Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.111993] audit: type=1800 audit(1568572966.010:33): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 37.140101] audit: type=1800 audit(1568572966.010:34): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.673358] audit: type=1400 audit(1568572969.570:35): avc: denied { map } for pid=7380 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts. 2019/09/15 18:42:56 fuzzer started [ 47.222058] audit: type=1400 audit(1568572976.120:36): avc: denied { map } for pid=7390 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/09/15 18:42:57 dialing manager at 10.128.0.105:41983 2019/09/15 18:42:57 syscalls: 2482 2019/09/15 18:42:57 code coverage: enabled 2019/09/15 18:42:57 comparison tracing: enabled 2019/09/15 18:42:57 extra coverage: extra coverage is not supported by the kernel 2019/09/15 18:42:57 setuid sandbox: enabled 2019/09/15 18:42:57 namespace sandbox: enabled 2019/09/15 18:42:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/15 18:42:57 fault injection: enabled 2019/09/15 18:42:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/15 18:42:57 net packet injection: enabled 2019/09/15 18:42:57 net device setup: enabled 18:45:27 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r1, 0x4) accept(r1, 0x0, 0x0) tkill(r0, 0x15) [ 198.121626] audit: type=1400 audit(1568573127.020:37): avc: denied { map } for pid=7407 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1108 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 198.233995] IPVS: ftp: loaded support on port[0] = 21 18:45:27 executing program 1: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) [ 198.341435] chnl_net:caif_netlink_parms(): no params data found [ 198.396569] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.403824] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.412365] device bridge_slave_0 entered promiscuous mode [ 198.420491] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.426904] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.445012] device bridge_slave_1 entered promiscuous mode [ 198.467284] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.477894] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.500359] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 198.503005] IPVS: ftp: loaded support on port[0] = 21 [ 198.508000] team0: Port device team_slave_0 added [ 198.519145] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 198.526811] team0: Port device team_slave_1 added [ 198.533518] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.543102] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 18:45:27 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) recvmmsg(r1, &(0x7f0000001f40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r0, 0x15) [ 198.623068] device hsr_slave_0 entered promiscuous mode [ 198.660073] device hsr_slave_1 entered promiscuous mode [ 198.701242] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 198.708243] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 198.724522] IPVS: ftp: loaded support on port[0] = 21 18:45:27 executing program 3: creat(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0xfffffffffffffca8, 0x20000802, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) shutdown(r0, 0x1) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x0, 0x0) fcntl$getown(r3, 0x9) setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000140)={0x2211}, 0xfffffffffffffe7a) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 201.212045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.219156] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 201.226868] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 201.236804] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 201.244905] team0: Port device team_slave_1 added [ 201.250319] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.270666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.286527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 201.303077] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.317057] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.336534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.344687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.352637] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.358973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.372387] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 201.388086] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.397923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.405981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.412991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.462664] device hsr_slave_0 entered promiscuous mode [ 201.500118] device hsr_slave_1 entered promiscuous mode 18:45:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000100)={{0x3, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 'id0\x00', 'timer0\x00'}) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') preadv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/34, 0x22}, {&(0x7f0000000080)=""/3, 0x3}], 0x2, 0x0) [ 201.540430] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 201.547590] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 201.572886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 201.594056] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 201.610605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.631567] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 