[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 68.276419][ T27] audit: type=1800 audit(1576890612.796:25): pid=9195 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 68.296180][ T27] audit: type=1800 audit(1576890612.806:26): pid=9195 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 68.342988][ T27] audit: type=1800 audit(1576890612.806:27): pid=9195 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. 2019/12/21 01:10:23 fuzzer started 2019/12/21 01:10:25 dialing manager at 10.128.0.26:41433 2019/12/21 01:10:25 syscalls: 2705 2019/12/21 01:10:25 code coverage: enabled 2019/12/21 01:10:25 comparison tracing: enabled 2019/12/21 01:10:25 extra coverage: enabled 2019/12/21 01:10:25 setuid sandbox: enabled 2019/12/21 01:10:25 namespace sandbox: enabled 2019/12/21 01:10:25 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/21 01:10:25 fault injection: enabled 2019/12/21 01:10:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/21 01:10:25 net packet injection: enabled 2019/12/21 01:10:25 net device setup: enabled 2019/12/21 01:10:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/21 01:10:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 01:12:43 executing program 0: semget$private(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) write$FUSE_GETXATTR(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/packet\x00') 01:12:43 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") unshare(0x2a000400) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr="d838ed6e052b6211218092bbe1933bfd"}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x83, &(0x7f00000001c0)={r3}, 0x8) syzkaller login: [ 218.884960][ T9360] IPVS: ftp: loaded support on port[0] = 21 [ 219.094639][ T9360] chnl_net:caif_netlink_parms(): no params data found [ 219.118140][ T9363] IPVS: ftp: loaded support on port[0] = 21 01:12:43 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x36, 0x0, &(0x7f0000000200)="5c71f905cac413551b2ac06c86dd586452e0923f348d08fc8548ed9dec61459190b6f1400ab7250e3e16dd6e85620c298ed7749b9afa", 0x0, 0x4000}, 0x28) [ 219.191000][ T9360] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.200615][ T9360] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.208760][ T9360] device bridge_slave_0 entered promiscuous mode [ 219.234747][ T9360] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.243491][ T9360] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.251965][ T9360] device bridge_slave_1 entered promiscuous mode [ 219.304783][ T9360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.327547][ T9360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.394968][ T9360] team0: Port device team_slave_0 added [ 219.402082][ T9363] chnl_net:caif_netlink_parms(): no params data found [ 219.447555][ T9360] team0: Port device team_slave_1 added 01:12:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') getdents(r6, &(0x7f0000000000)=""/46, 0x15092e2a1832a052) write$ppp(r6, &(0x7f00000002c0)="03c2cc8c4f31b6753d4ec731c64945e0246542ab60f20678de1f60aadcfe86038cf01cab8c10bc3210758578bf31eeecfdbd03a8773136a4ebb22452c195a3df8b986a2b120238598748584f649ffe7dab4e48aff95cfa133be092ee2353f6ce4c8afb5a78ac864e9b6ae1f4e17e6bbce5df4317e42b27e467687d3e3e2878cb8795af3120e4ef05598ca335880611775b636aa885f37d049c4efdddc1b2730eef3a0616a6e8ece67db69eef73915a9efcb415d55138d769b01e313be76bd08382683f6405354943c224bcb5b8333e7b54b8", 0xd2) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfffffd93}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0xfffffffffffffffc}, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xc0, 0x1) getdents(0xffffffffffffffff, &(0x7f00000001c0)=""/121, 0x79) getdents(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003f00)=[{{&(0x7f0000000500)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/191, 0xbf}, {&(0x7f0000000640)=""/104, 0x68}, {&(0x7f0000000880)=""/200, 0x21}], 0x3}, 0x400}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f00000006c0)=""/220, 0xdc}, {&(0x7f0000000100)=""/12, 0xc}, {&(0x7f0000000480)=""/75, 0x4b}, {&(0x7f00000040c0)=""/4096, 0x1000}, {&(0x7f0000000a80)=""/224, 0xd0}], 0x5, &(0x7f0000000e00)=""/185, 0xb9}, 0x1}, {{&(0x7f0000000bc0)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f0000001040)=[{&(0x7f0000000ec0)=""/43, 0x2b}, {0x0}, {&(0x7f0000001000)}], 0x3, &(0x7f0000001080)=""/179, 0xb3}}, {{&(0x7f0000001140)=@can={0x1d, 0x0}, 0x80, &(0x7f0000001480)=[{0x0}, {&(0x7f0000001680)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/134, 0x86}], 0x3, &(0x7f00000014c0)=""/83, 0x53}, 0x6}, {{0x0, 0x0, &(0x7f0000001600)=[{0x0}, {&(0x7f0000002680)=""/221, 0xdd}, {&(0x7f0000002940)=""/4096, 0x1000}, {&(0x7f0000002780)=""/87, 0x57}], 0x4, &(0x7f000001d080)=""/102400, 0x19000}}, {{&(0x7f0000002840)=@tipc, 0x80, &(0x7f0000003e40)=[{&(0x7f00000003c0)=""/192, 0xc0}, {0x0}, {&(0x7f0000003b40)=""/223, 0xdf}, {&(0x7f0000003c40)=""/149, 0x95}, {&(0x7f0000003d00)=""/49, 0x31}, {&(0x7f0000003d40)=""/211, 0xd3}], 0x6}, 0x49}], 0x6, 0x40000000, &(0x7f0000004080)) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r8, 0x0, 0x27, &(0x7f00000002c0)={@multicast2, @loopback, r7}, 0xc) socketpair$unix(0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) [ 219.542461][ T9360] device hsr_slave_0 entered promiscuous mode [ 219.579733][ T9360] device hsr_slave_1 entered promiscuous mode [ 219.630023][ T9363] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.637239][ T9363] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.660484][ T9363] device bridge_slave_0 entered promiscuous mode [ 219.688680][ T9366] IPVS: ftp: loaded support on port[0] = 21 [ 219.712949][ T9363] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.720684][ T9363] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.728816][ T9363] device bridge_slave_1 entered promiscuous mode [ 219.778116][ T9368] IPVS: ftp: loaded support on port[0] = 21 [ 219.802227][ T9360] netdevsim netdevsim0 netdevsim0: renamed from eth0 01:12:44 executing program 