[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 [ 68.772049][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 68.772064][ T26] audit: type=1400 audit(1572095071.570:41): avc: denied { map } for pid=9499 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts. 2019/10/26 13:04:38 fuzzer started syzkaller login: [ 75.304502][ T26] audit: type=1400 audit(1572095078.100:42): avc: denied { map } for pid=9508 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/10/26 13:04:39 dialing manager at 10.128.0.26:43357 2019/10/26 13:04:39 syscalls: 2557 2019/10/26 13:04:39 code coverage: enabled 2019/10/26 13:04:39 comparison tracing: enabled 2019/10/26 13:04:39 extra coverage: extra coverage is not supported by the kernel 2019/10/26 13:04:39 setuid sandbox: enabled 2019/10/26 13:04:39 namespace sandbox: enabled 2019/10/26 13:04:39 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/26 13:04:39 fault injection: enabled 2019/10/26 13:04:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/26 13:04:39 net packet injection: enabled 2019/10/26 13:04:39 net device setup: enabled 2019/10/26 13:04:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 13:07:02 executing program 0: rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000100)) ptrace(0x10, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000005c0), 0x0, &(0x7f0000000200)={0x0, 0x1c9c380}, 0x8) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)={0x0, 0x8}) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xfffffffffffffffe) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) [ 220.140498][ T26] audit: type=1400 audit(1572095222.940:43): avc: denied { map } for pid=9524 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=16565 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 13:07:03 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f00000001c0)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0xb}}}], 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x0, @remote}], 0x10) [ 220.419381][ T9525] IPVS: ftp: loaded support on port[0] = 21 [ 220.560079][ T9528] IPVS: ftp: loaded support on port[0] = 21 [ 220.591542][ T9525] chnl_net:caif_netlink_parms(): no params data found 13:07:03 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x380000, @loopback}, 0x1c) [ 220.659889][ T9525] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.670446][ T9525] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.679360][ T9525] device bridge_slave_0 entered promiscuous mode [ 220.710938][ T9525] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.719388][ T9525] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.729504][ T9525] device bridge_slave_1 entered promiscuous mode [ 220.862002][ T9525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.891180][ T9525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.906077][ T9528] chnl_net:caif_netlink_parms(): no params data found [ 220.941136][ T9525] team0: Port device team_slave_0 added [ 220.965743][ T9531] IPVS: ftp: loaded support on port[0] = 21 [ 220.967272][ T9525] team0: Port device team_slave_1 added 13:07:03 executing program 3: pipe(&(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) pipe(&(0x7f00000000c0)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffff8}, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) kexec_load(0x0, 0x0, &(0x7f0000000080), 0x0) open(0x0, 0x141042, 0x0) getpid() r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(0xffffffffffffffff, r1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000540)={'team0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0xfffffffffffffde1) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x729d0213259a469e, 0x0, 0x1000000, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x81}]}}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_SET_IRQCHIP(r4, 0xc008ae67, &(0x7f0000000380)={0x1, 0x80ffff, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x0, 0x0, 0x0, [], 0xff}, {0x0, 0x1f}, {}, {}, {}, {0x0, 0x80, 0x0, [], 0x4}, {0x1}, {}, {}, {0x0, 0x0, 0x3}, {0x4, 0x0, 0x7}, {0x0, 0xf7, 0x0, [], 0x2}, {}, {0x0, 0x0, 0x0, [], 0x80}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x10}]}}) [ 221.039048][ T9528] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.048424][ T9528] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.056878][ T9528] device bridge_slave_0 entered promiscuous mode [ 221.130041][ T9525] device hsr_slave_0 entered promiscuous mode [ 221.187372][ T9525] device hsr_slave_1 entered promiscuous mode [ 221.241890][ T9528] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.252018][ T9528] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.260783][ T9528] device bridge_slave_1 entered promiscuous mode 13:07:04 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000d00)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb\xe9\x9cm\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\"\x89\xbc\xe0b\xd1\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb\xe9\x9cm\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\"\x89\xbc\xe0b\xd1\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) fcntl$notify(r1, 0x402, 0x80000001) fcntl$notify(r0, 0x402, 0x52) [ 221.329131][ T9533] IPVS: ftp: loaded support on port[0] = 21 [ 221.352424][ T9528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.380885][ T9528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.464867][ T9525] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.472291][ T9525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.480275][ T9525] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.487409][ T9525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.627131][ T3015] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.649105][ T3015] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.773425][ T9528] team0: Port device team_slave_0 added [ 221.821108][ T9528] team0: Port device team_slave_1 added [ 221.861290][ T9531] chnl_net:caif_netlink_parms(): no params data found [ 221.929130][ T9525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.965606][ T9561] IPVS: ftp: loaded support on port[0] = 21 [ 222.063709][ T9525] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.129408][ T9528] device hsr_slave_0 entered promiscuous mode [ 222.146416][ T9528] device hsr_slave_1 entered promiscuous mode [ 222.196135][ T9528] debugfs: Directory 'hsr0' with parent '/' already present! [ 222.204600][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.217431][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:07:05 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = eventfd2(0x0, 0x0) r4 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f00000005c0), 0x80000) r5 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r5, &(0x7f0000002f80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000440)={0xa, 0x4e23, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000003040)=[@hopopts={{0x18}}, @hopopts={{0x18}}], 0x30}}], 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) setpgid(0x0, r6) ftruncate(r4, 0x280080) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x2c280, 0x0) ioctl$VT_GETMODE(r7, 0x5601, 0x0) sendfile(r3, r4, 0x0, 0x2008004fffffffe) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:kvm_device_t:s0\x00', 0x22) [ 222.350266][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.378177][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.406525][ T9557] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.413630][ T9557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.450496][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.496812][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.505567][ T9557] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.512742][ T9557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.654918][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.696907][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.860222][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.877239][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.936817][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.967594][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.006858][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 223.044675][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 223.087236][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.108260][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.146975][ T9531] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.154176][ T9531] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.187116][ T9531] device bridge_slave_0 entered promiscuous mode [ 223.226996][ T9531] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.234083][ T9531] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.280558][ T9531] device bridge_slave_1 entered promiscuous mode [ 223.299895][ T9533] chnl_net:caif_netlink_parms(): no params data found [ 223.337015][ T9525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 223.352839][ T9572] IPVS: ftp: loaded support on port[0] = 21 [ 223.356598][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.390937][ T9531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.492053][ T9531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.581432][ T9531] team0: Port device team_slave_0 added [ 223.607895][ T9531] team0: Port device team_slave_1 added [ 223.727706][ T9525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.859233][ T9531] device hsr_slave_0 entered promiscuous mode [ 223.876655][ T9531] device hsr_slave_1 entered promiscuous mode [ 223.916293][ T9531] debugfs: Directory 'hsr0' with parent '/' already present! [ 223.934572][ T9533] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.942170][ T9533] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.954344][ T9533] device bridge_slave_0 entered promiscuous mode [ 223.994283][ T9533] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.003349][ T9533] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.018152][ T9533] device bridge_slave_1 entered promiscuous mode [ 224.062419][ T9561] chnl_net:caif_netlink_parms(): no params data found [ 224.131322][ T26] audit: type=1400 audit(1572095226.920:44): avc: denied { associate } for pid=9525 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 224.193592][ T9528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.228103][ T9533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.251263][ T9533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.380584][ T9533] team0: Port device team_slave_0 added [ 224.458047][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.496207][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:07:07 executing program 0: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x303, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x804, 0x1) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x6, &(0x7f0000000180)="8601c4014e99"}) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x80c) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x800002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x6f20f56d24, 0xaaaaaaaaaaaab31, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 224.506541][ T9528] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.560951][ T9533] team0: Port device team_slave_1 added [ 224.612503][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.626689][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.635191][ T9548] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.642427][ T9548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.714670][ T9561] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.728857][ C0] hrtimer: interrupt took 28513 ns [ 224.732973][ T9561] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.775663][ T9561] device bridge_slave_0 entered promiscuous mode [ 224.891170][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.912089][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.976162][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.984823][ T9631] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 225.020552][ T3015] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.021429][ T9631] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 225.027735][ T3015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.089731][ T9631] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 225.131044][ T9561] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.142873][ T9561] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.162714][ T9561] device bridge_slave_1 entered promiscuous mode [ 225.170302][ T9631] EXT4-fs (loop0): mounting with "discard" option, but the device does not support discard [ 225.226289][ T9631] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 225.346646][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.366686][ T9561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 13:07:08 executing program 0: openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335", 0x1fd) sendfile(r0, r1, 0x0, 0x7fffffa7) r2 = open(&(0x7f0000000100)='./file0\x00', 0x140, 0x0) fcntl$setlease(r2, 0x400, 0x1) r3 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x800, 0x0, 0x100000003, 0x1, 0x0, 0x0, 0x400000000}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r3, r4, &(0x7f0000000240)=0x202, 0x4000000000dc) syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) open(0x0, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) [ 225.479938][ T9533] device hsr_slave_0 entered promiscuous mode [ 225.527621][ T9533] device hsr_slave_1 entered promiscuous mode [ 225.556192][ T9533] debugfs: Directory 'hsr0' with parent '/' already present! [ 225.585678][ T9561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.612216][ T26] audit: type=1800 audit(1572095228.410:45): pid=9654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16520 res=0 [ 225.636473][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.659323][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.679248][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.681965][ T26] audit: type=1804 audit(1572095228.440:46): pid=9654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir799147118/syzkaller.jbEi3h/2/file0" dev="sda1" ino=16520 res=1 [ 225.700355][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.731527][ T26] audit: type=1804 audit(1572095228.450:47): pid=9654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir799147118/syzkaller.jbEi3h/2/file0" dev="sda1" ino=16520 res=1 [ 225.735735][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.781137][ T9572] chnl_net:caif_netlink_parms(): no params data found [ 225.793032][ T26] audit: type=1400 audit(1572095228.460:48): avc: denied { create } for pid=9653 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 225.810909][ T9528] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 225.824426][ T26] audit: type=1400 audit(1572095228.470:49): avc: denied { write } for pid=9653 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 225.832293][ T9528] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 225.854288][ T26] audit: type=1400 audit(1572095228.530:50): avc: denied { read } for pid=9653 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 225.916342][ T9645] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.924306][ T9645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 225.938993][ T9645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.951040][ T9645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 225.960245][ T9645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 226.024332][ T9528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.041413][ T9561] team0: Port device team_slave_0 added [ 226.059644][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 13:07:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb6000)="1f00000002031900000007000000e3800802bb0509000100010100493ffe58", 0x1f}], 0x1) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000003031900030007000000068100023b0509000100010100ff1ffe58", 0x1f}], 0x1) [ 226.127286][ T9561] team0: Port device team_slave_1 added [ 226.205377][ T9572] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.225571][ T9572] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.234376][ T26] audit: type=1400 audit(1572095229.030:51): avc: denied { create } for pid=9681 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 13:07:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb6000)="1f00000002031900000007000000e3800802bb0509000100010100493ffe58", 0x1f}], 0x1) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000003031900030007000000068100023b0509000100010100ff1ffe58", 0x1f}], 0x1) [ 226.282897][ T9572] device bridge_slave_0 entered promiscuous mode [ 226.359600][ T9572] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.398823][ T26] audit: type=1400 audit(1572095229.030:52): avc: denied { write } for pid=9681 comm="syz-executor.0" path="socket:[30883]" dev="sockfs" ino=30883 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 226.412698][ T9572] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.489514][ T9572] device bridge_slave_1 entered promiscuous mode 13:07:09 executing program 0: sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$evdev(&(0x7f0000000340)='#\x00', 0x0, 0x0) read(r2, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0xffffdffffffffffc) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x3, 0x2) r4 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r4, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7) r5 = dup(0xffffffffffffffff) write$cgroup_int(r5, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x40, @dev}, 0x1c) r6 = socket(0x1000000010, 0x400000400080803, 0x0) write(r6, &(0x7f0000000240)="240000001a0025f07e9451f68f2e9c920a0b49ffed000019806028000800100001000000", 