201.646369] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 201.653059] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.661400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.670754] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 201.679399] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 201.689662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.697650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.705622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.713730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.721644] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.727988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.735096] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.742344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.756297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.765945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 201.775059] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 18:45:30 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dcc20d5e0bcfe47bf070") ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, &(0x7f00000001c0)={{0x81, 0x8}}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0xe42, 0x0) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$inet_mreq(r3, 0x0, 0x24, &(0x7f0000000100)={@remote, @local}, 0x8) write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000140)={0xfffffffffffffd05, 0xffffff80}, 0x38c) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000080)={0x1f, 0x1000, 0x61d2}, 0xc) r5 = fcntl$dupfd(r4, 0x0, r4) bind$bt_rfcomm(r5, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r5, 0x404c534a, &(0x7f0000000240)={0x48b, 0x2, 0x3}) [ 201.808885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.827805] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.845393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.853013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.860740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.868423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.876351] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.882709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.891729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 201.901243] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.909489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 201.920556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.928109] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.935908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.945067] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 201.951517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.960508] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.969005] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 201.975429] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.994271] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.004089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.011415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.018291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.029166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.043248] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 202.052989] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 202.062149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 202.069383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.081420] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.088927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.097142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.104869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.112862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.120518] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.126853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.133819] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.142501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.153878] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 202.163956] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 202.174305] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 202.185524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.193902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.201932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.209259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.217136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.224894] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.231268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.240333] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 202.248870] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 202.255187] 8021q: adding VLAN 0 to HW filter on device team0 18:45:31 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x7, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x1f4, 0x0, 0x0) [ 202.267609] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 202.277964] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 202.296262] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 202.306503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.318618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.326435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.336473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 202.345946] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 