4: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=ANY=[@ANYBLOB="02090000020000000061bf74643ebf80395a6bf20aa73dc38e1875673422335d125f739d7de461f3d52ee905e9f4d0c4a9482ac0c6c608858cb5d0fff720cd52833214ad64421b590b719093ec676200b7f81b559bd6773650416a24746108a7640ef8863b8735fd55248afa7ad9aea09e4d666fd0b87338282c809c2f3182ae2803064eafb87f565e420ef84c2b2e8bc328a778345f00c78e4292f9732d1f0af7f87fe42a1094b5ea0783a0d44a18a8d8066d808f10e8db2458d6d3a66497c6d4525626257cfb5daea35cc56c781dd8871f0a5ea808d58c52ebfc178ea22cdc6b338c0787a0d1de38c8a774732843eb517d9b4f3b58823c6266bffec1ac192a88a78a1a42f50573411a98fee12e5f944cc5ef4790605c7933b2b9c4a2bbfeee22a62b1326224d07a31b3a375e1e85e0f270d265849d37c18ad32436087b4bd429b2050aa869afbdf2e18f34e0d0baa1b9bd6129d2104a378b831b5970f8616403c527c761478650ff6088c136b98b5d44ef619745984cc76a34409b90cca6fa1ca888da1e12805894c163ad3aa25e1770a4f5d7d533fa3193489b3c270f9544958c81adcfa70e57a300000000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="020700000200000000000000000000001f9e61bd01c4609f5c2d4392553faa8f3040127683332f5eddb2025f3e70885d6a259406bc58865711b26acd041e4dccd4477c9d52c9b479ca95e4f655d6cbdbdd030000000000e2c5f951000009cb9ce5b71340440cac1eadb93def086f7bc8641de0993e1e81763a490220d191c7c81c76bc0100008000000000be0058cbede4dab0cd68e9ade41ffecabea82f21eb3fabe759967b2bbd1565162c6c9d02196c003aaabc61b3960700000000000100641b038030587a48bdfa0b80b55b4851da5df198e82294c14fe0127a118c956837c585785cdebac18a0dca000000000000000000000000ae448e113b3098aa2e4af1a59d8458dd9c450ffb04871435424e98c6f92e7c379e4b19e0a5144c07db14061bfe049a4538b09b2b7e57a6e45b9c9de85dc89729e63fd60510382cd4ee25df41afd2"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={0x2, 0x2, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 219.905034][ T9360] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 219.965843][ T9363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.991922][ T9363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.013181][ T9360] netdevsim netdevsim0 netdevsim2: renamed from eth2 01:12:44 executing program 5: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x80006, 0x0) write$uinput_user_dev(r0, &(0x7f0000000140)={'\ayz0\x05\xf0\x00\x00\x00\x80\xff\xff\xff\f\x00\x00\xfe\xff\xff\xff\x05\xff\xff\xff\x92\xc0\x00\x00\x05\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff]}, 0x45c) [ 220.082094][ T9360] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 220.187045][ T9370] IPVS: ftp: loaded support on port[0] = 21 [ 220.221736][ T9363] team0: Port device team_slave_0 added [ 220.245393][ T9363] team0: Port device team_slave_1 added [ 220.361510][ T9363] device hsr_slave_0 entered promiscuous mode [ 220.419979][ T9363] device hsr_slave_1 entered promiscuous mode [ 220.459517][ T9363] debugfs: Directory 'hsr0' with parent '/' already present! [ 220.501916][ T9373] IPVS: ftp: loaded support on port[0] = 21 [ 220.569523][ T9368] chnl_net:caif_netlink_parms(): no params data found [ 220.682872][ T9368] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.690422][ T9368] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.698067][ T9368] device bridge_slave_0 entered promiscuous mode [ 220.708208][ T9368] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.715786][ T9368] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.723642][ T9368] device bridge_slave_1 entered promiscuous mode [ 220.745099][ T9366] chnl_net:caif_netlink_parms(): no params data found [ 220.784761][ T9363] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 220.834563][ T9363] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 220.892248][ T9363] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 220.949735][ T9368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.964328][ T9368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.001183][ T9363] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 221.041779][ T9366] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.048920][ T9366] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.057083][ T9366] device bridge_slave_0 entered promiscuous mode [ 221.083081][ T9368] team0: Port device team_slave_0 added [ 221.107640][ T9366] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.115755][ T9366] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.124989][ T9366] device bridge_slave_1 entered promiscuous mode [ 221.139559][ T9368] team0: Port device team_slave_1 added [ 221.165854][ T9366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.178747][ T9370] chnl_net:caif_netlink_parms(): no params data found [ 221.203420][ T9366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.239565][ T9360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.291486][ T9368] device hsr_slave_0 entered promiscuous mode [ 221.339953][ T9368] device hsr_slave_1 entered promiscuous mode [ 221.399542][ T9368] debugfs: Directory 'hsr0' with parent '/' already present! [ 221.467412][ T9366] team0: Port device team_slave_0 added [ 221.476024][ T9370] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.483246][ T9370] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.491534][ T9370] device bridge_slave_0 entered promiscuous mode [ 221.499914][ T9370] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.506983][ T9370] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.514945][ T9370] device bridge_slave_1 entered promiscuous mode [ 221.529801][ T9366] team0: Port device team_slave_1 added [ 221.577395][ T9370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.593432][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.602207][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.618122][ T9368] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 221.678944][ T9370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.691522][ T9360] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.712465][ T9368] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 221.777324][ T9368] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 221.835370][ T9368] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 221.908847][ T9370] team0: Port device team_slave_0 added [ 221.962963][ T9366] device hsr_slave_0 entered promiscuous mode [ 222.009880][ T9366] device hsr_slave_1 entered promiscuous mode [ 222.049536][ T9366] debugfs: Directory 'hsr0' with parent '/' already present! [ 222.064436][ T9373] chnl_net:caif_netlink_parms(): no params data found [ 222.100562][ T9370] team0: Port device team_slave_1 added [ 222.130809][ T9373] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.137942][ T9373] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.148919][ T9373] device bridge_slave_0 entered promiscuous mode [ 222.165657][ T9373] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.181433][ T9373] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.189173][ T9373] device bridge_slave_1 entered