81\xf7\xaf\x02\x83\x05\"\xe7b\xc1\x15\xab\xa2\xc7\x8ei<\xde8\xe9MH:\xe9\xce\xe4\xa7l]\x9a\f\xef\x8a\xa8\x1e\xda\xf4\x92\\}d\xffnh%\xcf8\xf3\x84\x19\xbc\xcex\x13\xaa\xc2\xa6]\x1ck\bd\b\x15%\xb7\x107ra?\x8bI\xf4\xd7\xe6\xf5\xa8\x90\xab\xc9{[\xcc\xbe\x03Mi\x13\x03\x84,\x9d\xca\xcc\x85\xb1\xbf\x8b', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.procs\x00\x10\xb9\x04\x00&K\x8d\x91\xd35\x00\x00\x00\x87<\xf5\x9b\xe7\xbf\xc8\xc6\x99\x01EtO\xcb\xf5\x8fm\v\xab\to\x1fw\"\x04\xac\x93\"\xa55C6g\x0f\xe5\xfdl >3\b\x93\x13\xbf\x11]\xe6\b\xf4\x8f\xdf\xfa\xbfW\xb3\xc4\x02\x14\xfc\x9e$\xcfS\"\x06\xee\xc1\xb8\xd6:\t\x97\x03\xa7.\xf9\xae\x06\"\a\xf7\xc6w\x8b\x81\x01\x00\x00\x00\xb0\xc0W\xb7\x10\x97\xba\xdd\x94\xfc\\\xe3\x15\x00\x10\x00\x007>\x1c\xf0\"Q\xe8n\xc9#~\x92KH\x1f!\xa6\x15\xb1/\x97\xe8\n\x0e\x11u\x89^\x03\xd4\xc0y7\xd1\xc4\xfbG\xe0b\x9e\t\x00\x00\x00\x00\x00\x00\xc6\x06\aPl\xef\x9c-U[\xd5\xe11n N\xbc\xcf\x175cbR\xc8a\xe5\xde\x9ey\xf8T\xf6\x88\xe7\vG\xf6\x8a\b$?\x90X:a\xcb\x94\x19\xdbqT\xfe,\x01\xb9N\xb0\x96\xc0\xa7\xddko\x9d/R\x87\\g;\xbb\x97\x06y\xe3m\xf2Z%*\xcc&\n\'v\x04\xbc6E\xfe\xa2\xb8k~j\xd1\x13\x1c\x03e\x90\x04\xc3Utck\x9e\x13;\x1a\x19\x97\xcb_\x92\x89.^\x81u\'Pd\xff!W\x12\xfac6*z\x82\xf1\x12#\xc2\xc6\xa5\x8a[\xf3\x96\x00\x87#\x01\xe6h\xf8\xa8$\x87)\x02\xb0\xbe\x832\x10\xdb]\xbc\x8b\x8ct\x06q\x0f\xe4c\x19/\xae%(\xcd\xee\x80K\xd5~\x02`\x11\xed\xa6\xf0\xff\xa1#\xf4\x9f\xcb\xc6\x9a\xc3\x13\xda%\xc1\b\xa4\xcb)t\xbd\xfe\xe8\xbbK^GqB(\xd8C\xf8\x1e\x9a\x06\xd0\xcd\x93\xc1$\xcb\xfe\x1ftO\x14\x9f&\n\xc5\xa47\xb5\x8f\xb8y\xcf\'9\x86\xa3\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xce\xee\x96\xf7\xeff\xa9\xdb\xe7\xe7aCb\\\xf7TA\xd3z\xa7u\xa8\xac\x98\xa2\xe3\xe6\xc1\x82\xa3u\xfcx\xf1\x19\a@\xb2\xdd<\x04\xc7\xdb\x1e\xbb/\xee\x89E5r\xd9cy\xb8\x1cK;\xc8\x95w\xa2\xfdO\xf2\xab\x19\xd2<\f\xdeO\x1d`C\xc9\x97\x8f}\xa1\x05+\xca\xc1/\x0fl\xc0\xe9]\x03<\xb6\x00_\xff\xe0\x1f\x87|G\"\x8e\xe6\x1a\xe2\xd3\x1b\x059\"\x18\t\xeb\xaeL\x0e3\x1a\xe2Rz\xc2\xd0\xdc\xach\xceV\b\xc4h\xb2;\xa9\xc4\x14?fi\xf8\"|d2>\xc6\x02\xee\xfb\x88\xac\x9f\x02\xee\xcdZ\x1e\xae\xfd\xdd]\xa2Uk\xaf\'\x90\xd0K\x0e\xcf\x8b\x94', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) 16:34:21 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x7) ioctl$void(r0, 0x5450) 16:34:21 executing program 2: r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 16:34:21 executing program 1: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000180)='ns/cgroup\x00') 16:34:21 executing program 5: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0xa4200, 0x0) 16:34:21 executing program 0: openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/relo/attr/exe_\x00', 0x2, 0x0) [ 139.139000] SELinux: policydb version -1685777289 does not match my version range 15-31 [ 139.158788] SELinux: failed to load policy 16:34:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000300)="11dca50d5e0bcfe47bf070") r1 = socket(0x1e, 0x5, 0x0) bind(r1, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000400000009a979f321b30c7bc8790405c7bad62e0a430200000000000000fb8f8401a3ff59829a70a0c5216669ca021f6f65dcf160e7e58f428c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b985ed5305cb184a00"}, 0x80) r2 = socket(0x1e, 0x5, 0x0) dup3(r2, r1, 0x0) 16:34:22 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0xffffffffffffff54, 0x200007ff, &(0x7f0000000400)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xf400}], 0x1}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 16:34:22 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x16c, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0xffffffffffffff54, 0x200007ff, &(0x7f0000000400)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xf400}], 0x1}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 16:34:22 executing program 4: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec\x00', 0x2, 0x0) write$binfmt_misc(r0, 0x0, 0xff2f) 16:34:22 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000008640)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{&(0x7f0000001300)={0x2, 0x4e24, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000001540)=[@ip_tos_u8={{0x11}}], 0x18}}], 0x2, 0x0) 16:34:22 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f0000000080)) 16:34:22 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x4000000028, 0x0, 0x0, 0x7fffffff}, {0x80000006}]}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f00000001c0)) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 16:34:22 executing program 5: pipe(0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r1, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup2(r2, r1) write$vhci(0xffffffffffffffff, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f00000000c0)={'\xff\x00\x00\xa8\xa0\x00\x01\x00', @ifru_addrs=@ethernet={0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}}) stat(&(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)) dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$getown(0xffffffffffffffff, 0x9) 16:34:22 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair$unix(0x1, 0x80003, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) close(r2) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffff9c}, 0x3c) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r5) setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f0000000180), 0x127) sendmsg$tipc(r6, &(0x7f0000000000)={&(0x7f0000000040), 0x10, 0x0}, 0x0) 16:34:22 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x7) connect$inet6(r0, &(0x7f0000000040), 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x351, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) recvmmsg(r0, &(0x7f0000006a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) [ 139.590375] protocol 88fb is buggy, dev hsr_slave_0 [ 139.596092] protocol 88fb is buggy, dev hsr_slave_1 16:34:22 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair$unix(0x1, 0x80003, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) close(r2) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffff9c}, 0x3c) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r5) setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f0000000180), 0x127) sendmsg$tipc(r6, &(0x7f0000000000)={&(0x7f0000000040), 0x10, 0x0}, 0x0) 16:34:22 executing program 5: pipe(0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r1, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup2(r2, r1) write$vhci(0xffffffffffffffff, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f00000000c0)={'\xff\x00\x00\xa8\xa0\x00\x01\x00', @ifru_addrs=@ethernet={0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}}) stat(&(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)) dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$getown(0xffffffffffffffff, 0x9) 16:34:22 executing program 0: pipe(0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r1, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup2(r2, r1) write$vhci(0xffffffffffffffff, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f00000000c0)={'\xff\x00\x00\xa8\xa0\x00\x01\x00', @ifru_addrs=@ethernet={0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}}) stat(&(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)) dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$getown(0xffffffffffffffff, 0x9) 16:34:22 executing program 2: epoll_create1(0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) epoll_create1(0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) prctl$PR_SET_SECUREBITS(0x1c, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) chroot(0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x4000082) write$nbd(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="6744439801000000000002000200000065f1000000cb7a63d1a98c0f479a4787cfcb7384b804d8d57a7e892eac4023b714a3202fd9f16d060a35efd21affe230601687a784fa847ae2650b000000000000000000000000938a9874a26c8d154cd955f3ce259cf6bec29e748b714b99231c35952d57b23aca100681f3e781abd4be31f29fca20700ffea097c4702df3a1ded760031253ed06d00443e6db53f8823c05bac7007e982aceef0afba16216d66db1557f3af6b99d2b03e3b3d7a14a7988df136253907835a281fe98e4b44c55a0280b6dc937b5fd18c5b4b4cb018cd01d79a28a960b04f74fb317b3457acaaaa063077e6587707b96da8544f91c35bdbb9f7872bb3e01c9f8ff7d1e320000000000000000004c32854e54a0b0740777641ac27d2431f4b0a376a8b79cc8356b57eb7f40ba5fefd5153ca9fa89d9958bde1230b8b5fec4467d"], 0x4d) sendfile(r1, r1, &(0x7f0000000200), 0xa198) ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x0) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) r2 = syz_open_procfs(0x0, 0x0) preadv(r2, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r4, r3, 0x0) 16:34:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x0, 0x0) 16:34:22 executing program 0: socket$inet_tcp(0x2, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f000047b000), 0x1c) ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x3, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 16:34:22 executing program 3: socket$inet_tcp(0x2, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x3, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000140)={0x1bb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 16:34:22 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x4000000028, 0x0, 0x0, 