0x24) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000480)='\x01S\xb8\x00\x00', 0x152) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)) [ 226.600270][ T9561] device hsr_slave_0 entered promiscuous mode [ 226.656503][ T9561] device hsr_slave_1 entered promiscuous mode [ 226.667105][ T9561] debugfs: Directory 'hsr0' with parent '/' already present! [ 226.690578][ T9531] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.749667][ T9572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.810362][ T9572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.868504][ T9531] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.883140][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.916672][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 227.026453][ T9645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 227.035090][ T9645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 13:07:09 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab", 0x4) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)="fe5bcc15add63afde2b786576521c17489e9e86ab36b92e56ab041dff7bbd6f40fce8dfb71fc53766789a72a7cbe4f2c30beb17888d1c728e6414b9eac4634e53b0f06360d4033d904000000149b61a9588b3d8f524cf580fbb82f5f6e8600ddb4a3d437fcc989bcf1ec74c5c01cc44ff494e780e2722000", 0x78}], 0x1}], 0x1, 0x0) recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x5}, {&(0x7f000000b500)=""/153, 0x7fffeffb}], 0x2}, 0x0) [ 227.092548][ T9645] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.099712][ T9645] bridge0: port 1(bridge_slave_0) entered forwarding state 13:07:10 executing program 0: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'sit0\x00', 0x1}, 0x18) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000300), 0x4) dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) ioctl(r0, 0x8916, &(0x7f0000000000)) ioctl(r0, 0x80000000008936, &(0x7f0000000000)) [ 227.225867][ T9533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.376233][ T9533] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.390076][ T9572] team0: Port device team_slave_0 added [ 227.400378][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 13:07:10 executing program 1: openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000002bc0)='./file0\x00', 0x40c2, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x140, 0x0) fcntl$setlease(r1, 0x400, 0x1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') preadv(r3, &(0x7f0000000480), 0x10000000000001e2, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x800, 0x0, 0x100000003, 0x1, 0x0, 0x0, 0x400000000}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x0, 0x0, 0x1, 0x3}, 0x20) r5 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r4, r5, &(0x7f0000000240)=0x202, 0x4000000000dc) r6 = syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ee9e47f5", @ANYRES16=r6, @ANYBLOB="050c27bd7000ffdbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8040) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') preadv(r7, &(0x7f0000000700)=[{&(0x7f0000000740)=""/203, 0xcb}, {&(0x7f00000003c0)=""/243, 0xf3}, {&(0x7f00000004c0)=""/125, 0x7d}, {&(0x7f0000000540)=""/126, 0x7e}, {&(0x7f00000005c0)=""/25, 0x19}, {&(0x7f00000006c0)=""/1, 0x1}], 0x6, 0x4) r8 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') preadv(r8, &(0x7f0000000480), 0x10000000000001e2, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') preadv(r9, &(0x7f0000000480), 0x10000000000001e2, 0x0) [ 227.422547][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.468497][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 227.532508][ T2918] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.539819][ T2918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.639227][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 227.657563][ T26] audit: type=1800 audit(1572095230.460:53): pid=9740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16526 res=0 [ 227.685226][ T9740] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 227.695490][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 227.784110][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 227.795680][ T26] audit: type=1804 audit(1572095230.480:54): pid=9740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir245883344/syzkaller.69WVIq/2/file0/file0" dev="sda1" ino=16526 res=1 [ 227.856688][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 227.971347][ T9572] team0: Port device team_slave_1 added [ 228.014295][ T9531] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 228.106006][ T9531] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 228.473633][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 228.504435][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 228.548415][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 228.590362][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.630704][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.666751][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.695715][ T9651] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.702994][ T9651] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.740010][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 228.759055][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.776659][ T9651] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.784225][ T9651] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.810864][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 228.837344][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 228.864033][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 228.890028][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.026173][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.034135][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.075064][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.097239][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.116810][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.125689][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.168426][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.187241][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.205643][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.216060][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.237501][ T9531] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.244639][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 229.262617][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.329350][ T9572] device hsr_slave_0 entered promiscuous mode [ 229.376851][ T9572] device hsr_slave_1 entered promiscuous mode [ 229.466178][ T9572] debugfs: Directory 'hsr0' with parent '/' already present! [ 229.504223][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 229.520043][ T9557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.539661][ T9533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.639038][ T9561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.698784][ T9533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.770367][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.784191][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.828250][ T9561] 8021q: adding VLAN 0 to HW filter on device team0 13:07:12 executing program 2: [ 229.901857][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.928137][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.983851][ T9548] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.991027][ T9548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.040678][ T9572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.096526][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.136913][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.145792][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.207009][ T3015] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.214135][ T3015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.236641][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.257034][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.265875][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.307054][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.326846][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.367737][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.395744][ T9572] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.443671][ T9561] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 230.526500][ T9561] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 230.579427][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 230.599267][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 230.652721][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 230.707080][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 230.721873][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 230.773389][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 230.797134][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 230.864522][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 230.913398][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.972774][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.023430][ T9548] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.030860][ T9548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.103128][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.113733][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.138685][ T9548] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.145866][ T9548] bridge0: port 2(bridge_slave_1) entered forwarding state 13:07:13 executing program 3: [ 231.173924][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.219064][ T9548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 231.249104][ T9561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.304609][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 231.342044][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.363934][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.373330][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.382137][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.393617][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 231.401608][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 231.416992][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 231.450376][ T9572] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 231.469618][ T9572] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 231.478224][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 231.491483][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 13:07:14 executing program 0: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'sit0\x00', 0x1}, 0x18) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000300), 0x4) dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) ioctl(r0, 0x8916, &(0x7f0000000000)) ioctl(r0, 0x80000000008936, &(0x7f0000000000)) [ 231.543664][ T26] audit: type=1400 audit(1572095234.340:55): avc: denied { watch watch_reads } for pid=9828 comm="syz-executor.4" path="/" dev="sda1" ino=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir permissive=1 [ 231.551772][ T9572] 8021q: adding VLAN 0 to HW filter on device batadv0 13:07:15 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:15 executing program 0: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d6000/0x1000)=nil) r0 = syz_open_procfs(0x0, &(0x7f0000000340)='environ\x00[\xaaZ\xaf\xc0\x8c\xaa\xaf\xc1DP\xf0_\'\xaf\xeb\x19s\xf3\xafp\xcam\x14\x9cd\x8d\xefh\xbb\xca\xfc\xdeF4\xbbc\x93\xae\xbf\xe6\x7fJL]\xb7\xc0#;,F\xc2\xc8\x93<\x0f7\xe4\x01\xc0\x82\x02\xcdT\x02l\x80\xff\xf8\xd8YQL\x06\xdexu!\xb32$\x04&e\\^\xe0nZ') preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0) 13:07:15 executing program 1: 13:07:15 executing program 2: 13:07:15 executing program 4: 13:07:15 executing program 3: 13:07:15 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000100)={0x7c, 0x0, [0x175]}) 13:07:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f0000000100)={0x7c, 0x0, [0x175]}) 13:07:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000100)={0x7c, 0x0, [0x175]}) 13:07:15 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:15 executing program 5: clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @ipv4}}, 0x0, 0x1, 0x0, "111d6c1ba6050dd77cf3f2f09d1cb02a25988f1ea9c5be7d9801641c99b0def45ac625ada3316175a9d341111c181811e12c196e1ab99946e5e47e0594e415670d1330cd611c3974c55bb4d50000e111"}, 0xd8) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0xffffffff, @local, 0x4}, 0x1c) 13:07:15 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:15 executing program 2: dup2(0xffffffffffffffff, 0xffffffffffffffff) clone(0x2100001ff7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x0, 0x0, @ipv4}}, 0x0, 0x1, 0x0, "111d6c1ba6050dd77cf3f2f09d1cb02a25988f1ea9c5be7d9801641c99b0def45ac625ada3316175a9d341111c181811e12c196e1ab99946e5e47e0594e415670d1330cd611c3974c55bb4d50000e111"}, 0xd8) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) 13:07:16 executing program 0: pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/135, 0x87}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000001e2, 0x0) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) dup2(r1, 0xffffffffffffffff) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "46a5e52a89ab0fdd", "0dfcc82b35d7a46346b25a65a50c9ca3eb9c7db31becbfe7d95016400d9c03a0", "3b019bf8", "67729c52c1dd196a"}, 0x38) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) 13:07:16 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r2, 0x81a0ae8c, &(0x7f00000001c0)) [ 233.491152][ T9894] FAT-fs (loop1): bogus logical sector size 537 [ 233.536650][ T9894] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:16 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r2, 0x4010aefd, &(0x7f00000001c0)) 13:07:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r2, 0x81a0ae8c, &(0x7f00000001c0)) [ 233.812639][ T9915] FAT-fs (loop1): bogus logical sector size 537 [ 233.861817][ T9915] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:16 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) 13:07:16 executing program 2: r0 = socket(0x1f, 0x5, 0x2) setsockopt$sock_int(r0, 0xffff, 0x1004, &(0x7f0000000600)=0x40, 0x4) 13:07:16 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:16 executing program 3: splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000100)={r1}) 13:07:16 executing program 0: r0 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) ioctl$TUNSETLINK(r1, 0x400454cd, 0x336) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') 13:07:17 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:17 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:17 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r0, &(0x7f0000000600)=ANY=[@ANYBLOB='Q'], 0x1) 13:07:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'bcsh0\x00', 0x200}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x1b, &(0x7f0000000040)=r1, 0x52d) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) close(r1) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) r4 = gettid() r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x80, 0x5, 0xe3, 0x7f, 0x0, 0xb88b, 0x20000, 0x6, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffff, 0x1, @perf_bp={&(0x7f0000000040), 0x8}, 0x2000, 0x0, 0x100, 0x7, 0x3ff, 0x23e0000, 0xb6}, r4, 0xa, r5, 0x2) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x1f, 0x0, 0x11, 0x70, 0x0, 0x4, 0x48, 0xd, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x8, 0x10000}, 0x0, 0x0, 0x0, 0x1, 0x9, 0xffffffff, 0x3}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) write$cgroup_int(r3, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x40086602, 0x400007) openat$cgroup_ro(r6, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000000000)='syz0\x00', 0x1ff) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0xfffff7fffffffffc) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003840)={&(0x7f0000000040)=@un=@abs, 0x80, 0x0}, 0x0) [ 234.346339][ T9953] device nr0 entered promiscuous mode [ 234.403713][ T9956] FAT-fs (loop1): bogus logical sector size 537 13:07:17 executing program 5: syz_emit_ethernet(0x42, &(0x7f00000003c0)={@local, @random="318100000001", [], {@ipv4={0x800, {{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast1, {[@rr={0x7, 0xb, 0x906, [@multicast2, @dev]}]}}, @tcp={{0x0, 0x0, 0x41424344, 0x42424242, 0x0, 0x0, 0x5}}}}}}, 0x0) 13:07:17 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:17 executing program 2: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 234.445478][ T9956] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xffffffffffffff02, 0x0, 0x0, 0xfffffffffffffd37) getpgrp(0x0) setresuid(0x0, 0x0, 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) 13:07:17 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:17 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) [ 234.855389][ T9981] FAT-fs (loop1): bogus logical sector size 537 13:07:17 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 234.900554][ T9981] FAT-fs (loop1): Can't find a valid FAT filesystem [ 235.111572][ T9993] device nr0 entered promiscuous mode 13:07:18 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x3, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0xfffffda9, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x8000000000000003, @loopback}, 0x10) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000003c0)) timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)=""/192, 0xc0}], 0x1}, 0x0) r1 = gettid() tkill(r1, 0x14) write$selinux_context(r0, &(0x7f0000000040)='system_u:object_r:inetd_child_exec_t:s0\x00', 0x28) 13:07:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000300)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='veth0_to_bond\x00', 0x10) ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000080), 0xffffffffffffff02, 