promiscuous mode [ 222.198979][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.208346][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.217632][ T3044] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.224838][ T3044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.235135][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.252792][ T9366] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 222.312070][ T9366] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 222.356380][ T9366] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 222.416033][ T9366] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 222.480575][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.489179][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.498175][ T3044] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.505265][ T3044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.512976][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.522588][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.531352][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.540374][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.549442][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 222.596221][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.607240][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.616200][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.624716][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.634790][ T9373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 222.702790][ T9370] device hsr_slave_0 entered promiscuous mode [ 222.770661][ T9370] device hsr_slave_1 entered promiscuous mode [ 222.819645][ T9370] debugfs: Directory 'hsr0' with parent '/' already present! [ 222.847601][ T9360] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 222.866122][ T9360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 222.877064][ T9373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 222.902883][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.911515][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 222.963935][ T9363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.988378][ T9373] team0: Port device team_slave_0 added [ 222.998825][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.006611][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.026173][ T9360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.045090][ T9373] team0: Port device team_slave_1 added [ 223.080927][ T9370] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 223.102794][ T9370] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 223.154217][ T9370] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 223.215606][ T9363] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.224104][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.232099][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.285199][ T9370] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 223.318522][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.364341][ T9368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.374260][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.387458][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.396443][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.404967][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.412039][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.420794][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 223.429665][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.438072][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.445191][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.453955][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.521705][ T9373] device hsr_slave_0 entered promiscuous mode [ 223.549888][ T9373] device hsr_slave_1 entered promiscuous mode [ 223.589633][ T9373] debugfs: Directory 'hsr0' with parent '/' already present! [ 223.611836][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.621656][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.636917][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.646479][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.673226][ T9366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.681098][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.694594][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.711085][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.723468][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.732097][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.740052][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.747755][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.758308][ T9368] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.777591][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.787766][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.807943][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.818778][ T9382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.852996][ T9373] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 223.902639][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.915158][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.923473][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.932501][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.941185][ T2736] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.948284][ T2736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.956183][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 223.965138][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.988756][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.996964][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.010024][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.018819][ T2736] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.025912][ T2736] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.034256][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 224.042581][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.050976][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.060297][ T9373] netdevsim netdevsim5 netdevsim1: renamed from eth1 01:12:48 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x80006, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$uinput_user_dev(r0, &(0x7f0000000140)={'\ayz0\x05\xf0\x00\x00\x00\x80\xff\xff\xff\t\x00\x00\xfe\xff\xff\xff\x05\xff\xff\xff\x92\xc0\x00\x00\x05\x00'}, 