202.358824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.365945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.375745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.383638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.391129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.399919] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.409556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 202.419734] hrtimer: interrupt took 45171 ns [ 202.422500] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 202.431343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.448281] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 202.458755] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 18:45:31 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x669, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000, 0x0, @perf_config_ext, 0xb33aff3aacd372e0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$RTC_AIE_ON(r2, 0x7001) [ 202.466732] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.477678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.486001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.496413] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.504684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.524430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.535278] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.541697] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.551397] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 202.562002] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 202.575912] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 202.591355] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 202.598913] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.606637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.614591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.622949] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.630917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.638297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.646134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.654011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.661821] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.668159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.677456] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 202.706353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.719274] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready 18:45:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f00000004c0)) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) munlock(&(0x7f0000704000/0x1000)=nil, 0x1000) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) ioctl$RTC_WIE_ON(r1, 0x700f) munlockall() getuid() openat$pfkey(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/net/pfkey\x00', 0x410000, 0x0) syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, 0x0) [ 202.737527] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 202.757773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.767282] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.776989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 18:45:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000a004, 0x0, &(0x7f0000000180), 0x0, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000080)={0x400}, 0x8) readahead(r0, 0x8, 0x4) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x2, 0x30) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x7fff, 0x3, 0xfffffffffffffffc}) fchdir(r1) r3 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000000), 0x171) symlinkat(&(0x7f0000000000)='./file0\x00', r5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$msdos(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="ffff643dacaf847209e8cc049f3cf252658ec53f408be117aaf385cb858f95b5add2def45b61373112e2f76bd362bb3a34339918", @ANYRESHEX=0x0, @ANYBLOB="2c756d61736b3d30303030303030303030303016303030303030303030302c6f624289bba87d56226d42af6a5f747970653d7468726561646564a02c6f626a5f747970653d2d6e6f6465765d2b656d315b2fc8242d6b65797203000000726f6365746830656d3073656c696e7578766d6e6574302f3b6e"]) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) write(r3, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r3, 0xffffffffffffffff, 0x0, 0x7fffffff) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x2) r6 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000900), 0xfffffcec) sendfile(r6, r3, 0x0, 0xffffffff) [ 202.787322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.819666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.844239] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.844480] FAT-fs (loop1): bogus number of reserved sectors [ 202.850654] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.865387] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 202.880467] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 18:45:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$key(0xf, 0x3, 0x2) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000540)='/proc/self/net/pfkey\x00', 0x0, 0x0) truncate(&(0x7f0000000000)='./file0\x00', 0xfffffffffffffff7) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000440)}, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x8) preadv(r0, &(0x7f00000017c0), 0x2cb, 0x400000000000) [ 202.896752] audit: type=1800 audit(1568573131.790:39): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16524 