0x420ffe0, 0x0, 0xfffffffffffffd37) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getpgrp(0x0) setresuid(0x0, 0x0, 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x0, 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) 13:07:18 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:18 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:18 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'bcsh0\x00', 0x200}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x1b, &(0x7f0000000040)=r1, 0x52d) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) close(r1) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) r4 = gettid() r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x80, 0x5, 0xe3, 0x7f, 0x0, 0xb88b, 0x20000, 0x6, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffff, 0x1, @perf_bp={&(0x7f0000000040), 0x8}, 0x2000, 0x0, 0x100, 0x7, 0x3ff, 0x23e0000, 0xb6}, r4, 0xa, r5, 0x2) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x1f, 0x0, 0x11, 0x70, 0x0, 0x4, 0x48, 0xd, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x8, 0x10000}, 0x0, 0x0, 0x0, 0x1, 0x9, 0xffffffff, 0x3}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) write$cgroup_int(r3, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x40086602, 0x400007) openat$cgroup_ro(r6, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000000000)='syz0\x00', 0x1ff) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0xfffff7fffffffffc) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003840)={&(0x7f0000000040)=@un=@abs, 0x80, 0x0}, 0x0) 13:07:18 executing program 4: ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105517, &(0x7f0000001000)) [ 235.496749][T10004] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 13:07:18 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:18 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'bridge0\x00'}, 0x3d8) ioctl(r0, 0x800000000008982, &(0x7f0000000080)) 13:07:18 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @empty}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='sit0\x00', 0x10) sendto$inet(r0, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) 13:07:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, 0x0, 0xfffffffffffffc6d, 0x20000800, &(0x7f0000000240)={0x2, 0x4e23, @local}, 0x10) getsockopt$inet_buf(r1, 0x0, 0x50, &(0x7f0000001440)=""/4096, &(0x7f0000000600)=0x1000) 13:07:18 executing program 4: ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105517, &(0x7f0000001000)) 13:07:18 executing program 1: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:18 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'bcsh0\x00', 0x200}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x1b, &(0x7f0000000040)=r1, 0x52d) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) close(r1) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) r4 = gettid() r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x80, 0x5, 0xe3, 0x7f, 0x0, 0xb88b, 0x20000, 0x6, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffff, 0x1, @perf_bp={&(0x7f0000000040), 0x8}, 0x2000, 0x0, 0x100, 0x7, 0x3ff, 0x23e0000, 0xb6}, r4, 0xa, r5, 0x2) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x1f, 0x0, 0x11, 0x70, 0x0, 0x4, 0x48, 0xd, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x8, 0x10000}, 0x0, 0x0, 0x0, 0x1, 0x9, 0xffffffff, 0x3}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) write$cgroup_int(r3, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x40086602, 0x400007) openat$cgroup_ro(r6, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000000000)='syz0\x00', 0x1ff) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0xfffff7fffffffffc) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003840)={&(0x7f0000000040)=@un=@abs, 0x80, 0x0}, 0x0) 13:07:18 executing program 4: ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105517, &(0x7f0000001000)) 13:07:18 executing program 0: semget(0x0, 0x0, 0x62c) 13:07:18 executing program 2: getrandom(&(0x7f0000000000)=""/246, 0xf6, 0x2) 13:07:19 executing program 4: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:19 executing program 2: open$dir(0x0, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) mmap$perf(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) getpriority(0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 13:07:19 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x5) 13:07:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:19 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) listen(0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$nl_route(0x10, 0x3, 0x0) splice(r5, 0x0, r7, 0x0, 0x1420000a77, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="390000001300090468fe0704000000000000ff3f03000000450001070000001419001a0015000a000700080002", 0x2d}], 0x1) write$binfmt_elf64(r6, &(0x7f0000000000)=ANY=[], 0xfffffd88) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, r1+30000000}}, 0x0) tkill(r0, 0x1000000000016) 13:07:19 executing program 4: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:19 executing program 2: sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x106, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001c008104e00f80ecdb4cb9f207c804a01c000000d00306000a0002000a0a247adf7097bfa510da1e4cb6", 0xff40}], 0x1, 0x0, 0x0, 0xa}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x19, 0x0) 13:07:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:19 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'bcsh0\x00', 0x200}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x1b, &(0x7f0000000040)=r1, 0x52d) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) close(r1) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) r4 = gettid() r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x80, 0x5, 0xe3, 0x7f, 0x0, 0xb88b, 0x20000, 0x6, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffff, 0x1, @perf_bp={&(0x7f0000000040), 0x8}, 0x2000, 0x0, 0x100, 0x7, 0x3ff, 0x23e0000, 0xb6}, r4, 0xa, r5, 0x2) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x1f, 0x0, 0x11, 0x70, 0x0, 0x4, 0x48, 0xd, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x8, 0x10000}, 0x0, 0x0, 0x0, 0x1, 0x9, 0xffffffff, 0x3}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) write$cgroup_int(r3, 0x0, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x40086602, 0x400007) openat$cgroup_ro(r6, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) mkdirat$cgroup(r3, &(0x7f0000000000)='syz0\x00', 0x1ff) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(0x0, 0xfffff7fffffffffc) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003840)={&(0x7f0000000040)=@un=@abs, 0x80, 0x0}, 0x0) 13:07:19 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f00000003c0)=ANY=[@ANYBLOB="b702000000000400bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b700000000000600950000000000000080824c980de7d5d5ce61c9c28e0831"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendto(r1, &(0x7f0000000540)="2d10b36c8d2f0adc2ba574556061850fe87fa543a72a0ea7ff466cbda6e554879242c7329d5343d37d15931573f0d5f4689103e863a726cb2484982cd17b43e0024c5b7b202042bba8f87c06c4ecec0de02171cf01b7b5db3ab20958ea2e04ddbf72de29de8e96a19ef4bb83729ed177a4c4e1baf4b4539a3cca86717ebc754cd6c60ae869c33010921f94a373b0c5c06709d45e37d81ccf697a446abe55cc5feb94ff9f043bce43db75e0bf727db31264f4f32f846da0bd44799bde8426f5228efac12231a1fb9befb95e517f5a6070d96a2430a2fb4de883", 0xd9, 0x8000, &(0x7f00000002c0)=@vsock={0x28, 0x0, 0x0, @host}, 0x80) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup(r2, &(0x7f0000000740)='syz1\x00', 0x200002, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040), 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000c80)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="6fe000000000000000000d000000"], 0x14}}, 0x0) r6 = socket(0x840000000002, 0x3, 0x6) connect$netlink(r6, &(0x7f0000000000)=@unspec, 0xc) ioctl$SIOCX25GCAUSEDIAG(r6, 0x89e6, &(0x7f0000000b00)={0x8, 0x8}) getsockname(r4, &(0x7f0000000840)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f00000008c0)=0x80) ioctl$sock_x25_SIOCADDRT(r7, 0x890b, &(0x7f0000000900)={@remote={[], 0x3}, 0x4, 'sit0\x00'}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r3, 0x0, 0x41, 0xe5, &(0x7f0000000a00)="ba9c5ec8621450f3c113b31c50b48df04dfa8bc13859d5ea6c50f6c5eecc0ee8e76ac858a1748c55a60be9a45ecb37cb3a4f51b2c627ead3ced8f769551ff2832f", &(0x7f0000000440)=""/229, 0xfffffff3, 0x0, 0x1, 0x4a, &(0x7f0000000180)="fe", &(0x7f00000001c0)="162994868fc2edcc40f4a47bfa555a362bb4553f75738752b6ce47b48d21ca10b9456bcd3fd18a3508e072ca5e821742c00af7b0ddfe93f119e116995bb3bb29f8b1e68aa8d05d42603a"}, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)={0xffffffffffffffff, r0, 0x11}, 0x70) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r8, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r9 = accept(r8, &(0x7f0000000640)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f0000000380)=0x80) getsockopt$XDP_STATISTICS(r9, 0x11b, 0x7, &(0x7f0000000a80), &(0x7f0000000ac0)=0x18) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000780)={0x0, 0x0}, &(0x7f00000007c0)=0xc) ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000800)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, r10}) ioctl$SIOCAX25DELUID(r9, 0x89e2, &(0x7f00000006c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r10}) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff, 0x11}, 0x10) r11 = socket$caif_stream(0x25, 0x1, 0x5) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b40)={0xc8, r13, 0xf7e8f6cb5dcde06f, 0x0, 0x0, {0xd}, [@IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xff}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3d}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}]}, @IPVS_CMD_ATTR_DAEMON={0x64, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'nr0\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}]}, 0xc8}}, 0x0) tee(r11, r12, 0x0, 0x4) 13:07:19 executing program 2: clone(0x2000922100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() getrandom(&(0x7f0000000200)=""/147, 0x93, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace(0x10, r0) 13:07:19 executing program 4: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 236.810563][ T26] audit: type=1400 audit(1572095239.610:56): avc: denied { prog_load } for pid=10092 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 13:07:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) [ 236.979667][ T26] audit: type=1400 audit(1572095239.610:57): avc: denied { prog_run } for pid=10092 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 237.051912][ T26] audit: type=1400 audit(1572095239.710:58): avc: denied { getattr } for pid=10092 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 13:07:19 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 237.093116][T10114] netlink: 'syz-executor.5': attribute type 8 has an invalid length. [ 237.110847][T10114] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.5'. [ 237.124122][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 [ 237.138896][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 [ 237.152868][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 [ 237.166792][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 [ 237.184404][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 13:07:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:20 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 237.306644][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 [ 237.324701][T10129] FAT-fs (loop1): bogus number of reserved sectors [ 237.362543][T10129] FAT-fs (loop1): Can't find a valid FAT filesystem [ 237.372028][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 [ 237.493034][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 [ 237.521777][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 [ 237.552476][T10114] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10114 comm=syz-executor.5 13:07:20 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) listen(0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$nl_route(0x10, 0x3, 0x0) splice(r5, 0x0, r7, 0x0, 0x1420000a77, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="390000001300090468fe0704000000000000ff3f03000000450001070000001419001a0015000a000700080002", 0x2d}], 0x1) write$binfmt_elf64(r6, &(0x7f0000000000)=ANY=[], 0xfffffd88) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, r1+30000000}}, 0x0) tkill(r0, 0x1000000000016) 13:07:20 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) 13:07:20 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d00"/137], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 13:07:20 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) [ 238.069410][T10148] FAT-fs (loop1): bogus number of reserved sectors [ 238.102123][T10148] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:20 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:20 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) [ 238.185563][T10157] netlink: 'syz-executor.5': attribute type 8 has an invalid length. 13:07:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) [ 238.240344][T10157] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.5'. 13:07:21 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:21 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 238.452813][T10174] FAT-fs (loop1): bogus number of reserved sectors [ 238.507466][T10174] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:22 executing program 5: getpid() bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x1, &(0x7f0000000800)=ANY=[@ANYPTR=&(0x7f0000000900)=ANY=[@ANYPTR=&(0x7f0000000b00)=ANY=[@ANYPTR=&(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f0000000280)=ANY=[@ANYRESHEX=0x0]]]]], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004870000000000000bc700000000000009500090000000000"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xc0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 13:07:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) 13:07:22 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) mq_getsetattr(r0, 0x0, 0x0) 13:07:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x0, 0x0, 0x0, 0x0) 13:07:22 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:22 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:22 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 239.270426][T10197] FAT-fs (loop1): bogus number of reserved sectors [ 239.298775][T10197] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:22 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) 13:07:22 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d00"/137], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 13:07:22 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000040)=0x2, 0x4) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x10, 0x0, 0x8020001) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000040)=0x2, 0x4) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100808}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="3d0c34130488980affdaa7c8f3f5", @ANYRES16=r1, @ANYBLOB="000227bd7000ffdbdf2503000000"], 0x14}}, 0x24004085) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, 0x0, 0x0) creat(0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) write$binfmt_elf64(r3, 0x0, 0x0) connect(r3, &(0x7f00000001c0)=@nl=@unspec, 0x80) r4 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) write$binfmt_elf64(r4, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000800)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00') r5 = syz_open_procfs(0x0, &(0x7f0000000640)='\x00\a\x00\x00\x81z\x00\x00\x00G\xe3U:Q<\x16%\x98\xff\xf2\xda\xeb\x88i\x16\x02\xb5\x83\x19\xf3w\x18\xc7\x96\x05\x00y\x93\xd3W\xc4-\x86\xcf\xa5\xed\xc8RF\xf2.Ihm\xe2\x86\xd2\xf1\xd6\xb6\xff<\xa4}\xcb\x99\x9fq\x1dF\xe0\x05Y\xfex\x0f\x17\xf7s\xd51\xdf\xeb\x87tT&|i\xc9\xa8\x95\\\xf2\xb5\ay\xc8\xc8R\x92\xf1#\x9bsm\xf6F\x83\xd7\x13L\x94\xf8}\xc7m>\xe4]\xde\xfa=d\xc5\xf7\x115\xd7\xf3\xbc\x0f\xe3V\x9d\xf8\x8b|1\r\xd4X\xae\\\xd5\x9a4J\n\xac\xd1\x9f\a\xa0\xf6\xb0v\v\xde\x04\x00\x00\x00\x1f\xe0\f,\x9e\x13\xdf\xf4\xc3)mzB\xe0Y\xc3n|M\xc5\xf7\xd0\x94\xfb\x19\x9b\xefS\xf8zi0\xb5v\xde\xed\xccl\xe9\x0e-\xef\x9dN&%\x80A\xacn\x8c~7\x18\x94\x94\xd9\x8f\xd1\xe13\xd9\xa6\xb3\xa7\xf3\xcf\xb3,\x9b\xd8x\x94\xb7\x8f\xcf?\xda\v\xe7\xd2!