0x45c) [ 224.115689][ T9366] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.128811][ T9363] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.141427][ T9363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.157436][ T9373] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 224.201285][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.216441][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.224950][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 01:12:48 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x1200, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0000002c008151e00f80ecdb4cb904014865160b00010009410000000c00180e00060000000001000000000300", 0x2e}], 0x1}, 0x0) [ 224.259087][ T9373] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 224.309717][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.318823][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.329622][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.336689][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.345637][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.354358][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.363168][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.372155][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.380789][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.387911][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.395622][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.405285][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.413835][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 01:12:49 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/sockstat6\x00') readv(r0, &(0x7f0000002340)=[{&(0x7f00000001c0)=""/4096, 0x141b}], 0x1) [ 224.460539][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.476663][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.502465][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 224.523042][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.540148][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 01:12:49 executing program 0: unshare(0x2a000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet_tcp_int(r1, 0x6, 0x10, &(0x7f0000000080), &(0x7f0000000140)=0x4) [ 224.548991][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.566184][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.575699][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.584818][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.602074][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 224.625273][ T9370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.653637][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.665227][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.674414][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 224.682642][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 224.690573][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 224.698840][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.708109][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.716453][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.730903][ T9363] 8021q: adding VLAN 0 to HW filter on device batadv0 01:12:49 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) [ 224.759896][ T9368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.770312][ T9366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.786557][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.798899][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.842698][ T9370] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.911381][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 224.918869][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 224.973461][ T9368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.006157][ T9388] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 225.015993][ T9388] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 01:12:49 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) [ 225.029150][ T9388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.055943][ T9388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.082891][ T9388] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.090091][ T9388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.097910][ T9388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.106833][ T9388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.115419][ T9388] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.122492][ T9388] bridge0: port 2(bridge_slave_1) entered forwarding state 01:12:49 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") unshare(0x2a000400) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr="d838ed6e052b6211218092bbe1933bfd"}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x83, &(0x7f00000001c0)={r3}, 0x8) [ 225.131205][ T9388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.165552][ T9366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.197619][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.207560][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.252643][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.275062][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.284441][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.300977][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.328568][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 01:12:49 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) [ 225.385953][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 225.413902][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.468626][ T9411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 225.481727][ T9423] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 225.486061][ T9411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 225.523601][ T9370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 225.592735][ T9373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.663741][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.696535][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.730463][ T9373] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.738546][ C1] hrtimer: interrupt took 37954 ns 01:12:50 executing program 2: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x1200, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0000002c008151e00f80ecdb4cb904014865160b00010003410000000c00180e00060000000001000000000300", 