[   31.415380] kauditd_printk_skb: 9 callbacks suppressed
[   31.415388] audit: type=1800 audit(1556167979.716:33): pid=6864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   31.442653] audit: type=1800 audit(1556167979.716:34): pid=6864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   35.737709] random: sshd: uninitialized urandom read (32 bytes read)
[   35.922516] audit: type=1400 audit(1556167984.226:35): avc:  denied  { map } for  pid=7037 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   35.972687] random: sshd: uninitialized urandom read (32 bytes read)
[   36.662784] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts.
[   42.491376] random: sshd: uninitialized urandom read (32 bytes read)
2019/04/25 04:53:11 fuzzer started
[   42.687700] audit: type=1400 audit(1556167990.986:36): avc:  denied  { map } for  pid=7046 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.649190] random: cc1: uninitialized urandom read (8 bytes read)
2019/04/25 04:53:14 dialing manager at 10.128.0.105:35831
2019/04/25 04:53:14 syscalls: 2434
2019/04/25 04:53:14 code coverage: enabled
2019/04/25 04:53:14 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/04/25 04:53:14 extra coverage: extra coverage is not supported by the kernel
2019/04/25 04:53:14 setuid sandbox: enabled
2019/04/25 04:53:14 namespace sandbox: enabled
2019/04/25 04:53:14 Android sandbox: /sys/fs/selinux/policy does not exist
2019/04/25 04:53:14 fault injection: enabled
2019/04/25 04:53:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/04/25 04:53:14 net packet injection: enabled
2019/04/25 04:53:14 net device setup: enabled
[   46.845351] random: crng init done
04:55:26 executing program 5:
r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
ioctl$TIOCNXCL(r0, 0x540d)
prctl$PR_SET_FPEMU(0xa, 0x1)
ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000040)={0x8001, 0x87})
ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000080))
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00')
sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x11c, r1, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x69bf65e6}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd8a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NET={0x54, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffffffffff121}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3f}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x81}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xce}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xda6}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000000}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4}, 0x4)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000340)={'filter\x00', 0x0, 0x0, 0x0, [], 0xa, &(0x7f0000000300)=[{}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x118)
r2 = request_key(&(0x7f0000000480)='rxrpc\x00', &(0x7f00000004c0)={'syz', 0x2}, &(0x7f0000000500)='TIPCv2\x00', 0xffffffffffffffff)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000540)=""/161)
getpeername$packet(r0, &(0x7f0000000700)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000740)=0x14)
getresuid(&(0x7f0000000780)=<r4=>0x0, &(0x7f00000007c0), &(0x7f0000000800)=<r5=>0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x11000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000840)=@updsa={0x180, 0x1a, 0x300, 0x70bd2a, 0x25dfdbfb, {{@in=@multicast1, @in=@rand_addr=0x3, 0x4e20, 0x5, 0x4e20, 0xfb87, 0x2, 0x80, 0x20, 0x7f, r3, r4}, {@in=@local, 0x4d4, 0x33}, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, {0x4, 0x1, 0xb3a4, 0x3, 0x3ad8b822, 0x3f, 0x4e2, 0x8}, {0x1000, 0xd62, 0x7ff, 0x10000}, {0x5, 0xffffffffffff7fff, 0x1}, 0x70bd29, 0x0, 0xa, 0x0, 0x4, 0x2}, [@migrate={0x30, 0x11, [{@in6=@mcast1, @in=@multicast1, 0x2b, 0x1, 0x0, 0x0, 0xa, 0xa}]}, @algo_comp={0x58, 0x3, {{'lzs\x00'}, 0x68, "4c378252d74feec8d89e6c86cf"}}, @output_mark={0x8, 0x1d, 0xffffffff}]}, 0x180}, 0x1, 0x0, 0x0, 0x800}, 0x4004)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000a80)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x2080}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x1c, r6, 0x8, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$TIOCSIG(r0, 0x40045436, 0x4)