\x8c\xa8\xe3F\x81\xee\x1c\x1c\xa7\xbcnU!R\xbc\x9fJ\xc1Z\xeeu\'\x7f\xc1\x1c\xcb\x04\xf34F[\xf7\xc8VK\xad\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe6\xb9\x03v\x8d+\xc7\x90U\xd8\x9aP \x92\xf6/\xe1\xcd\x02 \x0f\xffx5\x92\xb2&\x8e\xf6\xd5\x17\xe4\xf6b\x9aw\xca\xf26\xb0n\xef\xa6\x19\xa7/3s\xf4\xda\xb3\xb5Fl\xdco\xca\x00\x00\x00Mxa\xfcD\xa03\xf7\"?Z\x84\xf9\x9es\x10\xb4\xaa\x10Z\x0f0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:22 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 239.670532][T10222] FAT-fs (loop1): bogus number of reserved sectors [ 239.750233][T10222] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:22 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x0, 0x0, 0x0, 0x0) 13:07:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) close(r1) 13:07:22 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 240.040746][T10246] FAT-fs (loop1): bogus number of reserved sectors 13:07:22 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 240.103123][T10246] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:22 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:22 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$nl_generic(0xa, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(r0, 0x29, 0x6, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) mq_open(0x0, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 13:07:23 executing program 5: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndtimer(&(0x7f00000003c0)='/dev/snd/timer\x00', 0x0, 0x8402) 13:07:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) close(r1) 13:07:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x0, &(0x7f0000000140), 0x0, 0x0) 13:07:23 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) close(r1) 13:07:23 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 240.394783][T10271] FAT-fs (loop1): bogus number of reserved sectors [ 240.423083][T10271] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000000)='./bus\x00', 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x14102e, 0x0) write$FUSE_WRITE(r2, &(0x7f00000002c0)={0x18}, 0x18) 13:07:23 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0xffffff88, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0xffffffffffffffba, 0x0, 0x0, 0xb2) r1 = syz_open_procfs(0x0, &(0x7f0000000600)='net/fib_trie\x00') r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x100000002) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) dup2(r2, r0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = creat(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, 0x0) ioctl$RTC_RD_TIME(r2, 0x80247009, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10000) preadv(r1, &(0x7f00000017c0), 0x199, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 13:07:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x0, &(0x7f0000000140), 0x0, 0x0) 13:07:23 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:23 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) socket(0x2000000011, 0x4000000000080002, 0x0) bind$can_raw(r1, &(0x7f0000000040), 0x10) close(r1) [ 240.761424][T10296] FAT-fs (loop1): bogus number of reserved sectors [ 240.782187][ T26] audit: type=1400 audit(1572095243.580:59): avc: denied { map } for pid=10286 comm="syz-executor.0" path="/dev/ashmem" dev="devtmpfs" ino=18080 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 240.840320][T10296] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:23 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:23 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:23 executing program 5: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) close(r0) 13:07:23 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0xffffffffffffffba, 0x0, 0x0, 0xb2) syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x0) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) dup2(r1, r0) 13:07:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x0, &(0x7f0000000140), 0x0, 0x0) 13:07:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) socket(0x2000000011, 0x4000000000080002, 0x0) bind$can_raw(r1, &(0x7f0000000040), 0x10) close(r1) [ 240.987431][T10311] snd_dummy snd_dummy.0: control 112:0:0:Î:0 is already present 13:07:23 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:23 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 241.117848][T10322] FAT-fs (loop1): bogus number of reserved sectors [ 241.147025][T10322] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) socket(0x2000000011, 0x4000000000080002, 0x0) bind$can_raw(r1, &(0x7f0000000040), 0x10) close(r1) 13:07:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) [ 241.328388][T10338] snd_dummy snd_dummy.0: control 112:0:0:Î:0 is already present 13:07:24 executing program 0: r0 = shmget$private(0x0, 0x600000, 0x0, &(0x7f0000a00000/0x600000)=nil) munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000) r1 = shmat(r0, &(0x7f0000e80000/0x2000)=nil, 0x0) mlock(&(0x7f0000fab000/0x4000)=nil, 0x4000) shmdt(r1) 13:07:24 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r1) 13:07:24 executing program 5: 13:07:24 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 241.531874][T10344] FAT-fs (loop1): bogus number of reserved sectors [ 241.551503][T10344] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:24 executing program 5: 13:07:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r1) [ 241.647116][T10362] snd_dummy snd_dummy.0: control 112:0:0:Î:0 is already present 13:07:24 executing program 0: gettid() accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, [@tunl_policy=[@IFLA_IPTUN_LINK={0x8, 0x2, r2}]]}}}]}, 0x38}}, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) 13:07:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) 13:07:24 executing program 5: getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001280)={0x0, @local, @remote}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004340)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001e80), 0x0, &(0x7f0000001f00)=[@ip_retopts={{0x10}}], 0x10}}, {{&(0x7f0000001f40)={0x2, 0x4e24, @rand_addr=0x4}, 0x10, &(0x7f0000002fc0)}}], 0x3, 0x0) sched_setattr(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x80000) creat(&(0x7f0000000e40)='./file0\x00', 0x80) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x27) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) socket$nl_generic(0x10, 0x3, 0x10) sendto$inet(r0, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x652b, 0xc, 0x0, 0x27) getpid() 13:07:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r1) 13:07:24 executing program 3: bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:24 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:24 executing program 0: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) 13:07:24 executing program 3: bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:24 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 242.028787][T10386] FAT-fs (loop1): bogus number of reserved sectors [ 242.035427][T10386] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:25 executing program 3: bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r2}, 0x10) close(0xffffffffffffffff) 13:07:25 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) 13:07:25 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, [@tunl_policy=[@IFLA_IPTUN_LINK={0x8, 0x2, r2}]]}}}]}, 0x38}}, 0x0) 13:07:25 executing program 0: 13:07:25 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 242.418777][T10410] FAT-fs (loop1): bogus number of reserved sectors [ 242.440747][T10410] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:25 executing program 5: 13:07:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r2}, 0x10) close(0xffffffffffffffff) 13:07:25 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:25 executing program 0: 13:07:25 executing program 5: 13:07:25 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:25 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0) 13:07:25 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r2}, 0x10) close(0xffffffffffffffff) [ 242.840913][T10438] FAT-fs (loop1): bogus number of reserved sectors 13:07:25 executing program 0: 13:07:25 executing program 5: 13:07:25 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 242.949202][T10438] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:25 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) 13:07:25 executing program 5: 13:07:25 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0) 13:07:25 executing program 0: 13:07:26 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:26 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:26 executing program 5: 13:07:26 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) [ 243.368633][T10469] FAT-fs (loop1): bogus number of reserved sectors [ 243.415270][T10469] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:26 executing program 0: 13:07:26 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:26 executing program 5: 13:07:26 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:26 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) 13:07:26 executing program 0: 13:07:26 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{}], 0x0, 0x0) 13:07:26 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:26 executing program 0: 13:07:26 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:26 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) 13:07:26 executing program 5: [ 243.787910][T10499] FAT-fs (loop1): bogus number of reserved sectors [ 243.795147][T10499] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:26 executing program 0: 13:07:26 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e666134", 0xb}], 0x0, 0x0) 13:07:26 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:26 executing program 5: 13:07:26 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) [ 244.083120][T10516] FAT-fs (loop1): bogus number of reserved sectors 13:07:26 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 244.156222][T10516] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:27 executing program 0: 13:07:27 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105517, &(0x7f0000001000)) 13:07:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e666134", 0xb}], 0x0, 0x0) 13:07:27 executing program 5: 13:07:27 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) 13:07:27 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 244.427172][T10536] FAT-fs (loop1): bogus number of reserved sectors [ 244.457384][T10536] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:27 executing program 0: 13:07:27 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105517, &(0x7f0000001000)) 13:07:27 executing program 5: 13:07:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e666134", 0xb}], 0x0, 0x0) 13:07:27 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:27 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) 13:07:27 executing program 0: 13:07:27 executing program 5: 13:07:27 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105517, &(0x7f0000001000)) [ 244.827103][T10561] FAT-fs (loop1): bogus number of reserved sectors 13:07:27 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 244.888545][T10561] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:27 executing program 5: 13:07:27 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) 13:07:27 executing program 0: 13:07:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01", 0x11}], 0x0, 0x0) 13:07:27 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, 0x0) 13:07:28 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:28 executing program 0: 13:07:28 executing program 5: 13:07:28 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r0) 13:07:28 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, 0x0) [ 245.326447][T10589] FAT-fs (loop1): invalid media value (0x00) 13:07:28 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 245.453274][T10589] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:28 executing program 0: 13:07:28 executing program 5: 13:07:28 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, 0x0) 13:07:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01", 0x11}], 0x0, 0x0) 13:07:28 executing program 0: 13:07:28 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:28 executing program 5: 13:07:28 executing program 4: 13:07:28 executing program 0: [ 245.886758][T10622] FAT-fs (loop1): invalid media value (0x00) [ 245.916957][T10622] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01", 0x11}], 0x0, 0x0) 13:07:28 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:28 executing program 4: 13:07:28 executing program 0: 13:07:28 executing program 5: 13:07:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 246.254201][T10647] FAT-fs (loop1): invalid media value (0x00) 13:07:29 executing program 0: 13:07:29 executing program 4: [ 246.303510][T10647] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:29 executing program 5: 13:07:29 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270", 0x14}], 0x0, 0x0) 13:07:29 executing program 0: 13:07:29 executing program 4: 13:07:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 246.574610][T10665] FAT-fs (loop1): invalid media value (0x00) [ 246.609485][T10665] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:29 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:29 executing program 0: 13:07:29 executing program 5: 13:07:29 executing program 4: 13:07:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270", 0x14}], 0x0, 0x0) 13:07:29 executing program 0: 13:07:29 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:29 executing program 4: 13:07:29 executing program 5: [ 247.016894][T10686] FAT-fs (loop1): invalid media value (0x00) 13:07:29 executing program 0: 13:07:29 executing program 5: 13:07:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:30 executing program 4: [ 247.148333][T10686] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:30 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:30 executing program 4: 13:07:30 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270", 0x14}], 0x0, 0x0) 13:07:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:30 executing program 0: 13:07:30 executing program 5: 13:07:30 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:30 executing program 0: [ 247.549546][T10722] FAT-fs (loop1): invalid media value (0x00) 13:07:30 executing program 4: 13:07:30 executing program 5: 13:07:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 247.608882][T10722] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:30 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:30 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270ff", 0x15}], 0x0, 0x0) 13:07:30 executing program 0: 13:07:30 executing program 4: 13:07:30 executing program 5: 13:07:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 247.923376][T10742] FAT-fs (loop1): invalid media value (0x00) 13:07:30 executing program 4: 13:07:30 executing program 0: [ 247.964241][T10742] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:30 executing program 5: 13:07:30 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:30 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270ff", 0x15}], 0x0, 0x0) 13:07:30 executing program 4: 13:07:30 executing program 5: 13:07:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0b") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:31 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:31 executing program 0: 13:07:31 executing program 4: [ 248.382067][T10771] FAT-fs (loop1): invalid media value (0x00) 13:07:31 executing program 5: 13:07:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0b") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 248.455786][T10771] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:31 executing program 0: 13:07:31 executing program 4: 13:07:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270ff", 0x15}], 0x0, 0x0) 13:07:31 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0b") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:31 executing program 5: 13:07:31 executing program 0: 13:07:31 executing program 4: [ 248.784617][T10792] FAT-fs (loop1): invalid media value (0x00) [ 248.847977][T10792] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:31 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0b") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:31 executing program 5: 13:07:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:31 executing program 0: openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0xbcd8781b067b5e83) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) close(r1) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000780)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8943, &(0x7f0000000680)='nr0\x01\x00\x00\xc3\x00') 13:07:31 executing program 4: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0xffffffffffffffba, 0x0, 0x0, 0xb2) syz_open_procfs(0x0, &(0x7f0000000600)='net/fib_trie\x00') r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) dup2(r1, r0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 13:07:31 executing program 1: open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) rmdir(&(0x7f0000000080)='./file0\x00') 13:07:32 executing program 5: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, 0x0) socket$packet(0x11, 0x1, 0x300) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'\xdf\xfc\xff'}, &(0x7f0000000080), 0x0) add_key$keyring(&(0x7f0000000200)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') request_key(&(0x7f0000000000)='user\x00', 0x0, 0x0, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)) fcntl$setpipe(r1, 0x407, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) openat$zero(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/zero\x00', 0x1, 0x0) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) splice(r0, 0x0, r2, 0x0, 0x30005, 0x0) 13:07:32 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:32 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40086602, 0x400007) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0xff4a) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x20032600) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) socket$inet6_tcp(0xa, 0x1, 0x0) set_thread_area(0x0) 13:07:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) close(r1) [ 249.425667][T10825] device nr0 entered promiscuous mode 13:07:32 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:33 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:33 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x18450, 0xfffffffffffffffd}, 0x0, 0x4, 0xffffffffffffffff, 0x0) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000001fc8)={0x0, 0xfffffffffffffef1, &(0x7f0000000140)={&(0x7f000000a000)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "0327e1b22b5fcef700580f02000000003f420f000000000000580f0200000000ee420f0000000000856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0x2000a048}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r1) fstat(r1, &(0x7f0000000000)) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 13:07:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) close(r1) 13:07:33 executing program 1 (fault-call:0 fault-nth:0): syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:33 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b00") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:33 