res=0 [ 202.898466] FAT-fs (loop1): Can't find a valid FAT filesystem [ 202.928178] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.964357] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 202.987485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.010821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.062526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.071987] FAT-fs (loop1): bogus number of reserved sectors [ 203.078132] FAT-fs (loop1): Can't find a valid FAT filesystem [ 203.085060] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.093580] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.099994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.111201] audit: type=1804 audit(1568573132.010:40): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir511284509/syzkaller.liXT2C/1/file0/file0" dev="sda1" ino=16524 res=1 [ 203.113310] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 203.152763] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.160092] audit: type=1804 audit(1568573132.050:41): pid=7486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir511284509/syzkaller.liXT2C/1/file0/file0" dev="sda1" ino=16524 res=1 [ 203.193397] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 203.200136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.216311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.264553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.294832] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.308121] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 203.325133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.350415] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.360876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 203.375921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.385880] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 203.393262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.401412] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.408986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.416876] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.425595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.434505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.442085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.449523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.457329] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.467648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.477990] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 203.486974] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 203.509181] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.527248] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 203.535556] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.549930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.557520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.567527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.578942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.595009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 203.618679] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 203.633548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.643550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.654176] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 203.660626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.675097] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.711944] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 203.744841] 8021q: adding VLAN 0 to HW filter on device batadv0 18:45:33 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.mem_exclusive\x00', 0x2, 0x0) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f0000000100)={0x6394, {{0xa, 0x4e24, 0x0, @mcast1, 0x5}}}, 0x88) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r3, 0x2, &(0x7f00000001c0)=""/128) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') getsockopt$SO_COOKIE(r4, 0x1, 0x39, &(0x7f0000000280), &(0x7f00000002c0)=0x8) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$inet_sctp6_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f0000000240)={0xfffffffffffffffe, 0x7f, 0x7fff, 0xc8c}, 0x8) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') getsockname$inet(r6, &(0x7f0000000300)={0x2, 0x0, @local}, &(0x7f0000000380)=0x10) write$cgroup_int(r1, &(0x7f00000003c0)=0xffffffffffffef62, 0x6c) 18:45:33 executing program 1: syz_genetlink_get_family_id$tipc2(&(0x7f0000000640)='TIPCv2\x00') r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000780)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000500), 0xc, 0x0, 0x0, 0x0, 0x1b3}, 0x0) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000900)=ANY=[@ANYRES32]) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYBLOB], 0x2}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 18:45:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = fcntl$dupfd(r2, 0x0, r2) bind$bt_rfcomm(r3, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000015000/0x1000)=nil}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x80181}) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r4, 0x80045300, &(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 18:45:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = accept4(0xffffffffffffffff, &(0x7f00000002c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, &(0x7f0000000140)=0x80, 