keyctl$assume_authority(0x10, r2)
vmsplice(r0, &(0x7f0000000e80)=[{&(0x7f0000000b80)="d726c52bde07a9f03ea61458361e910948245162015939715fa39798cf2f2020a801405aeb002718563e6287329bbf9c6bf40b4001b7daf43d6cd44bd2b44f6a0e17e17b7b9eae287f83ce1d8275d0f3e6edc87c989eab73603d6078d04dea058c744dd01ec2fecbbbb3f2cdd4e5bb064837871d6a076d", 0x77}, {&(0x7f0000000c00)="cfddbeaf5630cb2704e3e39a0e5a2581627ab75cbc93aa5c83090fd269fa83efefd0cc398a9932d50a31c5d8795e88fce9cc49ac51e5ec25c56cf96f58686626f2de872f5e30978d0e849311ab8c8a2f484a454f302ab4729d1e2750918298846f45d8da54807a39c3abfc8cac02bbce63f64f23ef2fe194c93f1d10262f0c02db4e8a5f63c4a39ecd9b7784334fa4acfea879d1f566b0f6cedeb8776c7fb3cb30cf09922385f2291bf4b5280d9ab607e9554c18c90eaa4922a04001b221addb4a954e7f58f6c2219be6e50e9b5c0272c10f799b0d7fe4bcf34a8972761197a0b59ee9eb5e86c840e3acb417d5d78c82bf0a33627de46e3913", 0xf9}, {&(0x7f0000000d00)="d53207c1eeb86245a4cd946c3c613d6a7b2fa9102d0d1a01c00390b0", 0x1c}, {&(0x7f0000000d40)="16c2752e7502defc08ccccec98f434ac2cb5ce8a2f796b91ff5ce5bc088286c75ad6630eb9eddeb09a0b6cc90878e58367a9bf13b105c93f001f03f3ca5f02b2da47b9d8c1b19a21943ef90353de24eedafbc31219d825", 0x57}, {&(0x7f0000000dc0)="333c38c0e2c9176d713fdb237574767f0d75213c09148c33106949ba08ed56747211db703292dd4f3e540cd874787f83dde3910cd6108b63b3ec99c3c0ccde8e48f8221f5b33977650761bffefff0ed878d5d33be506a2873f0566d599e0315f6a6722dc927eb9ac57b0c5d5cb95e612e4a6a9e8d2513362b4b7acf8ebbc7bf4a7aa1aa2e505ed89357b241b8f3a548326e6af94fe715c352c716948205421e10fc1a0ad3e18", 0xa6}], 0x5, 0x0)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000f00)='/dev/zero\x00', 0x80, 0x0)
ioctl$KDGETKEYCODE(r7, 0x4b4c, &(0x7f0000000f40)={0x1f, 0x7})
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000f80)={0x1, 0x2, 0xff}, 0x8)
sysfs$1(0x1, &(0x7f0000000fc0)='keyringmd5sumposix_acl_accesskeyring\x00')
openat$cgroup_type(r0, &(0x7f0000001000)='cgroup.type\x00', 0x2, 0x0)
r8 = syz_open_dev$sndpcmc(&(0x7f0000001040)='/dev/snd/pcmC#D#c\x00', 0x4, 0x8000)
sendmsg$nl_xfrm(r7, &(0x7f00000012c0)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001280)={&(0x7f00000010c0)=@newpolicy={0x1a0, 0x13, 0x120, 0x70bd2d, 0x25dfdbfd, {{@in=@multicast2, @in=@multicast1, 0x4e23, 0x0, 0x4e20, 0x3, 0x2, 0x20, 0x20, 0xff, 0x0, r5}, {0x800, 0x6, 0x10000000, 0x1000, 0x4, 0x2, 0x3, 0x2}, {0x3c60, 0x3fffffffc00000, 0x81, 0x2}, 0xfffffffffffffffb, 0x0, 0x1, 0x0, 0x0, 0x3}, [@replay_esn_val={0x28, 0x17, {0x3, 0x70bd27, 0x70bd2c, 0x70bd26, 0x70bd2c, 0x8001, [0x6, 0x7ff, 0x4]}}, @algo_auth_trunc={0xb4, 0x14, {{'sha3-224\x00'}, 0x340, 0x0, "3935c1e0b2624d68210ca7e6f0a9c43a99c19b4ad804595f3563e23d193871c4aa15814abb081aac255fae2c6d7ba4bbf1cae18bcd30e090a583ae5b0759072d332573ab1f129d222b074b3b25674157507ad6602212df8bf8429b1f3779b202a2ad8b2ea49e0e22"}}, @policy_type={0xc, 0x10, {0x1}}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4010)
setsockopt$bt_hci_HCI_FILTER(r8, 0x0, 0x2, &(0x7f0000001300)={0x8, 0x3e527f7c, 0x80000000, 0x9}, 0x10)
ioctl$BLKRESETZONE(r7, 0x40101283, &(0x7f0000001340)={0x7fff, 0x9})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000001380)={0x5, 0x8, 0xcf0, 0x5be, 0xfffffffffffffff9})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000013c0))