executing program 5 (fault-call:3 fault-nth:0): r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b00") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 250.562536][T10888] FAULT_INJECTION: forcing a failure. [ 250.562536][T10888] name failslab, interval 1, probability 0, space 0, times 1 [ 250.584406][T10890] FAULT_INJECTION: forcing a failure. [ 250.584406][T10890] name failslab, interval 1, probability 0, space 0, times 1 13:07:33 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b00") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 250.626332][T10888] CPU: 0 PID: 10888 Comm: syz-executor.1 Not tainted 5.4.0-rc4+ #0 [ 250.634275][T10888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 250.644341][T10888] Call Trace: [ 250.647744][T10888] dump_stack+0x172/0x1f0 [ 250.652117][T10888] should_fail.cold+0xa/0x15 [ 250.656729][T10888] ? fault_create_debugfs_attr+0x180/0x180 [ 250.662579][T10888] ? ___might_sleep+0x163/0x2c0 [ 250.667446][T10888] __should_failslab+0x121/0x190 [ 250.672382][T10888] should_failslab+0x9/0x14 [ 250.676894][T10888] __kmalloc+0x2e0/0x770 [ 250.682121][T10888] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 250.688552][T10888] ? fput_many+0x12c/0x1a0 [ 250.694037][T10888] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 250.700294][T10888] ? strnlen_user+0x1ed/0x2e0 [ 250.705077][T10888] ? __x64_sys_memfd_create+0x13c/0x470 [ 250.710641][T10888] __x64_sys_memfd_create+0x13c/0x470 [ 250.716101][T10888] ? memfd_fcntl+0x18c0/0x18c0 [ 250.720879][T10888] ? do_syscall_64+0x26/0x760 13:07:33 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b00") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 250.725602][T10888] ? lockdep_hardirqs_on+0x421/0x5e0 [ 250.730907][T10888] ? trace_hardirqs_on+0x67/0x240 [ 250.735963][T10888] do_syscall_64+0xfa/0x760 [ 250.740566][T10888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 250.746487][T10888] RIP: 0033:0x459f39 [ 250.750381][T10888] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 250.770186][T10888] RSP: 002b:00007f7f16b9aa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 250.778612][T10888] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000459f39 [ 250.786693][T10888] RDX: 0000000020000168 RSI: 0000000000000000 RDI: 00000000004befd7 [ 250.794773][T10888] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 250.794789][T10888] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f16b9b6d4 [ 250.794796][T10888] R13: 00000000004c968b R14: 00000000004e0e98 R15: 0000000000000003 [ 250.842908][T10890] CPU: 1 PID: 10890 Comm: syz-executor.5 Not tainted 5.4.0-rc4+ #0 [ 250.850843][T10890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 250.860897][T10890] Call Trace: [ 250.860926][T10890] dump_stack+0x172/0x1f0 [ 250.860948][T10890] should_fail.cold+0xa/0x15 [ 250.860966][T10890] ? fault_create_debugfs_attr+0x180/0x180 [ 250.860987][T10890] ? ___might_sleep+0x163/0x2c0 [ 250.861005][T10890] __should_failslab+0x121/0x190 [ 250.861022][T10890] should_failslab+0x9/0x14 [ 250.861034][T10890] __kmalloc+0x2e0/0x770 [ 250.861046][T10890] ? mark_held_locks+0xf0/0xf0 [ 250.861061][T10890] ? _parse_integer+0x190/0x190 [ 250.861077][T10890] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 250.861094][T10890] tomoyo_realpath_from_path+0xcd/0x7b0 [ 250.861112][T10890] ? tomoyo_path_number_perm+0x193/0x520 [ 250.902559][T10890] tomoyo_path_number_perm+0x1dd/0x520 [ 250.918626][T10890] ? tomoyo_path_number_perm+0x193/0x520 [ 250.935314][T10890] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 250.941226][T10890] ? __f_unlock_pos+0x19/0x20 [ 250.945928][T10890] ? ___might_sleep+0x163/0x2c0 [ 250.950810][T10890] ? selinux_file_mprotect+0x620/0x620 [ 250.956301][T10890] ? __fget+0x384/0x560 [ 250.960567][T10890] ? ksys_dup3+0x3e0/0x3e0 [ 250.965011][T10890] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 250.971279][T10890] ? fput_many+0x12c/0x1a0 [ 250.971303][T10890] tomoyo_file_ioctl+0x23/0x30 [ 250.980486][T10890] security_file_ioctl+0x77/0xc0 [ 250.985468][T10890] ksys_ioctl+0x57/0xd0 13:07:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket(0x1e, 0x2, 0x0) socketpair$unix(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc}, 0xff37) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f00000000c0)={0x0, 0x9}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000140)={r4, 0xc}, &(0x7f0000000180)=0x8) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r6, 0x40505330, &(0x7f00000001c0)={{0x38}, {0x9e, 0x1}, 0xfffffffd, 0xbf610df2783feebc, 0x1f}) r7 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x400, 0x60}, 0xc) r8 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r8, &(0x7f0000000a40), 0x8000000000000b0, 0x101d0) 13:07:33 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000040)=0x36, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) open_by_handle_at(r0, &(0x7f0000000080)={0x9, 0x20000000001, "11"}, 0x0) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x10080, 0x0) connect$vsock_stream(r3, &(0x7f0000000300)={0x28, 0x0, 0xffffffff, @host}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x10, 0x6, &(0x7f00000000c0)=@raw=[@map_val={0x18, 0x7, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x5}, @exit, @generic={0x14, 0xb, 0x7, 0x8000, 0x2}, @alu={0x4, 0x1, 0xd, 0x1, 0xa, 0xfffffffffffffff8, 0xfffffffffffffffc}, @ldst={0x3, 0x1, 0x1, 0x7, 0x4, 0x6244d9ca9eef6821, 0x21c63a8aea458a13}], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x62, &(0x7f0000000140)=""/98, 0x40f00, 0x0, [], 0x0, 0xf, r3, 0x8, &(0x7f0000000200)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0x3, 0x80, 0x3}, 0x10}, 0x70) [ 250.989643][T10890] __x64_sys_ioctl+0x73/0xb0 [ 250.994322][T10890] do_syscall_64+0xfa/0x760 [ 250.994350][T10890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 251.004912][T10890] RIP: 0033:0x459f39 [ 251.008818][T10890] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.028609][T10890] RSP: 002b:00007f56c9739c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:07:33 executing program 1 (fault-call:0 fault-nth:1): syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) [ 251.037029][T10890] RAX: ffffffffffffffda RBX: 00007f56c9739c90 RCX: 0000000000459f39 [ 251.045010][T10890] RDX: 0000000020001000 RSI: 00000000c1105517 RDI: 0000000000000003 [ 251.052994][T10890] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 251.061066][T10890] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56c973a6d4 [ 251.069052][T10890] R13: 00000000004ce638 R14: 00000000004d89d8 R15: 0000000000000004 13:07:33 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b00") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 251.164752][T10912] FAULT_INJECTION: forcing a failure. [ 251.164752][T10912] name failslab, interval 1, probability 0, space 0, times 0 [ 251.212849][T10890] ERROR: Out of memory at tomoyo_realpath_from_path. [ 251.220026][T10912] CPU: 0 PID: 10912 Comm: syz-executor.1 Not tainted 5.4.0-rc4+ #0 [ 251.228127][T10912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.238288][T10912] Call Trace: [ 251.241597][T10912] dump_stack+0x172/0x1f0 [ 251.245958][T10912] should_fail.cold+0xa/0x15 [ 251.250574][T10912] ? fault_create_debugfs_attr+0x180/0x180 [ 251.256509][T10912] ? ___might_sleep+0x163/0x2c0 [ 251.262333][T10912] __should_failslab+0x121/0x190 [ 251.267283][T10912] ? shmem_destroy_inode+0x80/0x80 [ 251.272422][T10912] should_failslab+0x9/0x14 [ 251.277069][T10912] kmem_cache_alloc+0x2aa/0x710 [ 251.284002][T10912] ? __alloc_fd+0x487/0x620 [ 251.288539][T10912] ? shmem_destroy_inode+0x80/0x80 [ 251.293691][T10912] shmem_alloc_inode+0x1c/0x50 [ 251.298586][T10912] alloc_inode+0x68/0x1e0 [ 251.302982][T10912] new_inode_pseudo+0x19/0xf0 [ 251.307771][T10912] new_inode+0x1f/0x40 [ 251.311866][T10912] shmem_get_inode+0x84/0x7e0 [ 251.316563][T10912] __shmem_file_setup.part.0+0x7e/0x2b0 [ 251.322125][T10912] shmem_file_setup+0x66/0x90 [ 251.326824][T10912] __x64_sys_memfd_create+0x2a2/0x470 [ 251.332209][T10912] ? memfd_fcntl+0x18c0/0x18c0 [ 251.336989][T10912] ? do_syscall_64+0x26/0x760 [ 251.341691][T10912] ? lockdep_hardirqs_on+0x421/0x5e0 [ 251.347196][T10912] ? trace_hardirqs_on+0x67/0x240 [ 251.352241][T10912] do_syscall_64+0xfa/0x760 [ 251.356766][T10912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 251.362669][T10912] RIP: 0033:0x459f39 [ 251.366586][T10912] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.386526][T10912] RSP: 002b:00007f7f16b9aa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 251.395085][T10912] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000459f39 [ 251.403184][T10912] RDX: 0000000020000168 RSI: 0000000000000000 RDI: 00000000004befd7 13:07:34 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0800b5055e0bcfe87b0071") r1 = socket$inet(0x10, 0x800, 0x7b) sendmsg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="24000000180007041dfffd946f6105000a00000a1f000007002808000800080004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 251.411165][T10912] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 251.419146][T10912] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f16b9b6d4 [ 251.427127][T10912] R13: 00000000004c968b R14: 00000000004e0e98 R15: 0000000000000003 13:07:34 executing program 0: syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f0000000080)=""/61) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x8000) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000340)={0x1f, {{0xa, 0x4e24, 0x600, @rand_addr="c29ca12079377049fc2c32172be60513", 0x2d9a13b7}}}, 0x88) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) r3 = fcntl$getown(r2, 0x9) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={r3, r1, 0x0, 0x16, &(0x7f0000000300)='lo!bdeveth0^mime_type\x00'}, 0x30) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000200)) r4 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0x0) keyctl$reject(0x13, 0x0, 0x800000000200, 0x5, r4) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {}], {}, [{}, {}, {}, {}, {}]}, 0x5c, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723d2e2f66697c65302c6c6f7765726482723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00d5edbbc07755fc85ba71b95c991ca7ee9ec0a9093643dd19d67ac6a4e2ea499a93a3578bf0957cd9419dd181b1c15fd645"]) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) setresuid(0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x2400, 0x200) setregid(0x0, 0x0) 13:07:34 executing program 5 (fault-call:3 fault-nth:1): r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b00") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:34 executing program 1 (fault-call:0 fault-nth:2): syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:34 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r0, 0x0) r1 = socket(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0xa00000000000000, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x990, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000e00], 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000766c616e300000000000000000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000000000b8080000b808000030090000616d6f6e670000000000000000000000000000000000000000000000000000002008000000000000140400000c000000000000000aaaaaa9000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c7f8f1b44f0000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009abde2255a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000d00000000000000000000000000000000000000000000000000fffffff90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f2573bd04a33729f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000003f7f1c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d3d2e85100000000000000000000000000000000000000000000000000000000006e666c6f670000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000a600a9e85725d89818472e65aba21d9bbc1b20e8331c6fd24a5aceaeefe102e42a013ac2c00eeb782c34eab997013e0506220c21a44cc58ff5bc83d5e4066c770000000000000000000000003e1d6ee45a8c660a09beae6fa78b48a10504ab6434981a3810fc6a8e5cb7fe38f5b379e6c75525c253f79d028b1da43b78652800d65bd2d687570faca43278fbc1a9336554d538a006e3a6a85441e28f"]}, 0xa58) r2 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/context\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000000, 0x10010, r2, 0xc0a2000) [ 251.706096][T10933] FAULT_INJECTION: forcing a failure. [ 251.706096][T10933] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 251.719521][T10933] CPU: 1 PID: 10933 Comm: syz-executor.5 Not tainted 5.4.0-rc4+ #0 [ 251.727416][T10933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.737567][T10933] Call Trace: [ 251.740880][T10933] dump_stack+0x172/0x1f0 [ 251.745330][T10933] should_fail.cold+0xa/0x15 [ 251.749940][T10933] ? fault_create_debugfs_attr+0x180/0x180 [ 251.755935][T10933] ? __kasan_check_read+0x11/0x20 [ 251.761002][T10933] should_fail_alloc_page+0x50/0x60 [ 251.766205][T10933] __alloc_pages_nodemask+0x1a1/0x900 [ 251.771592][T10933] ? avc_has_extended_perms+0x8e4/0x1100 [ 251.777250][T10933] ? __alloc_pages_slowpath+0x2920/0x2920 [ 251.783599][T10933] ? __kasan_check_read+0x11/0x20 [ 251.788655][T10933] ? fault_create_debugfs_attr+0x180/0x180 [ 251.794598][T10933] cache_grow_begin+0x90/0xd20 [ 251.799387][T10933] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 251.805482][T10933] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 251.811764][T10933] __kmalloc+0x6b2/0x770 [ 251.816019][T10933] ? mark_held_locks+0xf0/0xf0 [ 251.820823][T10933] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 251.826577][T10933] tomoyo_realpath_from_path+0xcd/0x7b0 [ 251.832256][T10933] ? tomoyo_path_number_perm+0x193/0x520 [ 251.837914][T10933] tomoyo_path_number_perm+0x1dd/0x520 [ 251.843451][T10928] overlayfs: unrecognized mount option "lowerd‚r=./file0" or missing value [ 251.852043][T10933] ? tomoyo_path_number_perm+0x193/0x520 [ 251.852061][T10933] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 251.852075][T10933] ? __f_unlock_pos+0x19/0x20 [ 251.852100][T10933] ? ___might_sleep+0x163/0x2c0 [ 251.852132][T10933] ? selinux_file_mprotect+0x620/0x620 [ 251.852143][T10933] ? __fget+0x384/0x560 [ 251.852164][T10933] ? ksys_dup3+0x3e0/0x3e0 [ 251.852181][T10933] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 251.852194][T10933] ? fput_many+0x12c/0x1a0 [ 251.852212][T10933] tomoyo_file_ioctl+0x23/0x30 [ 251.852235][T10933] security_file_ioctl+0x77/0xc0 [ 251.907682][T10933] ksys_ioctl+0x57/0xd0 [ 251.911861][T10933] __x64_sys_ioctl+0x73/0xb0 [ 251.916471][T10933] do_syscall_64+0xfa/0x760 [ 251.921002][T10933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 251.926905][T10933] RIP: 0033:0x459f39 [ 251.930813][T10933] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 13:07:34 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, 0x0, 0x0, 0x0) 13:07:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r0, 0x0) r1 = socket(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0xa00000000000000, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x990, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000e00], 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000766c616e300000000000000000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000000000b8080000b808000030090000616d6f6e670000000000000000000000000000000000000000000000000000002008000000000000140400000c000000000000000aaaaaa9000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c7f8f1b44f0000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009abde2255a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000d00000000000000000000000000000000000000000000000000fffffff90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f2573bd04a33729f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000003f7f1c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d3d2e85100000000000000000000000000000000000000000000000000000000006e666c6f670000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000a600a9e85725d89818472e65aba21d9bbc1b20e8331c6fd24a5aceaeefe102e42a013ac2c00eeb782c34eab997013e0506220c21a44cc58ff5bc83d5e4066c770000000000000000000000003e1d6ee45a8c660a09beae6fa78b48a10504ab6434981a3810fc6a8e5cb7fe38f5b379e6c75525c253f79d028b1da43b78652800d65bd2d687570faca43278fbc1a9336554d538a006e3a6a85441e28f"]}, 0xa58) r2 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/context\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000000, 0x10010, r2, 0xc0a2000) [ 251.950512][T10933] RSP: 002b:00007f56c9739c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.959153][T10933] RAX: ffffffffffffffda RBX: 00007f56c9739c90 RCX: 0000000000459f39 [ 251.967416][T10933] RDX: 0000000020001000 RSI: 00000000c1105517 RDI: 0000000000000003 [ 251.975399][T10933] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 251.983385][T10933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56c973a6d4 [ 251.991457][T10933] R13: 00000000004ce638 R14: 00000000004d89d8 R15: 0000000000000004 [ 252.009410][T10946] FAULT_INJECTION: forcing a failure. [ 252.009410][T10946] name failslab, interval 1, probability 0, space 0, times 0 [ 252.035510][T10946] CPU: 1 PID: 10946 Comm: syz-executor.1 Not tainted 5.4.0-rc4+ #0 [ 252.043450][T10946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.053605][T10946] Call Trace: [ 252.053636][T10946] dump_stack+0x172/0x1f0 [ 252.053659][T10946] should_fail.cold+0xa/0x15 [ 252.053681][T10946] ? fault_create_debugfs_attr+0x180/0x180 [ 252.053700][T10946] ? ___might_sleep+0x163/0x2c0 [ 252.053718][T10946] __should_failslab+0x121/0x190 [ 252.053736][T10946] should_failslab+0x9/0x14 [ 252.053750][T10946] kmem_cache_alloc+0x2aa/0x710 [ 252.053771][T10946] ? __put_user_ns+0x70/0x70 [ 252.076589][T10946] ? percpu_ref_put_many+0xb6/0x190 [ 252.076614][T10946] security_inode_alloc+0x39/0x160 [ 