0x7fffffff}, {0x80000006}]}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f00000001c0)) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 16:34:22 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0xc05c6104, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(0xffffffffffffffff, 0xc0385720, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f00000000c0)={{0x9}, 0x0, 0x0, 0x0, {}, 0x2, 0x6}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000340)={0x0, 0xffffffff, 0x4000, 'queue0\x00'}) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000280)={0x7, 0x47, 0x2}, 0x7) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000040)={'TPROXY\x00'}, &(0x7f0000000080)=0x1e) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x3, 0x2) splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3) preadv(r3, &(0x7f00000018c0)=[{&(0x7f0000000040)}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/158, 0x9e}, {&(0x7f0000001600)=""/233, 0xe9}, {&(0x7f0000000400)=""/80, 0x50}, {&(0x7f00000017c0)=""/219, 0xdb}], 0x6, 0x0) accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000300)) 16:34:23 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x4000000028, 0x0, 0x0, 0x7fffffff}, {0x80000006}]}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f00007e6000)={@multicast2, @loopback}, 0xc) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) [ 140.550172] protocol 88fb is buggy, dev hsr_slave_0 [ 140.556309] protocol 88fb is buggy, dev hsr_slave_1 [ 140.562042] protocol 88fb is buggy, dev hsr_slave_0 [ 140.567711] protocol 88fb is buggy, dev hsr_slave_1 [ 140.630245] protocol 88fb is buggy, dev hsr_slave_0 [ 140.636165] protocol 88fb is buggy, dev hsr_slave_1 [ 140.640153] protocol 88fb is buggy, dev hsr_slave_0 [ 140.660716] protocol 88fb is buggy, dev hsr_slave_1 16:34:23 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) socket$inet6(0xa, 0x80002, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) ftruncate(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000080)={0x2}, 0x4) socket$kcm(0x2b, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x200004) ioctl$KVM_ARM_SET_DEVICE_ADDR(0xffffffffffffffff, 0x4010aeab, &(0x7f00000000c0)={0x100, 0x3000}) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0x1da9, 0x4) sendto$inet(r1, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef622b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae557511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac0000004c0000", 0x6ae4, 0x4000002, 0x0, 0x25) socket$nl_xfrm(0x10, 0x3, 0x6) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(0xffffffffffffffff, 0x6) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 16:34:23 executing program 0: socket$inet_tcp(0x2, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f000047b000), 0x1c) ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x3, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 16:34:23 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0xc05c6104, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(0xffffffffffffffff, 0xc0385720, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f00000000c0)={{0x9}, 0x0, 0x0, 0x0, {}, 0x2, 0x6}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000340)={0x0, 0xffffffff, 0x4000, 'queue0\x00'}) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000280)={0x7, 0x47, 0x2}, 0x7) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000040)={'TPROXY\x00'}, &(0x7f0000000080)=0x1e) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x3, 0x2) splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3) preadv(r3, &(0x7f00000018c0)=[{&(0x7f0000000040)}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/158, 0x9e}, {&(0x7f0000001600)=""/233, 0xe9}, {&(0x7f0000000400)=""/80, 0x50}, {&(0x7f00000017c0)=""/219, 0xdb}], 0x6, 0x0) accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000300)) 16:34:23 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r1 = memfd_create(&(0x7f0000000200)='queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0xc05c6104, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(0xffffffffffffffff, 0xc0385720, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f00000000c0)={{0x9}, 0x0, 0x0, 0x0, {}, 0x2, 0x6}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000340)={0x0, 0xffffffff, 0x4000, 'queue0\x00'}) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000280)={0x7, 0x47, 0x2}, 0x7) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000040)={'TPROXY\x00'}, &(0x7f0000000080)=0x1e) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x3, 