0x1000) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x211014}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x40, r2, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x9}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x11}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x40}}, 0xc0) r3 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x1) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c000100766574680000598a180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x507, 0x0, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8}]}}]}, 0x38}}, 0x0) 18:45:33 executing program 2: epoll_create(0x2) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") mlock(&(0x7f00009ff000/0x600000)=nil, 0x600000) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) bind$bt_rfcomm(r2, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x10004, 0x0, 0x2002, 0x2000, &(0x7f0000a02000/0x2000)=nil}) 18:45:33 executing program 5: r0 = syz_open_dev$admmidi(&(0x7f00000015c0)='/dev/admmidi#\x00', 0x8, 0x8040) accept4$packet(r0, &(0x7f0000001480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000001700)={r1, 0x1, 0x6, @dev={[], 0x1f}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x2, 0x1, 0x1, 0xf1a, 0x0, 0xffffffffffffffff, 0x4, [], r1, 0xffffffffffffffff, 0x5}, 0x3c) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000c3715be14d128bdfd2e631edd78002de4bb0c8c43de9c4458e134a6d1b185be4eb00c0b1308cb05ff36b7f8a8afef3ab9adf46b6d92ed89e23041b16ea80f339d9f60dbeabdf282c29b7e244b3817d2060b549b253ba0fb8bdd007a856c37b98f4f0d8cb107d34ad51c0b825082b5efb50825b5bcc647a185f7d68ae69a99237dec704ea881fe05c06f8b352800000000000000000", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x71, &(0x7f0000000340)={r4}, &(0x7f0000000380)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={r4, 0xa8, &(0x7f0000000000)=[@in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e24, 0x9, @mcast1, 0x3f}, @in={0x2, 0x4e24, @remote}, @in={0x2, 0x4e22, @loopback}, @in6={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7fff}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x10}}, @in={0x2, 0x4e20, @broadcast}, @in={0x2, 0x4e24, @multicast2}]}, &(0x7f0000000100)=0x10) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCSIG(r0, 0x40045436, 0x25) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="01000000a9d2aca3", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x71, &(0x7f0000000340)={r8}, &(0x7f0000000380)=0x10) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={r8, 0x7c43}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000001c0)={r9, @in={{0x2, 0x4e24, @empty}}, 0x8, 0x55, 0x0, 0x3ff, 0x14}, 0x98) [ 204.127577] audit: type=1400 audit(1568573133.020:42): avc: denied { create } for pid=7518 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 204.161362] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 204.198600] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7527 comm=syz-executor.4 [ 204.215700] audit: type=1400 audit(1568573133.020:43): avc: denied { write } for pid=7518 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 18:45:33 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext={0x10001, 0x2}, 0x0, 0x0, 0x0, 0x0, 0xbe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00') sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)={0x20, r1, 0x21, 0x0, 0x0, {}, [{{0x8}, {0x4}}]}, 0x20}}, 0x0) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x400000, 0x0) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000140)={0x3}) 18:45:33 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x400000000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x82829c97686a4ed2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffdffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x80) ioctl$EVIOCGID(r4, 0x80084502, &(0x7f0000000100)=""/142) flistxattr(r4, &(0x7f00000001c0)=""/12, 0xc) write(r3, &(0x7f00000001c0), 0xfffffef3) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = fcntl$dupfd(r5, 0x0, r5) bind$bt_rfcomm(r6, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) ioctl$MON_IOCH_MFLUSH(r6, 0x9208, 0x3ec5) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 204.276259] audit: type=1400 audit(1568573133.020:44): avc: denied { read } for pid=7518 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 18:45:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/access\x00', 0x2, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xad030000], 0x0, 0x7, 0x2}) 18:45:33 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='un\x00', 0x0, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'nr0\x01\x00', 0xc01}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x20000, 0x1) write$eventfd(r3, &(0x7f00000000c0)=0x5, 0x8) ioctl$TUNSETPERSIST(r0, 0x400454dc, 0x719000) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, &(0x7f0000000100)=0x5, 0xfff, 0x4) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) r4 = getuid() getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@mcast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@remote}}, &(0x7f0000000340)=0xe8) mount$9p_virtio(&(0x7f0000000140)='nr0\x01\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x100000, &(0x7f0000000380)={'trans=virtio,', {[{@version_u='version=9p2000.u'}], [{@hash='hash'}, {@fsmagic={'fsmagic', 0x3d, 0x5}}, {@appraise='appraise'}, {@fsuuid={'fsuuid', 0x3d, {[0x67, 0x30, 0x64, 0x31, 0x38, 0xb2332610b44bedd3, 0x67, 0x30], 0x2d, [0x30, 0x62, 0x64, 0xf3], 0x2d, [0x62, 0x65], 0x2d, [0xa7cfce955153f784, 0x1, 0x61, 0xae], 0x2d, [0x5e, 0x62, 0x35, 0x0, 0x33, 0x36, 0x9c, 0x7f]}}}, {@uid_gt={'uid>', r4}}, {@permit_directio='permit_directio'}, {@fowner_eq={'fowner', 0x3d, r5}}, {@smackfsroot={'smackfsroot'}}, {@appraise_type='appraise_type=imasig'}, {@pcr={'pcr', 0x3d, 0x29}}]}}) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000040)) 18:45:33 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000015c0)='rdmi.current\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000200aaaaaa3127bb000000000000"]) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0x0, 0x100, 0x10}, 0xc) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)='.