252.076635][T10946] inode_init_always+0x56e/0xba0 [ 252.076653][T10946] alloc_inode+0x89/0x1e0 [ 252.076667][T10946] new_inode_pseudo+0x19/0xf0 [ 252.076683][T10946] new_inode+0x1f/0x40 [ 252.076699][T10946] shmem_get_inode+0x84/0x7e0 [ 252.076721][T10946] __shmem_file_setup.part.0+0x7e/0x2b0 [ 252.076745][T10946] shmem_file_setup+0x66/0x90 [ 252.091124][T10946] __x64_sys_memfd_create+0x2a2/0x470 [ 252.091143][T10946] ? memfd_fcntl+0x18c0/0x18c0 [ 252.091156][T10946] ? do_syscall_64+0x26/0x760 [ 252.091176][T10946] ? lockdep_hardirqs_on+0x421/0x5e0 13:07:35 executing program 5 (fault-call:3 fault-nth:2): r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 252.159851][T10946] ? trace_hardirqs_on+0x67/0x240 [ 252.164896][T10946] do_syscall_64+0xfa/0x760 [ 252.169419][T10946] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.175331][T10946] RIP: 0033:0x459f39 [ 252.179320][T10946] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.199131][T10946] RSP: 002b:00007f7f16b9aa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 13:07:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x0, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 252.207560][T10946] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000459f39 [ 252.215541][T10946] RDX: 0000000020000168 RSI: 0000000000000000 RDI: 00000000004befd7 [ 252.223526][T10946] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 252.231495][T10946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f16b9b6d4 [ 252.231504][T10946] R13: 00000000004c968b R14: 00000000004e0e98 R15: 0000000000000003 13:07:35 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, 0x0, 0x0, 0x0) [ 252.329204][T10954] FAULT_INJECTION: forcing a failure. [ 252.329204][T10954] name failslab, interval 1, probability 0, space 0, times 0 [ 252.367394][T10954] CPU: 1 PID: 10954 Comm: syz-executor.5 Not tainted 5.4.0-rc4+ #0 [ 252.377856][T10954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.389485][T10954] Call Trace: [ 252.392798][T10954] dump_stack+0x172/0x1f0 [ 252.397149][T10954] should_fail.cold+0xa/0x15 [ 252.401762][T10954] ? fault_create_debugfs_attr+0x180/0x180 [ 252.407599][T10954] ? ___might_sleep+0x163/0x2c0 [ 252.412848][T10954] __should_failslab+0x121/0x190 [ 252.417846][T10954] should_failslab+0x9/0x14 [ 252.422413][T10954] __kmalloc+0x2e0/0x770 [ 252.426653][T10954] ? __might_fault+0x12b/0x1e0 [ 252.426670][T10954] ? find_held_lock+0x35/0x130 [ 252.426766][T10954] ? snd_ctl_new+0x5c/0x1b0 [ 252.426782][T10954] snd_ctl_new+0x5c/0x1b0 [ 252.426802][T10954] snd_ctl_elem_add+0x544/0x13e0 [ 252.450070][T10954] ? snd_ctl_new1+0x6a0/0x6a0 [ 252.454777][T10954] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 252.461244][T10954] ? _copy_from_user+0x12c/0x1a0 [ 252.466200][T10954] snd_ctl_elem_add_user+0xc6/0x180 [ 252.471423][T10954] ? snd_ctl_elem_add_compat+0x3f0/0x3f0 [ 252.477071][T10954] ? tomoyo_path_number_perm+0x214/0x520 [ 252.482760][T10954] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 252.489299][T10954] ? tomoyo_path_number_perm+0x263/0x520 [ 252.494988][T10954] snd_ctl_ioctl+0x937/0xf50 [ 252.499773][T10954] ? snd_ctl_elem_add_user+0x180/0x180 [ 252.505253][T10954] ? ___might_sleep+0x163/0x2c0 [ 252.510147][T10954] ? snd_ctl_elem_add_user+0x180/0x180 [ 252.515718][T10954] do_vfs_ioctl+0xdb6/0x13e0 [ 252.520326][T10954] ? ioctl_preallocate+0x210/0x210 13:07:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x0, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 252.525538][T10954] ? selinux_file_mprotect+0x620/0x620 [ 252.531009][T10954] ? __fget+0x384/0x560 [ 252.535620][T10954] ? ksys_dup3+0x3e0/0x3e0 [ 252.540087][T10954] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 252.546342][T10954] ? fput_many+0x12c/0x1a0 [ 252.550803][T10954] ? tomoyo_file_ioctl+0x23/0x30 [ 252.555769][T10954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 252.562224][T10954] ? security_file_ioctl+0x8d/0xc0 [ 252.567351][T10954] ksys_ioctl+0xab/0xd0 [ 252.571624][T10954] __x64_sys_ioctl+0x73/0xb0 [ 252.576226][T10954] do_syscall_64+0xfa/0x760 [ 252.581265][T10954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.587164][T10954] RIP: 0033:0x459f39 [ 252.591071][T10954] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.610948][T10954] RSP: 002b:00007f56c9739c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 252.619488][T10954] RAX: ffffffffffffffda RBX: 00007f56c9739c90 RCX: 0000000000459f39 13:07:35 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, 0x0, 0x0, 0x0) 13:07:35 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$usbmon(0x0, 0x0, 0x0) recvfrom$inet(r2, 0x0, 0xfffffffffffffed0, 0x10000000, 0x0, 0xc0) r3 = perf_event_open(&(0x7f0000000bc0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000480)='./file1\x00') stat(0x0, 0x0) shmget$private(0x0, 0x3000, 0x4, &(0x7f0000ffb000/0x3000)=nil) shmctl$SHM_STAT(0x0, 0xd, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x24, &(0x7f0000000240), &(0x7f0000000000)=0xc) accept(r0, &(0x7f00000003c0)=@x25, &(0x7f0000000540)=0x80) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") getsockopt$sock_cred(r5, 0x1, 0x24, &(0x7f0000caaffb)={0x0}, &(0x7f0000000000)=0xc) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000d40)={{{@in6=@remote, @in=@remote}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f00000004c0)=0x101b9) lstat(&(0x7f0000000180)='./file1\x00', &(0x7f0000000700)) ioctl$sock_SIOCGPGRP(r2, 0x8904, 0x0) gettid() ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, 0x0) r7 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x80200) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000080)={[], 0x8000, 0x400, 0x7d, 0xfffe, 0x100000005}) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x0, 0x0, 0x40, 0x0, 0x8, 0x400, 0xe, 0xd00, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0xffffffffffffffff, 0x8001, 0x1, 0x9e6f, 0x73d9, 0x6, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x5, 0x3, 0x0, 0x3, 0x1, 0x6, 0x401, 0x1, 0x0, 0x200, 0x0, 0x80000002, 0x6, @perf_config_ext={0x100000001}, 0x500, 0x2, 0x5, 0x0, 0x0, 0x8a80, 0xc1f}, r6, 0xffffffffffffffff, r3, 0x0) r8 = request_key(&(0x7f00000005c0)='cifs.idmap\x00', &(0x7f0000000600)={'syz', 0x0}, &(0x7f0000000980)='kfX\xb4\x8f\xbb\x96\xd9W\x16\xfc\xc2dlyring&-\x00\x83\xf2X\xcd\x82\x88\xe3\xda\xe0<\xe7:\x1e_\xb8\xc7x\xbfK:\x91!\xe7\x1b#\xe0\xcc8\x1a\x86?\xa6\x1c\xda\xf0\xaa\x83\x9c\xdeA#\xd2\xaeV\x04\x8b\'\xe9\b\xd1fq\x85\\\xf9=\xe9\xbaQ\x9d\v\xd0\b\xd0wz\n\x15y\xf6\xc2\x9ee>\xc1\xed\xd2@\xd5D\xf17)3\f}R\"\xaeQw\x12\xbc\xb6\xc4\x9d5mr\x84E\x1b\xf4\xe9\x7fR\x83\x82\xcb\\\x95\x05\xd5\xc2y4h\xc3\xd8o[\xc6[\x80Y\xb0\xb0q.X\xa43\xd4\x84K\xf6\xbcsR\\\xa4\xfb\xfcX\x04\x00\xb2\xb4\x9e;*\xab\xf2', 0x0) add_key$keyring(&(0x7f0000000340)='keyring\x00', &(0x7f0000000000)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$instantiate_iov(0x14, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000ac0)="31dd4716685defc91faf1b23c88eda517a62f85a360a5d947e75bb898f3e44e1c6fdd147162406b0cf9cfce97e6d223d52b02bc57ef9ce3a68cb44d820614f5434374e722a8244916e6d2a8a7c568d3e101d6da45a23b07f4036cccc437625f7d6396d8c1208aa01cdbfd75389c41f014df1bb910a6581e2406ed1e0733d5c411972231947f0885ede1093b24e760e782d0b96a36a106dc17fb58c39fe4e691cccf756316e58ac379f8a394953412716246c5c7a00cd8323cf42a5e5be20d2b0ebdaa554baa2c6d189a7ac03e9d80c6d6fc7cbdee992e85880abb0a5a522d3ff341c60e1861fb4", 0xe7}], 0x1, r8) setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f0000000280)=0x2, 0x4) lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000640)) sendto$inet(0xffffffffffffffff, 0x0, 0x3aa, 0x4000000, 0x0, 0xfea3) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000100)="f500", 0x10) [ 252.627584][T10954] RDX: 0000000020001000 RSI: 00000000c1105517 RDI: 0000000000000003 [ 252.635654][T10954] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 252.643895][T10954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56c973a6d4 [ 252.652161][T10954] R13: 00000000004ce638 R14: 00000000004d89d8 R15: 0000000000000004 13:07:35 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fdatasync(r1) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x3b7, &(0x7f0000000040)={&(0x7f00000000c0)={0x24, 0x33, 0x119, 0x0, 0x0, {0x4}, [@generic="ffd38d9b", @nested={0xc, 0x1, [@typed={0x6, 0x6, @u32}]}]}, 0x24}, 0x1, 0xf0ffff}, 0x0) fcntl$getownex(r3, 0x10, &(0x7f00000001c0)={0x0, 0x0}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000200)=0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x3b7, &(0x7f0000000040)={&(0x7f00000000c0)={0x24, 0x33, 0x119, 0x0, 0x0, {0x4}, [@generic="ffd38d9b", @nested={0xc, 0x1, [@typed={0x6, 0x6, @u32}]}]}, 0x24}, 0x1, 0xf0ffff}, 0x0) kcmp(r4, r5, 0x2, r7, r8) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000180)=0x3) shmget(0x1, 0x2000, 0x1000, &(0x7f0000ffb000/0x2000)=nil) shmctl$IPC_RMID(0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x8, 0x20001) r9 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r9, 0x84, 0x7, &(0x7f00000000c0)={0xff}, 0x4) socket$netlink(0x10, 0x3, 0x6) socket$inet6_tcp(0xa, 0x1, 0x0) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r10) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) 13:07:35 executing program 1 (fault-call:0 fault-nth:3): syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x0, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:35 executing program 5 (fault-call:3 fault-nth:3): r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:35 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740), 0x0, 0x0) [ 252.975121][T10978] openvswitch: netlink: EtherType 0 is less than min 600 13:07:35 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$usbmon(0x0, 0x0, 0x0) recvfrom$inet(r2, 0x0, 0xfffffffffffffed0, 0x10000000, 0x0, 0xc0) r3 = perf_event_open(&(0x7f0000000bc0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000480)='./file1\x00') stat(0x0, 0x0) shmget$private(0x0, 0x3000, 0x4, &(0x7f0000ffb000/0x3000)=nil) shmctl$SHM_STAT(0x0, 0xd, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x24, &(0x7f0000000240), &(0x7f0000000000)=0xc) accept(r0, &(0x7f00000003c0)=@x25, &(0x7f0000000540)=0x80) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") getsockopt$sock_cred(r5, 0x1, 0x24, &(0x7f0000caaffb)={0x0}, &(0x7f0000000000)=0xc) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000d40)={{{@in6=@remote, @in=@remote}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f00000004c0)=0x101b9) lstat(&(0x7f0000000180)='./file1\x00', &(0x7f0000000700)) ioctl$sock_SIOCGPGRP(r2, 0x8904, 0x0) gettid() ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, 0x0) r7 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x80200) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000080)={[], 0x8000, 0x400, 0x7d, 0xfffe, 0x100000005}) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x0, 0x0, 0x0, 0x40, 0x0, 0x8, 0x400, 0xe, 0xd00, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0xffffffffffffffff, 0x8001, 0x1, 0x9e6f, 0x73d9, 0x6, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x5, 0x3, 0x0, 0x3, 0x1, 0x6, 0x401, 0x1, 0x0, 0x200, 0x0, 0x80000002, 0x6, @perf_config_ext={0x100000001}, 0x500, 0x2, 0x5, 0x0, 0x0, 0x8a80, 0xc1f}, r6, 0xffffffffffffffff, r3, 0x0) r8 = request_key(&(0x7f00000005c0)='cifs.idmap\x00', &(0x7f0000000600)={'syz', 0x0}, &(0x7f0000000980)='kfX\xb4\x8f\xbb\x96\xd9W\x16\xfc\xc2dlyring&-\x00\x83\xf2X\xcd\x82\x88\xe3\xda\xe0<\xe7:\x1e_\xb8\xc7x\xbfK:\x91!\xe7\x1b#\xe0\xcc8\x1a\x86?\xa6\x1c\xda\xf0\xaa\x83\x9c\xdeA#\xd2\xaeV\x04\x8b\'\xe9\b\xd1fq\x85\\\xf9=\xe9\xbaQ\x9d\v\xd0\b\xd0wz\n\x15y\xf6\xc2\x9ee>\xc1\xed\xd2@\xd5D\xf17)3\f}R\"\xaeQw\x12\xbc\xb6\xc4\x9d5mr\x84E\x1b\xf4\xe9\x7fR\x83\x82\xcb\\\x95\x05\xd5\xc2y4h\xc3\xd8o[\xc6[\x80Y\xb0\xb0q.X\xa43\xd4\x84K\xf6\xbcsR\\\xa4\xfb\xfcX\x04\x00\xb2\xb4\x9e;*\xab\xf2', 0x0) add_key$keyring(&(0x7f0000000340)='keyring\x00', &(0x7f0000000000)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$instantiate_iov(0x14, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000ac0)="31dd4716685defc91faf1b23c88eda517a62f85a360a5d947e75bb898f3e44e1c6fdd147162406b0cf9cfce97e6d223d52b02bc57ef9ce3a68cb44d820614f5434374e722a8244916e6d2a8a7c568d3e101d6da45a23b07f4036cccc437625f7d6396d8c1208aa01cdbfd75389c41f014df1bb910a6581e2406ed1e0733d5c411972231947f0885ede1093b24e760e782d0b96a36a106dc17fb58c39fe4e691cccf756316e58ac379f8a394953412716246c5c7a00cd8323cf42a5e5be20d2b0ebdaa554baa2c6d189a7ac03e9d80c6d6fc7cbdee992e85880abb0a5a522d3ff341c60e1861fb4", 0xe7}], 0x1, r8) setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f0000000280)=0x2, 0x4) lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000640)) sendto$inet(0xffffffffffffffff, 0x0, 0x3aa, 0x4000000, 0x0, 0xfea3) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000100)="f500", 0x10) 13:07:35 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740), 0x0, 0x0) [ 253.124432][T10991] FAULT_INJECTION: forcing a failure. [ 253.124432][T10991] name failslab, interval 1, probability 0, space 0, times 0 [ 253.165107][T10978] openvswitch: netlink: EtherType 0 is less than min 600 [ 253.207369][T10991] CPU: 1 PID: 10991 Comm: syz-executor.1 Not tainted 5.4.0-rc4+ #0 [ 253.215395][T10991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.225549][T10991] Call Trace: [ 253.228852][T10991] dump_stack+0x172/0x1f0 [ 253.233209][T10991] should_fail.cold+0xa/0x15 [ 253.237841][T10991] ? fault_create_debugfs_attr+0x180/0x180 [ 253.243661][T10991] ? ___might_sleep+0x163/0x2c0 [ 253.248526][T10991] __should_failslab+0x121/0x190 [ 253.253483][T10991] should_failslab+0x9/0x14 [ 253.257994][T10991] kmem_cache_alloc+0x2aa/0x710 [ 253.262848][T10991] ? current_time+0x6b/0x110 [ 253.267560][T10991] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 253.273367][T10991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 253.279617][T10991] ? timestamp_truncate+0x20f/0x2f0 [ 253.284820][T10991] __d_alloc+0x2e/0x8c0 [ 253.288984][T10991] d_alloc_pseudo+0x1e/0x70 [ 253.293579][T10991] alloc_file_pseudo+0xe2/0x280 [ 253.298437][T10991] ? alloc_file+0x4d0/0x4d0 [ 253.303022][T10991] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 253.309386][T10991] __shmem_file_setup.part.0+0x108/0x2b0 [ 253.315067][T10991] shmem_file_setup+0x66/0x90 [ 253.319761][T10991] __x64_sys_memfd_create+0x2a2/0x470 [ 253.325169][T10991] ? memfd_fcntl+0x18c0/0x18c0 [ 253.330119][T10991] ? do_syscall_64+0x26/0x760 [ 253.334854][T10991] ? lockdep_hardirqs_on+0x421/0x5e0 [ 253.340244][T10991] ? trace_hardirqs_on+0x67/0x240 [ 253.345280][T10991] do_syscall_64+0xfa/0x760 [ 253.349821][T10991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 253.352378][T10999] FAULT_INJECTION: forcing a failure. [ 253.352378][T10999] name failslab, interval 1, probability 0, space 0, times 0 [ 253.355748][T10991] RIP: 0033:0x459f39 [ 253.355764][T10991] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 253.355772][T10991] RSP: 002b:00007f7f16b9aa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 13:07:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) 13:07:36 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740), 0x0, 0x0) 13:07:36 executing program 4: r0 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x80000000, 0x0, 0x2}, 0x1c) r1 = socket(0x1e, 0x805, 0x0) r2 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x81000000}, 0x1c) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0x1c) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") sendmsg(r0, &(0x7f0000000140)={&(0x7f00004f5000)=@generic={0x10000000001e, "0200000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="94c4f149022a0000091000010600000047c87e5fd62785532a37f4a3e6d85aa9d82010c5e88fed7d820000000800000000008d8468bfe4efcba67f88ba37fe83d2f1d32123049c3099cdd33ee5135bab831e2dee7992f5b829aceec227de48889e2f4609b2ad1cf8affdb0073c448dfcf9124ab4619c31c1ee8742b7d28402980598930960b2c15738c21cda76ab19ba417086d05c39d9607e2f7df5350e16", @ANYRES32=0x0, @ANYBLOB="67fe77af00000000240012000c00010069703667726500001400020008000e0002000000080004000700000034001900140005008e6c793985539a18e92083fdf1c71d5a140004005ddcb9337ee911b300fb6f7178266b4c080006001f0000000c00020034710d84f6f90000080023000100008008000a00", @ANYRES32=r6], 0x94}}, 0x0) [ 253.355786][T10991] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000459f39 [ 253.355794][T10991] RDX: 0000000020000168 RSI: 0000000000000000 RDI: 00000000004befd7 [ 253.355802][T10991] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 253.355809][T10991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f16b9b6d4 [ 253.355823][T10991] R13: 00000000004c968b R14: 00000000004e0e98 R15: 0000000000000003 13:07:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 253.475289][T10995] debugfs: File 'dropped' in directory 'loop0' already present! [ 253.496607][T10995] debugfs: File 'msg' in directory 'loop0' already present! [ 253.514054][T10995] debugfs: File 'trace0' in directory 'loop0' already present! [ 253.527007][T10999] CPU: 1 PID: 10999 Comm: syz-executor.5 Not tainted 5.4.0-rc4+ #0 [ 253.535055][T11006] selinux_nlmsg_perm: 20 callbacks suppressed [ 253.535071][T11006] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10754 sclass=netlink_route_socket pig=11006 comm=syz-executor.4 [ 253.535476][T10999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.564793][T10999] Call Trace: [ 253.568101][T10999] dump_stack+0x172/0x1f0 [ 253.572452][T10999] should_fail.cold+0xa/0x15 [ 253.577063][T10999] ? fault_create_debugfs_attr+0x180/0x180 [ 253.582883][T10999] ? ___might_sleep+0x163/0x2c0 [ 253.587968][T10999] __should_failslab+0x121/0x190 [ 253.593018][T10999] should_failslab+0x9/0x14 [ 253.593031][T10999] __kmalloc+0x2e0/0x770 [ 253.593048][T10999] ? __might_fault+0x12b/0x1e0 [ 253.593071][T10999] ? find_held_lock+0x35/0x130 [ 253.593085][T10999] ? snd_ctl_new+0x5c/0x1b0 [ 253.593107][T10999] snd_ctl_new+0x5c/0x1b0 [ 253.620169][T10999] snd_ctl_elem_add+0x544/0x13e0 [ 253.625134][T10999] ? snd_ctl_new1+0x6a0/0x6a0 [ 253.629835][T10999] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 253.636079][T10999] ? _copy_from_user+0x12c/0x1a0 [ 253.641133][T10999] snd_ctl_elem_add_user+0xc6/0x180 [ 253.646425][T10999] ? snd_ctl_elem_add_compat+0x3f0/0x3f0 [ 253.646444][T10999] ? tomoyo_path_number_perm+0x214/0x520 [ 253.646488][T10999] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 253.646499][T10999] ? tomoyo_path_number_perm+0x263/0x520 [ 253.646518][T10999] snd_ctl_ioctl+0x937/0xf50 [ 253.646533][T10999] ? snd_ctl_elem_add_user+0x180/0x180 [ 253.646551][T10999] ? ___might_sleep+0x163/0x2c0 [ 253.646571][T10999] ? snd_ctl_elem_add_user+0x180/0x180 [ 253.646586][T10999] do_vfs_ioctl+0xdb6/0x13e0 [ 253.646601][T10999] ? ioctl_preallocate+0x210/0x210 [ 253.646613][T10999] ? selinux_file_mprotect+0x620/0x620 [ 253.646623][T10999] ? __fget+0x384/0x560 [ 253.646641][T10999] ? ksys_dup3+0x3e0/0x3e0 [ 253.646656][T10999] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 253.646670][T10999] ? fput_many+0x12c/0x1a0 [ 253.646689][T10999] ? tomoyo_file_ioctl+0x23/0x30 [ 253.669785][T10999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 253.669804][T10999] ? security_file_ioctl+0x8d/0xc0 [ 253.669822][T10999] ksys_ioctl+0xab/0xd0 [ 253.669839][T10999] __x64_sys_ioctl+0x73/0xb0 [ 253.669858][T10999] do_syscall_64+0xfa/0x760 [ 253.669876][T10999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 253.669888][T10999] RIP: 0033:0x459f39 [ 253.669902][T10999] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 253.669910][T10999] RSP: 002b:00007f56c9739c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 253.669923][T10999] RAX: ffffffffffffffda RBX: 00007f56c9739c90 RCX: 0000000000459f39 [ 253.669932][T10999] RDX: 0000000020001000 RSI: 00000000c1105517 RDI: 0000000000000003 [ 253.669941][T10999] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 253.669948][T10999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56c973a6d4 13:07:36 executing program 1 (fault-call:0 fault-nth:4): syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:36 executing program 0: openat$vsock(0xffffffffffffff9c, 0x0, 0x400400, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2c0, 0x100}, 0x2a901}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = dup(r0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000240)=0x0) getpgrp(r2) r3 = getpgid(r2) syz_open_procfs(r3, &(0x7f0000000500)='projid_map\x00') r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f0000000480), 0x100000000000014a, 0xf0ffff) ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f0000000040)=0x8) r5 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r6) fsetxattr$security_capability(r5, &(0x7f0000000040)='security.capability\x00', &(0x7f0000000300)=@v3={0x3000000, [], r6}, 0x15, 0x1) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, &(0x7f0000000280)=""/90, &(0x7f0000000080)=""/40, &(0x7f0000000140)=""/14, 0x10000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='mem\x00\x00\x00\x00\x00\x00\a\x13ga\x1e\xd9\x11\xf4\xa5ZP\v\xe9`\x12Q+xMt\xf9i\xbdp\x9f?\x8e\vo\xbb+r\xdc\xdf8\xde\xd4?\x83?\xb2v\xb6\x97\xdd\x94\xfb\xc0Q\xcc\xe3>\x92~\x10r\xd9\xaeD\x00\xec\xccV\xcd_\xa3]Y\x8f+\xc2\x9eM\x0f\aR\xa3\xce\xdbWP/\xac+\xb95\xda*\xd25s \xc6\xdc\x10\xaa\xd9E\xe2cS\xbf\adb\x16\xad\xbd\xee\xff\xfa0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 253.669962][T10999] R13: 00000000004ce638 R14: 00000000004d89d8 R15: 0000000000000004 13:07:36 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{0x0, 0x0, 0x0}], 0x1, 0x0) [ 253.931299][T11022] FAULT_INJECTION: forcing a failure. [ 253.931299][T11022] name failslab, interval 1, probability 0, space 0, times 0 [ 253.961360][T11024] FAULT_INJECTION: forcing a failure. [ 253.961360][T11024] name failslab, interval 1, probability 0, space 0, times 0 [ 254.012679][T11024] CPU: 1 PID: 11024 Comm: syz-executor.5 Not tainted 5.4.0-rc4+ #0 [ 254.020790][T11024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.030860][T11024] Call Trace: [ 254.034169][T11024] dump_stack+0x172/0x1f0 [ 254.038526][T11024] should_fail.cold+0xa/0x15 [ 254.043231][T11024] ? fault_create_debugfs_attr+0x180/0x180 [ 254.049083][T11024] ? ___might_sleep+0x163/0x2c0 [ 254.053969][T11024] __should_failslab+0x121/0x190 [ 254.058904][T11024] should_failslab+0x9/0x14 [ 254.063409][T11024] __kmalloc+0x2e0/0x770 [ 254.067697][T11024] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 254.073520][T11024] ? snd_ctl_new+0x152/0x1b0 [ 254.078197][T11024] ? snd_ctl_elem_add+0x58f/0x13e0 [ 254.083309][T11024] snd_ctl_elem_add+0x58f/0x13e0 [ 254.088377][T11024] ? snd_ctl_new1+0x6a0/0x6a0 [ 254.093237][T11024] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 254.100688][T11024] ? _copy_from_user+0x12c/0x1a0 [ 254.105628][T11024] snd_ctl_elem_add_user+0xc6/0x180 [ 254.110912][T11024] ? snd_ctl_elem_add_compat+0x3f0/0x3f0 [ 254.116648][T11024] ? tomoyo_path_number_perm+0x214/0x520 [ 254.122314][T11024] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 254.128546][T11024] ? tomoyo_path_number_perm+0x263/0x520 [ 254.134277][T11024] snd_ctl_ioctl+0x937/0xf50 [ 254.138953][T11024] ? snd_ctl_elem_add_user+0x180/0x180 [ 254.144498][T11024] ? ___might_sleep+0x163/0x2c0 [ 254.149475][T11024] ? snd_ctl_elem_add_user+0x180/0x180 [ 254.155038][T11024] do_vfs_ioctl+0xdb6/0x13e0 [ 254.159629][T11024] ? ioctl_preallocate+0x210/0x210 [ 254.164780][T11024] ? selinux_file_mprotect+0x620/0x620 [ 254.170241][T11024] ? __fget+0x384/0x560 [ 254.170262][T11024] ? ksys_dup3+0x3e0/0x3e0 [ 254.170279][T11024] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 254.170293][T11024] ? fput_many+0x12c/0x1a0 [ 254.170312][T11024] ? tomoyo_file_ioctl+0x23/0x30 [ 254.194437][T11024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 254.200704][T11024] ? security_file_ioctl+0x8d/0xc0 [ 254.205836][T11024] ksys_ioctl+0xab/0xd0 13:07:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r1) [ 254.210009][T11024] __x64_sys_ioctl+0x73/0xb0 [ 254.210027][T11024] do_syscall_64+0xfa/0x760 [ 254.210049][T11024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.219298][T11024] RIP: 0033:0x459f39 [ 254.219315][T11024] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.219323][T11024] RSP: 002b:00007f56c9739c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.229123][T11024] RAX: ffffffffffffffda RBX: 00007f56c9739c90 RCX: 0000000000459f39 [ 254.265458][T11024] RDX: 0000000020001000 RSI: 00000000c1105517 RDI: 0000000000000003 [ 254.273625][T11024] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 254.281697][T11024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56c973a6d4 [ 254.289774][T11024] R13: 00000000004ce638 R14: 00000000004d89d8 R15: 0000000000000004 [ 254.297778][T11022] CPU: 0 PID: 11022 Comm: syz-executor.1 Not tainted 5.4.0-rc4+ #0 [ 254.305687][T11022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.316014][T11022] Call Trace: [ 254.319323][T11022] dump_stack+0x172/0x1f0 [ 254.323850][T11022] should_fail.cold+0xa/0x15 [ 254.328597][T11022] ? fault_create_debugfs_attr+0x180/0x180 [ 254.334823][T11022] ? ___might_sleep+0x163/0x2c0 [ 254.339698][T11022] __should_failslab+0x121/0x190 [ 254.344661][T11022] should_failslab+0x9/0x14 [ 254.349183][T11022] kmem_cache_alloc+0x2aa/0x710 [ 254.354329][T11022] ? rwlock_bug.part.0+0x90/0x90 [ 254.359298][T11022] ? lock_downgrade+0x920/0x920 [ 254.364295][T11022] __alloc_file+0x27/0x340 [ 254.368716][T11022] alloc_empty_file+0x72/0x170 [ 254.368734][T11022] alloc_file+0x5e/0x4d0 [ 254.368753][T11022] alloc_file_pseudo+0x189/0x280 [ 254.368768][T11022] ? alloc_file+0x4d0/0x4d0 [ 254.368787][T11022] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 254.368808][T11022] __shmem_file_setup.part.0+0x108/0x2b0 [ 254.368826][T11022] shmem_file_setup+0x66/0x90 [ 254.378876][T11022] __x64_sys_memfd_create+0x2a2/0x470 13:07:37 executing program 5 (fault-call:3 fault-nth:5): r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 13:07:37 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000040)={0x9, 0x20000000001, "eb"}, 0x2a3e0) [ 254.378894][T11022] ? memfd_fcntl+0x18c0/0x18c0 [ 254.388498][T11022] ? do_syscall_64+0x26/0x760 [ 254.388517][T11022] ? lockdep_hardirqs_on+0x421/0x5e0 [ 254.388534][T11022] ? trace_hardirqs_on+0x67/0x240 [ 254.388551][T11022] do_syscall_64+0xfa/0x760 [ 254.388571][T11022] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.388586][T11022] RIP: 0033:0x459f39 [ 254.388604][T11022] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.400964][T11022] RSP: 002b:00007f7f16b9aa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 254.400979][T11022] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000459f39 [ 254.400987][T11022] RDX: 0000000020000168 RSI: 0000000000000000 RDI: 00000000004befd7 [ 254.400996][T11022] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 254.401004][T11022] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f16b9b6d4 [ 254.401017][T11022] R13: 00000000004c968b R14: 00000000004e0e98 R15: 0000000000000003 13:07:37 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{0x0, 0x0, 0x0}], 0x1, 0x0) 13:07:37 executing program 0: openat$vsock(0xffffffffffffff9c, 0x0, 0x400400, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2c0, 0x100}, 0x2a901}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = dup(r0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000240)=0x0) getpgrp(r2) r3 = getpgid(r2) syz_open_procfs(r3, &(0x7f0000000500)='projid_map\x00') r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f0000000480), 0x100000000000014a, 0xf0ffff) ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f0000000040)=0x8) r5 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r6) fsetxattr$security_capability(r5, &(0x7f0000000040)='security.capability\x00', &(0x7f0000000300)=@v3={0x3000000, [], r6}, 0x15, 0x1) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, &(0x7f0000000280)=""/90, &(0x7f0000000080)=""/40, &(0x7f0000000140)=""/14, 0x10000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='mem\x00\x00\x00\x00\x00\x00\a\x13ga\x1e\xd9\x11\xf4\xa5ZP\v\xe9`\x12Q+xMt\xf9i\xbdp\x9f?\x8e\vo\xbb+r\xdc\xdf8\xde\xd4?\x83?\xb2v\xb6\x97\xdd\x94\xfb\xc0Q\xcc\xe3>\x92~\x10r\xd9\xaeD\x00\xec\xccV\xcd_\xa3]Y\x8f+\xc2\x9eM\x0f\aR\xa3\xce\xdbWP/\xac+\xb95\xda*\xd25s \xc6\xdc\x10\xaa\xd9E\xe2cS\xbf\adb\x16\xad\xbd\xee\xff\xfa 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.799740][T11034] RSP: 002b:00007f56c9739c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.808265][T11034] RAX: ffffffffffffffda RBX: 00007f56c9739c90 RCX: 0000000000459f39 [ 254.816251][T11034] RDX: 0000000020001000 RSI: 00000000c1105517 RDI: 0000000000000003 [ 254.824240][T11034] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 254.832220][T11034] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56c973a6d4 [ 254.840448][T11034] R13: 00000000004ce638 R14: 00000000004d89d8 R15: 0000000000000004 [ 254.848463][T11034] snd_dummy snd_dummy.0: No memory available to allocate event 13:07:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r1) 13:07:37 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000000c0)=""/255, 0xff}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/239, 0xef}, {&(0x7f0000001500)=""/187, 0xbb}, {&(0x7f00000015c0)=""/143, 0x8f}], 0x5}, 0xffffffff}], 0x1, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0xfffffd15, 0x8be881f18ac53802) r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ptmx\x00', 0x0, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) dup2(r0, r1) writev(r1, &(0x7f00000023c0), 0x1000000000000252) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@mcast2, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@local}}, &(0x7f00000001c0)=0xe8) setsockopt$inet6_mreq(r0, 0x29, 0xd, &(0x7f0000000200)={@mcast1, r4}, 0x14) 13:07:37 executing program 3 (fault-call:4 fault-nth:0): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 255.004266][T11052] FAULT_INJECTION: forcing a failure. [ 255.004266][T11052] name failslab, interval 1, probability 0, space 0, times 0 [ 255.076722][T11052] CPU: 1 PID: 11052 Comm: syz-executor.1 Not tainted 5.4.0-rc4+ #0 [ 255.084932][T11052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.095013][T11052] Call Trace: [ 255.098459][T11052] dump_stack+0x172/0x1f0 [ 255.102997][T11052] should_fail.cold+0xa/0x15 [ 255.107743][T11052] ? fault_create_debugfs_attr+0x180/0x180 [ 255.113598][T11052] ? ___might_sleep+0x163/0x2c0 [ 255.118572][T11052] __should_failslab+0x121/0x190 [ 255.123761][T11052] should_failslab+0x9/0x14 [ 255.128381][T11052] kmem_cache_alloc+0x2aa/0x710 [ 255.133732][T11052] ? kmem_cache_alloc+0x364/0x710 [ 255.138791][T11052] security_file_alloc+0x39/0x170 [ 255.144012][T11052] __alloc_file+0xde/0x340 [ 255.148452][T11052] alloc_empty_file+0x72/0x170 [ 255.153393][T11052] alloc_file+0x5e/0x4d0 [ 255.157703][T11052] alloc_file_pseudo+0x189/0x280 [ 255.162899][T11052] ? alloc_file+0x4d0/0x4d0 [ 255.167518][T11052] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 255.173916][T11052] __shmem_file_setup.part.0+0x108/0x2b0 [ 255.179580][T11052] shmem_file_setup+0x66/0x90 [ 255.184289][T11052] __x64_sys_memfd_create+0x2a2/0x470 [ 255.189773][T11052] ? memfd_fcntl+0x18c0/0x18c0 [ 255.194633][T11052] ? do_syscall_64+0x26/0x760 [ 255.199338][T11052] ? lockdep_hardirqs_on+0x421/0x5e0 [ 255.205001][T11052] ? trace_hardirqs_on+0x67/0x240 [ 255.210070][T11052] do_syscall_64+0xfa/0x760 [ 255.214695][T11052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.220609][T11052] RIP: 0033:0x459f39 13:07:38 executing program 5 (fault-call:3 fault-nth:6): r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 255.224523][T11052] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 255.244462][T11052] RSP: 002b:00007f7f16b9aa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 255.252916][T11052] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000459f39 [ 255.261088][T11052] RDX: 0000000020000168 RSI: 0000000000000000 RDI: 00000000004befd7 [ 255.269164][T11052] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 255.277160][T11052] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f16b9b6d4 [ 255.285429][T11052] R13: 00000000004c968b R14: 00000000004e0e98 R15: 0000000000000003 [ 255.316194][T11065] FAULT_INJECTION: forcing a failure. [ 255.316194][T11065] name failslab, interval 1, probability 0, space 0, times 0 [ 255.354938][T11065] CPU: 1 PID: 11065 Comm: syz-executor.3 Not tainted 5.4.0-rc4+ #0 [ 255.363524][T11065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.373904][T11065] Call Trace: [ 255.377321][T11065] dump_stack+0x172/0x1f0 [ 255.382900][T11065] should_fail.cold+0xa/0x15 [ 255.387827][T11065] ? fault_create_debugfs_attr+0x180/0x180 [ 255.393935][T11065] ? ___might_sleep+0x163/0x2c0 [ 255.398835][T11065] __should_failslab+0x121/0x190 [ 255.403889][T11065] should_failslab+0x9/0x14 [ 255.408681][T11065] kmem_cache_alloc_node+0x268/0x740 [ 255.414094][T11065] ? __kasan_check_read+0x11/0x20 [ 255.419412][T11065] __alloc_skb+0xd5/0x5e0 [ 255.423904][T11065] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 255.430115][T11065] ? __kasan_check_read+0x11/0x20 [ 255.435236][T11065] ? mark_lock+0xc2/0x1220 [ 255.439869][T11065] alloc_skb_with_frags+0x93/0x590 [ 255.445204][T11065] ? __kasan_check_read+0x11/0x20 [ 255.450363][T11065] ? mark_lock+0xc2/0x1220 13:07:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) move_pages(0x0, 0x5, &(0x7f0000000000)=[&(0x7f0000001000/0x4000)=nil, &(0x7f000000d000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil], 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$X25_QBITINCL(r6, 0x106, 0x1, &(0x7f0000000040), 0x4) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 13:07:38 executing program 1 (fault-call:0 fault-nth:6): syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) [ 255.454889][T11065] ? lock_downgrade+0x920/0x920 [ 255.459951][T11065] sock_alloc_send_pskb+0x7ad/0x920 [ 255.465276][T11065] ? __might_fault+0x12b/0x1e0 [ 255.470245][T11065] ? proto_register+0x990/0x990 [ 255.475210][T11065] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 255.481737][T11065] ? iov_iter_advance+0x295/0xf70 [ 255.487415][T11065] sock_alloc_send_skb+0x32/0x40 [ 255.492518][T11065] nfc_alloc_send_skb+0xa9/0x1b0 [ 255.498444][T11065] ? nfc_llcp_send_ui_frame+0xcf/0x470 [ 255.503940][T11065] nfc_llcp_send_ui_frame+0x276/0x470 [ 255.510405][T11065] ? __local_bh_enable_ip+0x15a/0x270 [ 255.516246][T11065] ? nfc_llcp_send_i_frame+0x430/0x430 [ 255.521739][T11065] ? __local_bh_enable_ip+0x15a/0x270 [ 255.527932][T11065] ? _raw_spin_unlock_bh+0x31/0x40 [ 255.533100][T11065] llcp_sock_sendmsg+0x275/0x360 [ 255.538070][T11065] ? llcp_sock_recvmsg+0xaf0/0xaf0 [ 255.543513][T11065] sock_sendmsg+0xd7/0x130 [ 255.547970][T11065] ___sys_sendmsg+0x3e2/0x920 [ 255.552766][T11065] ? copy_msghdr_from_user+0x440/0x440 [ 255.558273][T11065] ? lock_downgrade+0x920/0x920 [ 255.563407][T11065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 255.569852][T11065] ? __kasan_check_read+0x11/0x20 [ 255.574921][T11065] ? __fget+0x384/0x560 [ 255.579636][T11065] ? find_held_lock+0x35/0x130 [ 255.584726][T11065] ? get_pid_task+0xc9/0x190 [ 255.589507][T11065] ? __fget_light+0x1a9/0x230 [ 255.594702][T11065] ? __fdget+0x1b/0x20 [ 255.598958][T11065] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 255.605474][T11065] ? sockfd_lookup_light+0xcb/0x180 [ 255.611117][T11065] __sys_sendmmsg+0x1bf/0x4d0 [ 255.615983][T11065] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 255.621371][T11065] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 255.627845][T11065] ? fput_many+0x12c/0x1a0 [ 255.632717][T11065] ? fput+0x1b/0x20 [ 255.636590][T11065] ? ksys_write+0x1cf/0x290 [ 