0x2e}], 0x1}, 0x0) [ 225.813338][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 225.827630][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 225.846443][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.857640][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.866479][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.873596][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.905148][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.924686][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.948606][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.955774][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.966909][ T9376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.987657][ T9370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.995678][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 226.018302][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 226.057664][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 226.080267][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.088907][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 226.098365][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.107182][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 226.118946][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 226.134035][ T3044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 226.157139][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 226.165892][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 226.186008][ T9373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 226.216711][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 226.232254][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 01:12:50 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[r3], 0x1) r4 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001cc0), 0x1006) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[r4]}, 0x1) [ 226.258588][ T9373] 8021q: adding VLAN 0 to HW filter on device batadv0 01:12:51 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x3, 0x2) semget$private(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) write$FUSE_GETXATTR(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) syz_open_procfs(0x0, &(0x7f0000000000)='net/packet\x00') msgctl$IPC_SET(0x0, 0x1, 0x0) 01:12:51 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r0, &(0x7f0000002ec0)={'3! ', './file0'}, 0x3138) 01:12:51 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:51 executing program 2: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = io_uring_setup(0xd, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000180)=[0xffffffffffffffff], 0x1) r1 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[r1]}, 0x1) 01:12:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[r3], 0x1) r4 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001cc0), 0x1006) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[r4]}, 0x1) 01:12:51 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000440)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1}]}, &(0x7f0000000180)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, r2}, 0x10) 01:12:51 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r0, &(0x7f0000002ec0)={'3! ', './file0'}, 0x3138) 01:12:51 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r0, &(0x7f0000002ec0)={'3! ', './file0'}, 0x3138) 01:12:51 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[r3], 0x1) r4 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001cc0), 0x1006) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[r4]}, 0x1) 01:12:51 executing program 2: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x400007) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x2, &(0x7f0000000000)=[{0x20}, {0x6}]}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002000)={&(0x7f0000000f40)=@ll={0x11, 0x0, 0x0}, 0x80, &(0x7f0000001fc0)}, 0x2080) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000040)=r1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00'}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000200)={0x2, &(0x7f0000000000)=[{0x20}, {0x6}]}) r3 = socket$kcm(0xa, 0x802, 0x88) sendmsg$kcm(r3, 0x0, 0x8000) 01:12:52 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) [ 227.764489][ T9586] ceph: No path or : separator in source [ 227.815665][ T9591] ceph: No path or : separator in source 01:12:52 executing program 4: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x1200, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0000002c008151e00f80ecdb4cb904014865160b0001000b80ffff000c00180e00060000000001000000000300", 0x2e}], 0x1}, 0x0) 01:12:52 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:52 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00') readv(r0, &(0x7f00000022c0)=[{&(0x7f0000002200)=""/171, 0x312}], 0x1000000000000248) 01:12:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[r3], 0x1) r4 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001cc0), 0x1006) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[r4]}, 0x1) 01:12:52 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:52 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:52 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000180)={@ipv4={[], [], @broadcast}, 0x45}) setsockopt$inet6_udp_int(r0, 0x11, 0x65, 0x0, 0x0) sendfile(r0, r1, 0x0, 0xa808) [ 228.081845][ T9602] ceph: No path or : separator in source 01:12:52 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) [ 228.197052][ T9614] ceph: No path or : separator in source 01:12:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[r3], 0x1) r4 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[r4]}, 0x1) 01:12:52 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) [ 228.407947][ T9625] ceph: No path or : separator in source 01:12:53 executing program 4: rt_sigaction(0x12, &(0x7f00000000c0)={0x0, {}, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000200)) 01:12:53 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:53 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r0, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:53 executing program 2: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x400007) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x2, &(0x7f0000000000)=[{0x20}, {0x6}]}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002000)={&(0x7f0000000f40)=@ll={0x11, 