\x00\x00\x00>\x00', 0x6}], 0x1}, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000080)=0x82) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu\x00', 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8984413869d6e3ae, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="204086dd20"], 0xfdef) bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 204.437391] audit: type=1400 audit(1568573133.050:45): avc: denied { map_create } for pid=7517 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 18:45:33 executing program 2: socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') fcntl$setsig(r0, 0xa, 0x37) r1 = open(&(0x7f0000000080)='./file0\x00', 0x141042, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000100)=0x1ff) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) gettid() ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000100)) [ 204.711648] audit: type=1804 audit(1568573133.610:46): pid=7568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir879101130/syzkaller.J0k5sU/3/file0" dev="sda1" ino=16547 res=1 [ 204.713152] device nr0 entered promiscuous mode 18:45:33 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext={0x10001, 0x2}, 0x0, 0x0, 0x0, 0x0, 0xbe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00') sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)={0x20, r1, 0x21, 0x0, 0x0, {}, [{{0x8}, {0x4}}]}, 0x20}}, 0x0) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x400000, 0x0) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000140)={0x3}) [ 204.766572] audit: type=1400 audit(1568573133.650:47): avc: denied { prog_load } for pid=7560 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 204.819207] audit: type=1804 audit(1568573133.660:48): pid=7569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir879101130/syzkaller.J0k5sU/3/file0" dev="sda1" ino=16547 res=1 18:45:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newlink={0x5c, 0x10, 0xe3b, 0x70bd25, 0x0, {}, [@IFLA_IFALIASn, @IFLA_IFNAME={0x0, 0x3, 'veth0_to_team\x00'}, @IFLA_IFNAME={0x0, 0x3, 'netdevsim0\x00'}, @IFLA_EVENT={0x0, 0x2c, 0xfff}, @IFLA_VFINFO_LIST={0x0, 0x16, [{0x0, 0x1, [@IFLA_VF_VLAN={0x0, 0x2, {0x2, 0x51e, 0x80000000}}, @IFLA_VF_LINK_STATE={0x0, 0x5, {0x8000}}, @IFLA_VF_TX_RATE={0x0, 0x3, {0xf5, 0x80000001}}, @IFLA_VF_VLAN={0x0, 0x2, {0x1, 0x9c9, 0x4}}, @IFLA_VF_VLAN_LIST={0x0, 0xc, [{0x0, 0x1, {0x2, 0x54e, 0xfffffffffffffffb, 0xf12376d613c95e77}}, {0x0, 0x1, {0x101, 0xdca, 0xd6d, 0x8100}}]}, @IFLA_VF_RSS_QUERY_EN={0x0, 0x7, {0xffff, 0x2}}, @IFLA_VF_MAC={0x0, 0x1, {0x6, @dev={[], 0x26}}}, @IFLA_VF_TRUST={0x0, 0x9, {0x8, 0x4}}]}, {0x0, 0x1, [@IFLA_VF_TRUST={0x0, 0x9, {0xc8d6, 0x8}}, @IFLA_VF_RSS_QUERY_EN={0x0, 0x7, {0x8, 0x6}}, @IFLA_VF_SPOOFCHK={0x0, 0x4, {0x3, 0x415}}]}]}, @IFLA_LINK_NETNSID={0x0, 0x25, 0x3}, @IFLA_CARRIER_CHANGES={0x0, 0x23, 0x1}, @IFLA_LINKINFO={0x0, 0x12, @ip6gre={{0x0, 0x1, 'ip6gre\x00'}, {0x0, 0x2, [@IFLA_GRE_REMOTE={0x0, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4080042}, 0x1051) 18:45:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/access\x00', 0x2, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xad030000], 0x0, 0x7, 0x2}) 18:45:33 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000000), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x12fa88) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = fcntl$dupfd(r2, 0x0, r2) bind$bt_rfcomm(r3, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) r4 = getpid() tkill(r4, 0x9) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f00000002c0)={{0x6, 0x4, 0x75f, 0x6, '\x00', 0xffff}, 0x5, 0x10000000, 0x8, r4, 0x3, 0x5767, 'syz0\x00', &(0x7f0000000040)=['system-$[&](\x00', 'posix_acl_accesseth1\x00', 'cgroupkeyring-[%#(self!\x00'], 0x3a, [], [0x0, 0x2, 0x7, 0x5]}) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000180), 0x4) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) wait4(r1, 0x0, 0x60000002, 0x0) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') ioctl$sock_bt_bnep_BNEPGETCONNINFO(r5, 0x800442d3, &(0x7f0000000080)={0x7, 0x8f37, 0xbb8e, @broadcast, 'gre0\x00'}) 18:45:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/access\x00', 0x2, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xad030000], 0x0, 0x7, 0x2}) 18:45:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000040)=ANY=[@ANYBLOB="090000000000000001bdf589dc0000009200000000000000", @ANYPTR, @ANYBLOB="000000000000000002000000000000001a", @ANYBLOB="b0f57486f6b158256077a2f8a803404e00ad64e0f97b7c1a0c6b935efee57dd98b36e46dcbf540b49e19ef31405a93f002a3ee426dfffc0b3d55b35d4cbe4fc4a78950d83c1b0837ec8e0be854b240d9519882326614053e2140ba4da70e60bff1226327fed3855e0e3d414bb4fa40586d415d415067cbf661f7157082b1b8c3373d47bfb40bcf23dcaec6c9aef6cb2aca427ec41d75471b8768e45024d57805765f400d42", @ANYBLOB]) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000140), &(0x7f0000000180)=0x4) 