255.641381][T11065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 255.647107][T11065] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 255.652842][T11065] ? do_syscall_64+0x26/0x760 [ 255.657818][T11065] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.663887][T11065] ? do_syscall_64+0x26/0x760 [ 255.668569][T11065] __x64_sys_sendmmsg+0x9d/0x100 [ 255.674088][T11065] do_syscall_64+0xfa/0x760 [ 255.678766][T11065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.684950][T11065] RIP: 0033:0x459f39 [ 255.689101][T11065] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 255.709827][T11065] RSP: 002b:00007fb2427ffc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 255.718588][T11065] RAX: ffffffffffffffda RBX: 00007fb2427ffc90 RCX: 0000000000459f39 [ 255.727212][T11065] RDX: 0000000000000001 RSI: 0000000020000740 RDI: 0000000000000004 [ 255.735359][T11065] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 255.743824][T11065] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb2428006d4 13:07:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000040)={0x1d, r2}, 0x10) close(r1) [ 255.752104][T11065] R13: 00000000004c7bb6 R14: 00000000004ddb20 R15: 0000000000000005 13:07:38 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000040)=""/123, 0x7b) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) getsockopt$ARPT_SO_GET_INFO(r3, 0x0, 0x60, 0x0, &(0x7f0000000140)) r4 = socket$can_raw(0x1d, 0x3, 0x1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(r6, r1, &(0x7f0000901000/0x18000)=nil, &(0x7f0000000500)=[@text64={0x40, &(0x7f0000000480)="c4e271adba00800000440f20c0350b000000440f22c00f01cb48b8ae2c0000000000000f23d80f21f835c00000900f23f866ba610066b8081c66efc4412b11c3b8010000000f01c1f2afc4a3497aedb8b9800000c00f3235001000000f30", 0x5e}], 0x1, 0x2, &(0x7f0000000540)=[@flags={0x3, 0x10}], 0x1) r7 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$radio(&(0x7f00000001c0)='/dev/radio#\x00', 0x3, 0x2) ioctl(r7, 0x1000008912, &(0x7f00000003c0)) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000740)={'vcan0\x00', 0x0}) bind$can_raw(r4, &(0x7f0000000040)={0x1d, r8}, 0x10) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) socket$pppoe(0x18, 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r10, 0xc0a85320, &(0x7f00000002c0)={{0xf0, 0x1}, 'port0\x00', 0xd, 0xac1523e12658bd75, 0x10001, 0xff, 0x8, 0x1, 0x2, 0x0, 0x2, 0x17f0}) r11 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt(r11, 0x65, 0x1, &(0x7f0000000080), 0x0) r12 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r13 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x0, 0x2) getsockopt$inet_IP_XFRM_POLICY(r13, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@empty, @in6=@loopback}}, {{}, 0x0, @in=@multicast2}}, &(0x7f0000000000)=0xfffffffffffffdb2) dup3(r0, r4, 0x80000) r14 = socket$inet6(0xa, 0x2, 0x5) ioctl$FIGETBSZ(r14, 0x2, &(0x7f0000000180)) perf_event_open$cgroup(0x0, r3, 0x6, r12, 0x0) [ 255.826397][T11074] FAULT_INJECTION: forcing a failure. [ 255.826397][T11074] name failslab, interval 1, probability 0, space 0, times 0 [ 255.908838][T11074] CPU: 0 PID: 11074 Comm: syz-executor.1 Not tainted 5.4.0-rc4+ #0 [ 255.916972][T11074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.927614][T11074] Call Trace: [ 255.931383][T11074] dump_stack+0x172/0x1f0 [ 255.935748][T11074] should_fail.cold+0xa/0x15 [ 255.937951][T11065] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-105) [ 255.940580][T11074] ? fault_create_debugfs_attr+0x180/0x180 [ 255.954951][T11074] ? ___might_sleep+0x163/0x2c0 [ 255.959825][T11074] __should_failslab+0x121/0x190 [ 255.965356][T11074] should_failslab+0x9/0x14 [ 255.969880][T11074] __kmalloc+0x2e0/0x770 [ 255.974142][T11074] ? mark_held_locks+0xf0/0xf0 [ 255.978913][T11074] ? stack_trace_save+0xac/0xe0 [ 255.984158][T11074] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 255.990053][T11074] tomoyo_realpath_from_path+0xcd/0x7b0 [ 255.995949][T11074] ? tomoyo_path_perm+0x1cb/0x430 [ 256.000976][T11074] tomoyo_path_perm+0x230/0x430 [ 256.005826][T11074] ? tomoyo_path_perm+0x1cb/0x430 [ 256.010846][T11074] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 256.017008][T11074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 256.023519][T11074] ? rcu_read_lock_any_held+0xcd/0xf0 [ 256.028950][T11074] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 256.034411][T11074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 256.041041][T11074] tomoyo_path_truncate+0x1d/0x30 [ 256.046516][T11074] security_path_truncate+0xf2/0x150 [ 256.051973][T11074] do_sys_ftruncate+0x3d9/0x550 [ 256.056936][T11074] __x64_sys_ftruncate+0x59/0x80 [ 256.062656][T11074] do_syscall_64+0xfa/0x760 [ 256.067680][T11074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 256.073960][T11074] RIP: 0033:0x459f07 [ 256.077943][T11074] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.098163][T11074] RSP: 002b:00007f7f16b9aa88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d 13:07:38 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:38 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 256.108055][T11074] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000459f07 [ 256.116825][T11074] RDX: 0000000020000168 RSI: 0000000008100000 RDI: 0000000000000004 [ 256.126066][T11074] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 256.134270][T11074] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000000004 [ 256.142882][T11074] R13: 00000000004c968b R14: 00000000004e0e98 R15: 0000000000000003 13:07:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) bind$can_raw(r1, &(0x7f0000000040), 0x10) close(r1) 13:07:39 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 256.361272][T11074] ERROR: Out of memory at tomoyo_realpath_from_path. 13:07:39 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x2, &(0x7f0000001000)) 13:07:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) bind$can_raw(r1, &(0x7f0000000040), 0x10) close(r1) [ 256.461534][T11074] FAT-fs (loop1): bogus logical sector size 537 [ 256.501271][T11074] FAT-fs (loop1): Can't find a valid FAT filesystem 13:07:39 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f00000001c0)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000180)=""/13, &(0x7f0000000200)=0xd) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r0, 0x800443d2, &(0x7f0000000080)={0x5, &(0x7f0000000000)=[{}, {}, {}, {}, {}]}) ioctl$NBD_DO_IT(r1, 0xab03) setxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x1) 13:07:39 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 256.829426][T11118] block nbd0: Receive control failed (result -22) [ 256.840359][T11118] block nbd0: shutting down sockets [ 256.857041][T11118] [ 256.859422][T11118] ============================================ [ 256.865794][T11118] WARNING: possible recursive locking detected [ 256.872436][T11118] 5.4.0-rc4+ #0 Not tainted [ 256.877028][T11118] -------------------------------------------- [ 256.885332][T11118] kworker/u5:1/11118 is trying to acquire lock: [ 256.895391][T11118] ffff888084971928 ((wq_completion)knbd0-recv){+.+.}, at: flush_workqueue+0xf7/0x14c0 [ 256.905371][T11118] [ 256.905371][T11118] but task is already holding lock: [ 256.912741][T11118] ffff888084971928 ((wq_completion)knbd0-recv){+.+.}, at: process_one_work+0x88b/0x1740 [ 256.922979][T11118] [ 256.922979][T11118] other info that might help us debug this: [ 256.931224][T11118] Possible unsafe locking scenario: [ 256.931224][T11118] [ 256.938764][T11118] CPU0 [ 256.941670][T11072] kvm: emulating exchange as write [ 256.942180][T11118] ---- [ 256.942182][T11118] lock((wq_completion)knbd0-recv); [ 256.942190][T11118] lock((wq_completion)knbd0-recv); [ 256.942196][T11118] [ 256.942196][T11118] *** DEADLOCK *** [ 256.942196][T11118] [ 256.942199][T11118] May be due to missing lock nesting notation [ 256.942199][T11118] [ 256.942206][T11118] 3 locks held by kworker/u5:1/11118: [ 256.942217][T11118] #0: ffff888084971928 ((wq_completion)knbd0-recv){+.+.}, at: process_one_work+0x88b/0x1740 [ 256.997506][T11118] #1: ffff88805d7a7dc0 ((work_completion)(&args->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 257.008453][T11118] #2: ffff888218d02d78 (&nbd->config_lock){+.+.}, at: refcount_dec_and_mutex_lock+0x56/0x90 [ 257.019085][T11118] [ 257.019085][T11118] stack backtrace: [ 257.025158][T11118] CPU: 0 PID: 11118 Comm: kworker/u5:1 Not tainted 5.4.0-rc4+ #0 [ 257.033069][T11118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 257.043653][T11118] Workqueue: knbd0-recv recv_work [ 257.048683][T11118] Call Trace: [ 257.052210][T11118] dump_stack+0x172/0x1f0 [ 257.056559][T11118] __lock_acquire.cold+0x15d/0x385 [ 257.061709][T11118] ? mark_held_locks+0xf0/0xf0 [ 257.066691][T11118] lock_acquire+0x190/0x410 [ 257.071320][T11118] ? flush_workqueue+0xf7/0x14c0 [ 257.076487][T11118] flush_workqueue+0x126/0x14c0 [ 257.081782][T11118] ? flush_workqueue+0xf7/0x14c0 [ 257.086940][T11118] ? lock_downgrade+0x920/0x920 [ 257.092070][T11118] ? drain_workqueue+0x2b/0x470 [ 257.097325][T11118] ? debug_check_no_obj_freed+0x20a/0x43f [ 257.099180][T11122] kobject: 'kvm' (0000000001cc25ad): kobject_uevent_env [ 257.103265][T11118] ? find_held_lock+0x35/0x130 [ 257.103279][T11118] ? pwq_unbound_release_workfn+0x2f0/0x2f0 [ 257.103297][T11118] ? mark_lock+0xc2/0x1220 [ 257.122864][T11122] kobject: 'kvm' (0000000001cc25ad): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 257.126108][T11118] drain_workqueue+0x1b4/0x470 [ 257.126121][T11118] ? drain_workqueue+0x1b4/0x470 [ 257.126138][T11118] ? kfree+0x226/0x2c0 [ 257.143390][T11072] kobject: 'kvm' (0000000001cc25ad): kobject_uevent_env [ 257.146928][T11118] destroy_workqueue+0x21/0x700 [ 257.146941][T11118] ? nbd_config_put+0x378/0x870 [ 257.146951][T11118] nbd_config_put+0x3dd/0x870 [ 257.146967][T11118] recv_work+0x19b/0x200 [ 257.151219][T11072] kobject: 'kvm' (0000000001cc25ad): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 257.157947][T11118] process_one_work+0x9af/0x1740 [ 257.157962][T11118] ? pwq_dec_nr_in_flight+0x320/0x320 [ 257.157973][T11118] ? lock_acquire+0x190/0x410 [ 257.157991][T11118] worker_thread+0x98/0xe40 [ 257.210550][T11118] ? trace_hardirqs_on+0x67/0x240 [ 257.215657][T11118] kthread+0x361/0x430 [ 257.220188][T11118] ? process_one_work+0x1740/0x1740 [ 257.225399][T11118] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 257.231203][T11118] ret_from_fork+0x24/0x30 13:07:40 executing program 1 (fault-call:0 fault-nth:7): syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xfffff573, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="e93c906d6b66732e66613419020401ed01000270fff8", 0x16}], 0x0, 0x0) 13:07:40 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x10, &(0x7f0000001000)) 13:07:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) bind$can_raw(r1, &(0x7f0000000040), 0x10) close(r1) 13:07:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) move_pages(0x0, 0x5, &(0x7f0000000000)=[&(0x7f0000001000/0x4000)=nil, &(0x7f000000d000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil], 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$X25_QBITINCL(r6, 0x106, 0x1, &(0x7f0000000040), 0x4) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 13:07:40 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) [ 257.274363][T11072] kobject: 'kvm' (0000000001cc25ad): kobject_uevent_env [ 257.282642][T11072] kobject: 'kvm' (0000000001cc25ad): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 257.330730][T11128] FAULT_INJECTION: forcing a failure. [ 257.330730][T11128] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 257.338794][ T3900] kobject: 'loop4' (00000000e5cbb7bb): kobject_uevent_env [ 257.346077][T11128] CPU: 1 PID: 11128 Comm: syz-executor.1 Not tainted 5.4.0-rc4+ #0 [ 257.346085][T11128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 257.346089][T11128] Call Trace: [ 257.346109][T11128] dump_stack+0x172/0x1f0 [ 257.346128][T11128] should_fail.cold+0xa/0x15 [ 257.346143][T11128] ? fault_create_debugfs_attr+0x180/0x180 [ 257.346165][T11128] ? is_bpf_text_address+0xac/0x170 [ 257.357798][ T3900] kobject: 'loop4' (00000000e5cbb7bb): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 257.362569][T11128] ? __kasan_check_read+0x11/0x20 [ 257.362592][T11128] should_fail_alloc_page+0x50/0x60 [ 257.362605][T11128] __alloc_pages_nodemask+0x1a1/0x900 [ 257.362626][T11128] ? __bpf_address_lookup+0x310/0x310 [ 257.431296][T11128] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 257.437396][T11128] ? __alloc_pages_slowpath+0x2920/0x2920 [ 257.443404][T11128] ? kernel_text_address+0x73/0xf0 [ 257.449000][T11128] ? fault_create_debugfs_attr+0x180/0x180 [ 257.456079][T11128] cache_grow_begin+0x90/0xd20 [ 257.461281][T11128] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 257.467665][T11128] __kmalloc+0x6b2/0x770 [ 257.472170][T11128] ? mark_held_locks+0xf0/0xf0 [ 257.477190][T11128] ? stack_trace_save+0xac/0xe0 [ 257.482316][T11128] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 257.488173][T11128] tomoyo_realpath_from_path+0xcd/0x7b0 [ 257.494368][T11128] ? tomoyo_path_perm+0x1cb/0x430 [ 257.499543][T11128] tomoyo_path_perm+0x230/0x430 [ 257.504481][T11128] ? tomoyo_path_perm+0x1cb/0x430 [ 257.509671][T11128] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 257.516560][T11128] ? __fget+0x35d/0x560 [ 257.521015][T11128] ? __kasan_check_read+0x11/0x20 [ 257.526294][T11128] ? __kasan_check_read+0x11/0x20 [ 257.531699][T11128] ? __fget+0xa3/0x560 [ 257.536374][T11128] ? lock_acquire+0x190/0x410 [ 257.541411][T11128] ? do_sys_ftruncate+0x282/0x550 [ 257.548074][T11128] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 257.555091][T11128] tomoyo_path_truncate+0x1d/0x30 [ 257.560435][T11128] security_path_truncate+0xf2/0x150 [ 257.566454][T11128] do_sys_ftruncate+0x3d9/0x550 [ 257.571399][T11128] __x64_sys_ftruncate+0x59/0x80 [ 257.576901][T11128] do_syscall_64+0xfa/0x760 [ 257.581724][T11128] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 257.589178][T11128] RIP: 0033:0x459f07 [ 257.593508][T11128] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 257.617007][T11128] RSP: 002b:00007f7f16b9aa88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 257.626757][T11128] RAX: ffffffffffffffda RBX: 0000000020000140 RCX: 0000000000459f07 [ 257.635512][T11128] RDX: 0000000020000168 RSI: 0000000008100000 RDI: 0000000000000004 [ 257.646556][T11128] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 257.656387][T11128] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000000004 [ 257.665501][T11128] R13: 00000000004c968b R14: 00000000004e0e98 R15: 0000000000000003 13:07:40 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x20a) perf_event_open(&(0x7f0000001000)={0xffffffffffffffff, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x4b47, &(0x7f0000001000)) 13:07:40 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x4, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 257.701888][T11128] kobject: 'loop1' (000000007870f471): kobject_uevent_env [ 257.710191][T11128] kobject: 'loop1' (000000007870f471): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 257.748351][T11132] kobject: 'kvm' (0000000001cc25ad): kobject_uevent_env [ 257.762165][ T3900] kobject: 'loop5' (000000002c8a4c71): kobject_uevent_env [ 257.773267][T11128] FAT-fs (loop1): bogus logical sector size 537 [ 257.782447][ T3900] kobject: 'loop5' (000000002c8a4c71): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 257.804362][T11132] kobject: 'kvm' (0000000001cc25ad): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 257.820010][T11128] FAT-fs (loop1): Can't find a valid FAT filesystem [ 257.829504][ T3900] kobject: 'loop3' (0000000002005bd3): kobject_uevent_env 13:07:40 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ac41d1c45d71d3ed2a4182b9a6fdfebbf3550b2209895f348f8fc6716e08d1364ad5526c6e898cbb38c310d32b6a3217fa0cb9e4cafe05699ca246cde7188b"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmmsg$nfc_llcp(r0, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x27, 0x11, 0x0, 0x0, 0x0, 0x0, "4c9d89eda9074aa0e8ab9c3917495b12a3ce35ccc03a6ded09551c3391141af9cb88fb460a7ab7e9aaea75d5b704301266126b756c331aa5704b9965139a71"}, 0x60, 0x0}], 0x1, 0x0) 13:07:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x2000000011, 0x4000000000080002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r3}, 0x10) close(r1) [ 257.844934][ T3900] kobject: 'loop3' (0000000002005bd3): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 257.870104][ T3900] kobject: 'loop2' (0000000009bcdef8): kobject_uevent_env [ 257.886762][T11131] kobject: 'kvm' (0000000001cc25ad): kobject_uevent_env [ 257.888120][ T3900] kobject: 'loop2' (0000000009bcdef8): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 257.909787][T11131] kobject: 'kvm' (0000000001cc25ad): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 257.936121][T11138] kobject: 'loop1' (000000007870f471): kobject_uevent_env [ 257.950042][T11138] kobject: 'loop1' (000000007870f471): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 257.989598][ T3900] kobject: 'loop1' (000000007870f471): kobject_uevent_env [ 258.025161][ T3900] kobject: 'loop1' (000000007870f471): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 258.042098][ T3900] kobject: 'loop4' (00000000e5cbb7bb): kobject_uevent_env [ 258.049840][ T3900] kobject: 'loop4' (00000000e5cbb7bb): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 258.068857][ T3900] kobject: 'loop3' (0000000002005bd3): kobject_uevent_env [ 258.090629][ T3900] kobject: 'loop3' (0000000002005bd3): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 258.111187][ T3900] kobject: 'loop2' (0000000009bcdef8): kobject_uevent_env [ 258.126313][ T3900] kobject: 'loop2' (0000000009bcdef8): fill_kobj_path: path = '/devices/virtual/block/loop2'