0x0, 0x0}, 0x80, &(0x7f0000001fc0)}, 0x2080) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000040)=r1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00'}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000200)={0x2, &(0x7f0000000000)=[{0x20}, {0x6}]}) r3 = socket$kcm(0xa, 0x802, 0x88) sendmsg$kcm(r3, 0x0, 0x8000) 01:12:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[r3], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:53 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = io_uring_setup(0xd, &(0x7f0000000000)) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000180)=[r1], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, 0x0, 0x0) [ 228.766094][ T9645] ceph: No path or : separator in source 01:12:53 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:53 executing program 4: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) getsockopt$inet6_tcp_buf(r3, 0x6, 0x1a, 0x0, &(0x7f0000000100)) 01:12:53 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r0, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) [ 228.982773][ T9672] ceph: No path or : separator in source 01:12:53 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:53 executing program 1: r0 = epoll_create1(0x0) r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x62, 0x40000001, r1, 0x0) 01:12:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[r3], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:53 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x89fc, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!\x10\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\f@'}) [ 229.214493][ T9684] ceph: No path or : separator in source 01:12:53 executing program 5: clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:53 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") unshare(0x2a000400) listen(0xffffffffffffffff, 0x0) 01:12:54 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000080)={@link_local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "50a005", 0x8, 0x0, 0x0, @remote, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) 01:12:54 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r0, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:54 executing program 5: clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:54 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) recvmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffffffffffd51, &(0x7f0000003500)=[{&(0x7f0000000380)=""/170, 0xaa}], 0x1}, 0x0) sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000002d40), 0xf9}}, {{0x0, 0x0, &(0x7f0000000180), 0x361, &(0x7f00000001c0)}}], 0x480, 0x0) 01:12:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:54 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x3, 0x2) semget$private(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) write$FUSE_GETXATTR(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) msgctl$IPC_SET(0x0, 0x1, 0x0) 01:12:54 executing program 5: clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:54 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r0, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:54 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r1, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:54 executing program 5: mknod$loop(0x0, 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:54 executing program 4: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x80006, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$uinput_user_dev(r0, &(0x7f0000000140)={'\ayz0\x05\xf0\x00\x00\x00\x80\xff\xff\xff\v\x00\x00\xfe\xff\xff\xff\x05\xff\xff\xff\x92\xc0\x00\x00\x05\x00'}, 0x45c) [ 229.811244][ T9726] __nla_validate_parse: 44 callbacks suppressed [ 229.811255][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 229.845981][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 229.867000][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 229.933208][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 229.994818][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 01:12:54 executing program 5: mknod$loop(0x0, 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) [ 230.056927][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 230.068229][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 230.078022][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 230.087967][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 01:12:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:54 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f0000000000)={0x0, "dd50c14a2c6ea38c9704c903f815daab49408bed60a07693274efbce40053f19"}) [ 230.104769][ T9726] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 01:12:54 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r1, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:54 executing program 5: mknod$loop(0x0, 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:54 executing program 1: r0 = eventfd2(0x0, 0x0) r1 = dup(r0) read$FUSE(r1, &(0x7f0000000280), 0x1000) r2 = dup(0xffffffffffffffff) read$FUSE(r2, &(0x7f0000000280), 0x1000) r3 = open(&(0x7f0000000140)='./file0\x00', 0x20141042, 0x0) write$selinux_attr(r3, &(0x7f0000000180)='system_u:object_r:hugetlbfs_t:s0\x00', 0x5571) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xfffffffe, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f00000004c0)={0x0, 0x252a, 0xfb, 0x18977, [], [{}, {0x801, 0x0, 0x80000001}]}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000580)={0x7b, 0x0, [0x0, 0x0, 0x0, 0x1]}) ioctl$RTC_PIE_ON(r5, 0x7005) lsetxattr$smack_xattr_label(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='security.SMACK64IPOUT\x00', &(0x7f0000002780)=ANY=[@ANYBLOB], 0x1, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sendfile(r2, r3, &(0x7f0000000080), 0x2008000fffffffe) 01:12:54 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r0, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000012000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={[], [], @local}, 0x8}, 0x1c) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x7, 0x3f}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:12:54 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[0xffffffffffffffff], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:55 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r1, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:55 