0x2) splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3) preadv(r3, &(0x7f00000018c0)=[{&(0x7f0000000040)}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/158, 0x9e}, {&(0x7f0000001600)=""/233, 0xe9}, {&(0x7f0000000400)=""/80, 0x50}, {&(0x7f00000017c0)=""/219, 0xdb}], 0x6, 0x0) accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000300)) 16:34:24 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x4000000028, 0x0, 0x0, 0x7fffffff}, {0x80000006}]}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f00000001c0)) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) [ 141.702005] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 141.711551] IP: kthread_stop+0x4c/0x650 [ 141.715834] PGD 8fc4f067 P4D 8fc4f067 PUD 84816067 PMD 0 [ 141.721833] Oops: 0002 [#1] PREEMPT SMP KASAN [ 141.727041] Modules linked in: [ 141.730438] CPU: 0 PID: 7583 Comm: syz-executor.1 Not tainted 4.14.146 #0 [ 141.737724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.749087] task: ffff88805a654440 task.stack: ffff88805a548000 [ 141.756066] RIP: 0010:kthread_stop+0x4c/0x650 [ 141.761275] RSP: 0018:ffff88805a54fb50 EFLAGS: 00010297 [ 141.767013] RAX: ffff88805a654440 RBX: 0000000000000000 RCX: 0000000000000000 [ 141.775476] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000282 [ 141.783306] RBP: ffff88805a54fb70 R08: ffff88805a654440 R09: 0000000000000000 [ 141.791104] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 141.800189] R13: ffff888084af1cb0 R14: ffff888084af1ca8 R15: ffffffff89bbfda0 [ 141.810405] FS: 00005555570b9940(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 141.819238] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.826762] CR2: 0000000000000020 CR3: 0000000092db2000 CR4: 00000000001406f0 [ 141.835903] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 141.843470] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 141.851284] Call Trace: [ 141.853992] vivid_stop_generating_vid_cap+0x1b9/0x664 [ 141.859590] vid_cap_stop_streaming+0x7c/0xd0 [ 141.864627] ? vid_cap_buf_queue+0x230/0x230 [ 141.869245] __vb2_queue_cancel+0xa3/0x890 [ 141.873686] ? lock_downgrade+0x6e0/0x6e0 [ 141.878117] vb2_core_streamoff+0x52/0x110 [ 141.882936] __vb2_cleanup_fileio+0x78/0x150 [ 141.887842] vb2_core_queue_release+0x1d/0x80 [ 141.892611] _vb2_fop_release+0x1cf/0x2a0 [ 141.896929] vb2_fop_release+0x75/0xc0 [ 141.901629] vivid_fop_release+0x180/0x3f0 [ 141.906151] ? vivid_remove+0x3d0/0x3d0 [ 141.910506] ? dev_debug_store+0xe0/0xe0 [ 141.914908] v4l2_release+0xf9/0x190 [ 141.918684] __fput+0x275/0x7a0 [ 141.922023] ____fput+0x16/0x20 [ 141.925724] task_work_run+0x114/0x190 [ 141.929985] exit_to_usermode_loop+0x1da/0x220 [ 141.935033] do_syscall_64+0x4bc/0x640 [ 141.939508] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 141.944694] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 141.950143] RIP: 0033:0x413711 [ 141.953320] RSP: 002b:00007fff8327d910 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 141.961365] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413711 [ 141.969356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 141.977196] RBP: 0000000000000001 R08: ffffffff8129397f R09: 00000000c904b60b [ 141.984667] R10: 00007fff8327d9f0 R11: 0000000000000293 R12: 000000000075c9a0 [ 141.992954] R13: 000000000075c9a0 R14: 00000000007628a0 R15: 000000000075bfd4 [ 142.001389] ? sync_global_pgds+0x5f/0x400 [ 142.005752] Code: 00 65 8b 1d 67 59 c3 7e 83 fb 3f 0f 87 5e 04 00 00 e8 19 bb 1e 00 89 db 48 0f a3 1d ff 24 e7 06 0f 82 47 03 00 00 e8 04 bb 1e 00 41 ff 44 24 20 49 8d 7c 24 24 48 b8 00 00 00 00 00 fc ff df [ 142.027599] RIP: kthread_stop+0x4c/0x650 RSP: ffff88805a54fb50 [ 142.034065] CR2: 0000000000000020 [ 142.041269] kobject: 'loop3' (ffff8880a4a8a920): kobject_uevent_env 16:34:24 executing program 3: socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) open$dir(0x0, 0x0, 0x82) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x24e23, @local}, 0x10) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x106) recvfrom$inet(r1, &(0x7f0000000000)=""/170, 0xaa, 0x0, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f00000000c0)=ANY=[@ANYRES64], 0xc63b9e35) 16:34:24 executing program 0: socket$inet_tcp(0x2, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f000047b000), 0x1c) ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x3, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 142.049165] kobject: 'loop3' (ffff8880a4a8a920): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 142.068862] ---[ end trace b6ad8f722bfc504c ]--- [ 142.074278] Kernel panic - not syncing: Fatal exception [ 142.081992] Kernel Offset: disabled [ 142.086456] Rebooting in 86400 seconds..