18:45:34 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x400000000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x82829c97686a4ed2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffdffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x80) ioctl$EVIOCGID(r4, 0x80084502, &(0x7f0000000100)=""/142) flistxattr(r4, &(0x7f00000001c0)=""/12, 0xc) write(r3, &(0x7f00000001c0), 0xfffffef3) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = fcntl$dupfd(r5, 0x0, r5) bind$bt_rfcomm(r6, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) ioctl$MON_IOCH_MFLUSH(r6, 0x9208, 0x3ec5) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 18:45:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/access\x00', 0x2, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xad030000], 0x0, 0x7, 0x2}) 18:45:34 executing program 4: socket$unix(0x1, 0x2, 0x0) socketpair(0x2000000000000001, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8932, &(0x7f0000000340)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x23}, 0x8) r2 = socket$key(0xf, 0x3, 0x2) r3 = accept4$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local}, &(0x7f00000000c0)=0x1c, 0x800) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000100)) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="cf03c8000200e4a8d8795f63d2121a15"], 0x10}}, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = fcntl$dupfd(r4, 0x0, r4) syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x0, 0x2) bind$bt_rfcomm(r5, &(0x7f0000000000)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000002480)=ANY=[@ANYBLOB="05000000000000000450100000000000b200000000000000", @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/178], @ANYBLOB="00000000000000000050000000000000cb00000000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/203], @ANYBLOB="000000000000000001000000000000003600000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="00000000c839f20800000040000000019ea9476bff97aae1fa219c809f510000000800e7"], @ANYBLOB="000000000000000004000000000000000010000000000000", @ANYPTR=&(0x7f0000000480)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000100000000000010000000000000", @ANYPTR=&(0x7f0000001480)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']) 18:45:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@empty, @in6=@ipv4={[], [], @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000200)=0xe8) syz_mount_image$xfs(&(0x7f0000000080)='xfs\x00', &(0x7f00000000c0)='./file0\x00', 0x9, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000100)="2d9fb5857d43e38b6c42afef63272fa172607b46e182e5a0dc9779fd135bc0d2cbde912c673f1a3dbda7cb0e8dbafe5b4def5bc04bedd6e2eb8a297a73d3d47ebcec7a893fb8269fa71ad958989b43f60f3dd9058a8bf7535ea59edb2efa150ac1fd6b217a016a5ed4926930f4f71d5bb9e83e8aca61d4ee7553a04c9acdf306fd9b326c8b5f4ea7269c5b8107c0", 0x8e, 0x8}, {&(0x7f00000002c0)="c15635914360244842225108d084456c7ad569d8446c9e81d5b6991225b68a979187658eeecc31be86e4de886d929f969f0e7eff79cd0cd7588c89b6fcecf3a8dc3d23b9ab54795ddb6ea7657f978a2d53cb9ef7b769ffdb5df3641636834cbcc05d7f3211c79f2f1860d424c00bf23515cea74e0b9b758eaf70a95f64374e945e394eb4fa3738ebaa1fcebdb30e72bc31a87bc0a57b4f0ea137e3519ba393822a0d831200ebbe6c293dfd3a8cf31852c679231a29fee29f46a03d81bdb20339013f792a99c201d8cd4a1c95a8b914845ade73cd", 0xd4, 0x4}], 0x2000, &(0x7f0000000640)={[{@discard='discard'}, {@logdev={'logdev', 0x3d, './file0'}}, {@noikeep='noikeep'}, {@gqnoenforce='gqnoenforce'}, {@allocsize={'allocsize', 0x3d, [0x0, 0x37, 0x65, 0x34, 0x31, 0x32, 0x0, 0x49]}}, {@sunit={'sunit', 0x3d, 0x100}}, {@dax='dax'}, {@pquota='pquota'}, {@logbsize={'logbsize', 0x3d, [0x78]}}, {@gqnoenforce='gqnoenforce'}], [{@euid_lt={'euid<', r2}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@subj_type={'subj_type', 0x3d, 'userwlan1vmnet0-vmnet1\x16@!'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'wp384\x00'}}]}) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp384\x00'}, 0x58) r3 = accept4$alg(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000008240)=[{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000280)="e88f7b80b4b81c348d0ea33ea1a8060e7080", 0x12}, {&(0x7f0000000480)="86c5931386b72dc84bfe11bad91d1f11626b58dba25e9f579929476dccf36723afc7513e6a5637b23d8caca401e194224747cdd971cbd4dbc57d4ce93d5a905ff458b3ced14bce5980935125b9e43c87197f21d8eb48481e9464973b3bdf38fc78039847a383cf1c3654941923d27a94d472eaeae4d132ab847018a0d82ea26b79ce5cc738ba398d1dc0a2c6e72b776b", 0x90}], 0x2}], 0xa, 0x0) [ 310.739727] rcu: INFO: rcu_preempt self-detected stall on CPU [ 310.745806] rcu: 1-....: (1 GPs behind) idle=596/1/0x4000000000000004 softirq=11935/11937 fqs=5250 [ 310.755249] rcu: (t=10502 jiffies g=6725 q=1253) [ 310.760188] NMI backtrace for cpu 1 [ 310.763807] CPU: 1 PID: 7411 Comm: syz-executor.1 Not tainted 4.19.72 #0 [ 310.770625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.779963] Call Trace: [ 310.782527] [ 310.784745] dump_stack+0x172/0x1f0 [ 310.788379] nmi_cpu_backtrace.cold+0x63/0xa4 [ 310.792908] ? lapic_can_unplug_cpu.cold+0x45/0x45 [ 310.797827] nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 [ 310.803092] arch_trigger_cpumask_backtrace+0x14/0x20 [ 310.808307] rcu_dump_cpu_stacks+0x189/0x1d5 [ 310.812707] rcu_check_callbacks.cold+0x5e3/0xd90 [ 310.817553] ? trace_hardirqs_off+0x62/0x220 [ 