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r0, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:55 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) [ 230.682645][ T9806] ceph: No path or : separator in source [ 230.729666][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 230.735689][ C1] protocol 88fb is buggy, dev hsr_slave_1 01:12:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unlinkat(0xffffffffffffffff, 0x0, 0x0) 01:12:55 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r1, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[0xffffffffffffffff], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:55 executing program 0: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) [ 230.944529][ T9816] ceph: No path or : separator in source 01:12:55 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e000000130081c5e4050cecdb4cb9040a485e434000000000ffffffe08ef9000600b0ebb06ac40006001400e04e", 0x2e}], 0x1, 0x0, 0x0, 0xe00}, 0x0) 01:12:55 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 01:12:55 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:56 executing program 0: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:56 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = io_uring_setup(0xd, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000180)=[0xffffffffffffffff], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:56 executing program 0: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) [ 231.558126][ T9850] ceph: No path or : separator in source 01:12:56 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:56 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000180)=[r2], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:56 executing program 1: bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8922, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!\x10\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\f@'}) [ 231.818581][ T9869] ceph: No source 01:12:56 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:56 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) [ 231.915987][ T9877] bond0: mtu greater than device maximum [ 232.053945][ T9885] ceph: No source 01:12:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000180)=[r2], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:56 executing program 0: syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:56 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:56 executing program 1: set_mempolicy(0x1, &(0x7f0000000140)=0xfe07, 0x80) syz_open_procfs(0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet(0x2, 0x4040000000000001, 0x0) bind$inet(r1, &(0x7f0000001280)={0x2, 0x8000004e23, @multicast2}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007f9, &(0x7f0000000080)={0x2, 0x200000004e23, @loopback}, 0x10) sendto(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0x0, 0x0, 0x24b) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 01:12:56 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 01:12:56 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, 0xffffffffffffffff, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) [ 232.349297][ T9903] ceph: No source 01:12:56 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:56 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, 0xffffffffffffffff, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000180)=[r2], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:57 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:57 executing program 0: syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:57 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, 0xffffffffffffffff, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:57 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = io_uring_setup(0xd, &(0x7f0000000000)) r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000180)=[r2], 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0xffffffffffffffff]}, 0x1) 01:12:57 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000001c0)='ceph\x00', 0x0, 0x0) 01:12:57 executing program 2: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) [ 233.054807][ T12] ================================================================== [ 233.063101][ T12] BUG: KASAN: use-after-free in io_wq_flush+0x1f7/0x210 [ 233.070055][ T12] Read of size 8 at addr ffff8880a8453d00 by task kworker/0:1/12 [ 233.077774][ T12] [ 233.080646][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.5.0-rc2-next-20191220-syzkaller #0 [ 233.090017][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.100095][ T12] Workqueue: events io_ring_file_ref_switch [ 233.106006][ T12] Call Trace: [ 233.109308][ T12] dump_stack+0x197/0x210 [ 233.113655][ T12] ? io_wq_flush+0x1f7/0x210 [ 233.118269][ T12] print_address_description.constprop.0.cold+0xd4/0x30b [ 233.125307][ T12] ? io_wq_flush+0x1f7/0x210 [ 233.129911][ T12] ? io_wq_flush+0x1f7/0x210 [ 233.134515][ T12] __kasan_report.cold+0x1b/0x41 [ 233.139465][ T12] ? io_wq_flush+0x1f7/0x210 [ 233.144065][ T12] kasan_report+0x12/0x20 [ 233.148414][ T12] __asan_report_load8_noabort+0x14/0x20 [ 233.154055][ T12] io_wq_flush+0x1f7/0x210 [ 233.158482][ T12] ? io_wq_cancel_work+0x600/0x600 [ 233.163602][ T12] ? unix_notinflight+0x131/0x2e0 [ 233.168624][ T12] ? io_work_cancel+0x1a0/0x1a0 [ 233.173485][ T12] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 233.180082][ T12] ? io_ring_file_ref_switch+0x68a/0xac0 [ 233.185725][ T12] io_destruct_skb+0x8e/0xc0 [ 233.190318][ T12] ? io_openat_prep+0x3c0/0x3c0 [ 233.195177][ T12] skb_release_head_state+0xeb/0x260 [ 233.200474][ T12] skb_release_all+0x16/0x60 [ 233.205072][ T12] kfree_skb+0x101/0x420 [ 233.209331][ T12] io_ring_file_ref_switch+0x68a/0xac0 [ 233.214815][ T12] ? io_get_work+0xb0/0xb0 [ 233.219252][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 233.224796][ T12] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 233.230777][ T12] ? trace_hardirqs_on+0x67/0x240 [ 233.235807][ T12] process_one_work+0x9af/0x1740 [ 233.235841][ T12] ? pwq_dec_nr_in_flight+0x320/0x320 [ 233.235853][ T12] ? lock_acquire+0x190/0x410 [ 233.246331][ T12] worker_thread+0x98/0xe40 [ 233.246350][ T12] ? trace_hardirqs_on+0x67/0x240 [ 233.246375][ T12] kthread+0x361/0x430 [ 233.255546][ T12] ? process_one_work+0x1740/0x1740 [ 233.255561][ T12] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 233.255580][ T12] ret_from_fork+0x24/0x30 [ 233.264652][ T12] [ 233.264660][ T12] Allocated by task 9937: [ 233.264675][ T12] save_stack+0x23/0x90 [ 233.264693][ T12] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 233.296382][ T12] kasan_kmalloc+0x9/0x10 [ 233.300718][ T12] kmem_cache_alloc_trace+0x158/0x790 [ 233.306097][ T12] io_wq_create+0x52/0xa40 [ 233.310520][ T12] io_uring_setup+0xf4a/0x2080 [ 233.315293][ T12] __x64_sys_io_uring_setup+0x54/0x80 [ 233.320703][ T12] do_syscall_64+0xfa/0x790 [ 233.325209][ T12] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 233.331104][ T12] [ 233.333421][ T12] Freed by task 9935: [ 233.337386][ T12] save_stack+0x23/0x90 [ 233.341526][ T12] __kasan_slab_free+0x102/0x150 [ 233.346447][ T12] kasan_slab_free+0xe/0x10 [ 233.350935][ T12] kfree+0x10a/0x2c0 [ 233.354824][ T12] io_wq_destroy+0x2ce/0x3c0 [ 233.359402][ T12] io_finish_async+0x128/0x1b0 [ 233.364207][ T12] io_ring_ctx_wait_and_kill+0x330/0x9a0 [ 233.369817][ T12] io_uring_release+0x42/0x50 [ 233.374471][ T12] __fput+0x2ff/0x890 [ 233.378431][ T12] ____fput+0x16/0x20 [ 233.382391][ T12] task_work_run+0x145/0x1c0 [ 233.386961][ T12] exit_to_usermode_loop+0x316/0x380 [ 233.392224][ T12] do_syscall_64+0x676/0x790 [ 233.396794][ T12] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 233.402707][ T12] [ 233.405016][ T12] The buggy address belongs to the object at ffff8880a8453d00 [ 233.405016][ T12] which belongs to the cache kmalloc-192 of size 192 [ 233.419066][ T12] The buggy address is located 0 bytes inside of [ 233.419066][ T12] 192-byte region [ffff8880a8453d00, ffff8880a8453dc0) [ 233.432165][ T12] The buggy address belongs to the page: [ 233.437779][ T12] page:ffffea0002a114c0 refcount:1 mapcount:0 mapping:ffff8880aa400000 index:0x0 [ 233.446878][ T12] raw: 00fffe0000000200 ffffea0002644808 ffffea0002482f08 ffff8880aa400000 [ 233.455457][ T12] raw: 0000000000000000 ffff8880a8453000 0000000100000010 0000000000000000 [ 233.464027][ T12] page dumped because: kasan: bad access detected [ 233.470418][ T12] [ 233.472744][ T12] Memory state around the buggy address: [ 233.478364][ T12] ffff8880a8453c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 233.486607][ T12] ffff8880a8453c80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 233.494650][ T12] >ffff8880a8453d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 233.502689][ T12] ^ 01:12:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_int(r0, 0x1, 0x10, 0x0, &(0x7f0000000100)) 01:12:58 executing program 0: syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) open_by_handle_at(r1, &(0x7f0000000040)={0x9, 0x2, '\v'}, 0x0) 01:12:58 executing program 2: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:58 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 01:12:58 executing program 4: syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x0, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x2, 0x2) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) [ 233.506737][ T12] ffff8880a8453d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 233.514778][ T12] ffff8880a8453e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 233.522813][ T12] ================================================================== [ 233.530850][ T12] Disabling lock debugging due to kernel taint [ 233.537188][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 233.543782][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.5.0-rc2-next-20191220-syzkaller #0 [ 233.554527][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.564598][ T12] Workqueue: events io_ring_file_ref_switch [ 233.570490][ T12] Call Trace: [ 233.573788][ T12] dump_stack+0x197/0x210 [ 233.578124][ T12] panic+0x2e3/0x75c [ 233.578917][ T4108] kobject: 'loop1' (00000000753f0892): kobject_uevent_env [ 233.582973][ T12] ? add_taint.cold+0x16/0x16 [ 233.582989][ T12] ? io_wq_flush+0x1f7/0x210 [ 233.583003][ T12] ? preempt_schedule+0x4b/0x60 01:12:58 executing program 5: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) [ 233.583020][ T12] ? ___preempt_schedule+0x16/0x18 [ 233.583035][ T12] ? trace_hardirqs_on+0x5e/0x240 [ 233.583050][ T12] ? io_wq_flush+0x1f7/0x210 [ 233.583063][ T12] end_report+0x47/0x4f [ 233.583081][ T12] ? io_wq_flush+0x1f7/0x210 [ 233.620005][ T9959] kobject: 'loop0' (0000000055ec0c28): kobject_uevent_env [ 233.623061][ T12] __kasan_report.cold+0xe/0x41 [ 233.623084][ T12] ? io_wq_flush+0x1f7/0x210 [ 233.644307][ T12] kasan_report+0x12/0x20 [ 233.645024][ T9959] kobject: 'loop0' (0000000055ec0c28): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 233.648657][ T12] __asan_report_load8_noabort+0x14/0x20 [ 233.648671][ T12] io_wq_flush+0x1f7/0x210 [ 233.648691][ T12] ? io_wq_cancel_work+0x600/0x600 [ 233.661933][ T4108] kobject: 'loop1' (00000000753f0892): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 233.664450][ T12] ? unix_notinflight+0x131/0x2e0 [ 233.664470][ T12] ? io_work_cancel+0x1a0/0x1a0 [ 233.693949][ T12] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 233.700112][ T12] ? io_ring_file_ref_switch+0x68a/0xac0 01:12:58 executing program 2: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, 0x0, &(0x7f0000000080)=0xfffffef2) 01:12:58 executing program 1: creat(&(0x7f0000000700)='./file0\x00', 0x0) r0 = timerfd_create(0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000000)) [ 233.705750][ T12] io_destruct_skb+0x8e/0xc0 [ 233.710350][ T12] ? io_openat_prep+0x3c0/0x3c0 [ 233.715204][ T12] skb_release_head_state+0xeb/0x260 [ 233.720490][ T12] skb_release_all+0x16/0x60 [ 233.725080][ T12] kfree_skb+0x101/0x420 [ 233.729334][ T12] io_ring_file_ref_switch+0x68a/0xac0 [ 233.734801][ T12] ? io_get_work+0xb0/0xb0 [ 233.739229][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 233.744779][ T12] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 233.750761][ T12] ? trace_hardirqs_on+0x67/0x240 [ 233.755791][ T12] process_one_work+0x9af/0x1740 [ 233.760739][ T12] ? pwq_dec_nr_in_flight+0x320/0x320 [ 233.766112][ T12] ? lock_acquire+0x190/0x410 [ 233.770802][ T12] worker_thread+0x98/0xe40 [ 233.775315][ T12] ? trace_hardirqs_on+0x67/0x240 [ 233.777417][ T4108] kobject: 'loop5' (0000000053f3ab39): kobject_uevent_env [ 233.780344][ T12] kthread+0x361/0x430 [ 233.780358][ T12] ? process_one_work+0x1740/0x1740 [ 233.780370][ T12] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 233.780383][ T12] ret_from_fork+0x24/0x30 [ 233.781939][ T12] Kernel Offset: disabled [ 233.812647][ T12] Rebooting in 86400 seconds..