310.821972] update_process_times+0x32/0x80 [ 310.826295] tick_sched_handle+0xa2/0x190 [ 310.830430] tick_sched_timer+0x47/0x130 [ 310.834480] __hrtimer_run_queues+0x33b/0xdc0 [ 310.838961] ? tick_sched_do_timer+0x1b0/0x1b0 [ 310.843531] ? hrtimer_fixup_activate+0x30/0x30 [ 310.848205] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 310.853207] ? ktime_get_update_offsets_now+0x2d3/0x440 [ 310.858560] hrtimer_interrupt+0x314/0x770 [ 310.862798] smp_apic_timer_interrupt+0x111/0x550 [ 310.867640] apic_timer_interrupt+0xf/0x20 [ 310.871908] RIP: 0010:hhf_dequeue+0x5cc/0xa00 [ 310.876391] Code: 89 73 10 e8 56 47 97 fd 31 ff 41 89 c6 89 c6 e8 ea d9 dc fb 45 84 f6 74 63 e8 a0 d8 dc fb 48 89 d8 48 c1 e8 03 42 80 3c 20 00 <0f> 85 e6 03 00 00 48 8d 7b 08 4c 8b 3b 48 89 fa 48 c1 ea 03 42 80 [ 310.895273] RSP: 0018:ffff8880ae907548 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 310.902968] RAX: 1ffff11014aa3e97 RBX: ffff8880a551f4b8 RCX: ffffffff858e7de6 [ 310.910231] RDX: 0000000000000100 RSI: ffffffff858e7df0 RDI: 0000000000000001 [ 310.917484] RBP: ffff8880ae907598 R08: ffff888082a36580 R09: 0000000000000007 [ 310.924737] R10: ffff888082a36f18 R11: 0000000041d196ec R12: dffffc0000000000 [ 310.931992] R13: ffff8880a551f200 R14: 0000000000000001 R15: 0000000000000000 [ 310.939253] ? apic_timer_interrupt+0xa/0x20 [ 310.943652] ? hhf_dequeue+0x5b6/0xa00 [ 310.947612] ? hhf_dequeue+0x5c0/0xa00 [ 310.951486] ? hhf_dequeue+0x5c0/0xa00 [ 310.955407] __qdisc_run+0x1e7/0x1960 [ 310.959241] __dev_queue_xmit+0x165c/0x2fe0 [ 310.963564] ? mark_held_locks+0xb1/0x100 [ 310.967703] ? netdev_pick_tx+0x300/0x300 [ 310.971855] ? __neigh_create+0x121c/0x1cc0 [ 310.976198] ? __local_bh_enable_ip+0x15a/0x270 [ 310.980860] ? _raw_write_unlock_bh+0x31/0x40 [ 310.985338] ? __neigh_create+0xbb7/0x1cc0 [ 310.989565] dev_queue_xmit+0x18/0x20 [ 310.993349] ? dev_queue_xmit+0x18/0x20 [ 310.997317] neigh_direct_output+0x16/0x20 [ 311.001590] ip6_finish_output2+0xb7f/0x2550 [ 311.005989] ? ip6_forward_finish+0x4d0/0x4d0 [ 311.010484] ? lock_downgrade+0x810/0x810 [ 311.014636] ? kasan_check_read+0x11/0x20 [ 311.018779] ip6_finish_output+0x574/0xbe0 [ 311.023003] ? ip6_finish_output+0x574/0xbe0 [ 311.027399] ip6_output+0x235/0x7c0 [ 311.031013] ? ip6_finish_output+0xbe0/0xbe0 [ 311.035411] ? ip6_fragment+0x3770/0x3770 [ 311.039571] ndisc_send_skb+0xf3b/0x1460 [ 311.043624] ? nf_hook.constprop.0+0x560/0x560 [ 311.048197] ? memset+0x32/0x40 [ 311.051466] ndisc_send_rs+0x134/0x6d0 [ 311.055340] addrconf_rs_timer+0x30f/0x680 [ 311.059563] ? ipv6_get_lladdr+0x490/0x490 [ 311.063789] call_timer_fn+0x18d/0x720 [ 311.067664] ? ipv6_get_lladdr+0x490/0x490 [ 311.071883] ? process_timeout+0x40/0x40 [ 311.075927] ? run_timer_softirq+0x647/0x1700 [ 311.080409] ? trace_hardirqs_on+0x67/0x220 [ 311.084715] ? kasan_check_read+0x11/0x20 [ 311.088852] ? ipv6_get_lladdr+0x490/0x490 [ 311.093072] run_timer_softirq+0x652/0x1700 [ 311.097384] ? add_timer+0xbe0/0xbe0 [ 311.101127] ? __lock_is_held+0xb6/0x140 [ 311.105182] __do_softirq+0x25c/0x921 [ 311.108968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 311.114488] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 311.120020] irq_exit+0x180/0x1d0 [ 311.123458] smp_apic_timer_interrupt+0x13b/0x550 [ 311.128299] apic_timer_interrupt+0xf/0x20 [ 311.132514] [ 311.134735] RIP: 0010:lock_acquire+0x1ea/0x3f0 [ 311.139304] Code: 7c 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 c4 01 00 00 48 83 3d 0a b3 1f 07 00 0f 84 38 01 00 00 48 8b 7d c8 57 9d <0f> 1f 44 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 65 8b [ 311.158187] RSP: 0018:ffff88808574fc28 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 311.165891] RAX: 1ffffffff10e48c1 RBX: ffff888082a36580 RCX: 0000000033507838 [ 311.173145] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000282 [ 311.180397] RBP: ffff88808574fc70 R08: 0000000000000000 R09: 0000000000000001 [ 311.187650] R10: ffff888082a36e28 R11: 0000000064081dcd R12: ffffffff8879f320 [ 311.194904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 311.202223] netlink_has_listeners+0x9d/0x3d0 [ 311.206704] ? netlink_has_listeners+0x6e/0x3d0 [ 311.211399] ? release_sock+0x156/0x1c0 [ 311.215365] __sk_free+0x1fb/0x300 [ 311.218897] sk_free+0x42/0x50 [ 311.222097] tcp_close+0xbbd/0x10c0 [ 311.225729] ? ip_mc_drop_socket+0x20c/0x270 [ 311.230144] inet_release+0xff/0x1e0 [ 311.233867] __sock_release+0xce/0x2a0 [ 311.237742] ? __sock_release+0x2a0/0x2a0 [ 311.241885] sock_close+0x1b/0x30 [ 311.245358] __fput+0x2dd/0x8b0 [ 311.248627] ____fput+0x16/0x20 [ 311.251935] task_work_run+0x145/0x1c0 [ 311.255835] exit_to_usermode_loop+0x273/0x2c0 [ 311.260403] do_syscall_64+0x53d/0x620 [ 311.264281] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.269454] RIP: 0033:0x4135b0 [ 311.272633] Code: 01 f0 ff ff 0f 83 30 1b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 2c 66 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff [ 311.291517] RSP: 002b:00007ffc3efb1b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 311.299219] RAX: 0000000000000000 RBX: 00007ffc3efb1b70 RCX: 00000000004135b0 [ 311.306473] RDX: 00000000000000e0 RSI: 00007ffc3efb1f10 RDI: 0000000000000003 [ 311.313729] RBP: 0000000000714e80 R08: 0000000000006000 R09: 0000000000004000 [ 311.320981] R10: 00007ffc3efb1c70 R11: 0000000000000246 R12: 0000000000000003 [ 311.328249] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000714e80