04:55:26 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001180)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000002c0)=""/172, 0xac}], 0x1}}], 0x1, 0x0, 0x0)

04:55:26 executing program 0:
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000000)="240000002c000900ff03f4f9002104000a04f51108000100020100020800028001000000", 0x24)

04:55:26 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x1)
ioctl$int_in(r0, 0x8000008004500f, 0x0)

04:55:26 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = getpid()
rt_tgsigqueueinfo(r1, r1, 0x2000000000000013, &(0x7f00000003c0))
ptrace(0x10, r1)
ptrace$getregset(0x18, r1, 0x0, 0x0)

04:55:26 executing program 1:
openat$tun(0xffffffffffffff9c, 0x0, 0x80, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = syz_open_dev$vcsn(0x0, 0x0, 0x2)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0)
perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x800005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setpriority(0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0x1d, r1, &(0x7f0000000080)='cifs.spnego\x00', &(0x7f00000000c0)='trusted\x00')
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000380)=""/210, &(0x7f0000000180)=0xd2)
keyctl$restrict_keyring(0x1d, 0x0, &(0x7f0000000200)='trusted\x00', &(0x7f00000002c0)='\xaf\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xdf\xffc\x8a\xb3\x95\xe2\xdc\x1b5%\x9c\xa7\fy\x02\x9b]\x13\x9a\xce\xbeY\xf1\xe4d\xd5\xe3k\xf5A\xe1\x00\x8bE9IO\xba.\xd9\xfd\xa7\x1e\xa6\xe0\xc1\x17\x05\xc4\xb8\x8d\n\x17F\xcd\x83c\x84\x88\x00\xa0\x9a\xe2K\xb0D9\x00\x00\x00\x00\x00\x00\x00\b~\x906!\xfbv\xde\x85Kf\x9b\xee')
prctl$PR_GET_TIMERSLACK(0x1e)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)

[  177.739819] audit: type=1400 audit(1556168126.036:37): avc:  denied  { map } for  pid=7046 comm="syz-fuzzer" path="/root/syzkaller-shm740790985" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[  177.787048] audit: type=1400 audit(1556168126.086:38): avc:  denied  { map } for  pid=7063 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13792 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[  178.310574] IPVS: ftp: loaded support on port[0] = 21
[  178.607141] IPVS: ftp: loaded support on port[0] = 21
[  178.657002] chnl_net:caif_netlink_parms(): no params data found
[  178.720843] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.727605] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.734912] device bridge_slave_0 entered promiscuous mode
[  178.742972] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.749533] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.757137] device bridge_slave_1 entered promiscuous mode
[  178.780798] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  178.790619] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  178.815434] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  178.823790] team0: Port device team_slave_0 added
[  178.836539] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  178.843795] IPVS: ftp: loaded support on port[0] = 21
[  178.844144] team0: Port device team_slave_1 added
[  178.862014] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  178.888420] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  178.982707] device hsr_slave_0 entered promiscuous mode
[  179.020527] device hsr_slave_1 entered promiscuous mode
[  179.070563] chnl_net:caif_netlink_parms(): no params data found
[  179.081095] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  179.096093] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  179.143522] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.150140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.157258] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.163765] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.181874] IPVS: ftp: loaded support on port[0] = 21
[  179.205023] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.211542] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.218553] device bridge_slave_0 entered promiscuous mode
[  179.226040] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.232983] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.240491] device bridge_slave_1 entered promiscuous mode
[  179.316312] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  179.342803] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  179.380998] chnl_net:caif_netlink_parms(): no params data found
[  179.422928] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  179.431139] team0: Port device team_slave_0 added
[  179.437008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  179.446635] team0: Port device team_slave_1 added
[  179.452871] IPVS: ftp: loaded support on port[0] = 21
[  179.465793] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  179.478664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  179.573353] device hsr_slave_0 entered promiscuous mode
[  179.610509] device hsr_slave_1 entered promiscuous mode
[  179.672642] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  179.707215] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.714616] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.724203] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  179.735642] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.742382] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.749425] device bridge_slave_0 entered promiscuous mode
[  179.758988] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.765529] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.772840] device bridge_slave_1 entered promiscuous mode
[  179.794768] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.855898] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  179.875353] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  179.894264] chnl_net:caif_netlink_parms(): no params data found
[  179.903900] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  179.913545] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  179.925920] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  179.932625] IPVS: ftp: loaded support on port[0] = 21
[  179.943910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  179.953410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  179.995324] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  180.002900] 8021q: adding VLAN 0 to HW filter on device team0
[  180.023885] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  180.031746] team0: Port device team_slave_0 added
[  180.040393] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  180.047615] team0: Port device team_slave_1 added
[  180.073131] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.079617] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.087049] device bridge_slave_0 entered promiscuous mode
[  180.095080] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.101513] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.108706] device bridge_slave_1 entered promiscuous mode
[  180.129324] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  180.137147] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  180.223791] device hsr_slave_0 entered promiscuous mode
[  180.290474] device hsr_slave_1 entered promiscuous mode
[  180.361160] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  180.377209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  180.387159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  180.407619] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  180.431208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  180.440740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  180.448411] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.454945] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.463041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  180.471107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  180.478737] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.485182] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.496044] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  180.508471] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  180.532514] chnl_net:caif_netlink_parms(): no params data found
[  180.565783] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  180.573619] team0: Port device team_slave_0 added
[  180.579511] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  180.586958] team0: Port device team_slave_1 added
[  180.593294] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  180.601751] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  180.615781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  180.623963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  180.632654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  180.641424] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  180.649190] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  180.667061] 8021q: adding VLAN 0 to HW filter on device bond0
[  180.680612] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  180.711701] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  180.724544] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  180.746345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  180.754948] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  180.762662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  180.769581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  180.776770] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  180.822362] device hsr_slave_0 entered promiscuous mode
[  180.860659] device hsr_slave_1 entered promiscuous mode
[  180.901683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  180.908958] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  180.918778] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  180.925370] 8021q: adding VLAN 0 to HW filter on device team0
[  180.934229] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.941053] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.948117] device bridge_slave_0 entered promiscuous mode
[  180.956017] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.962491] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.969901] device bridge_slave_1 entered promiscuous mode
[  180.976607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  180.984783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  180.993130] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  181.002155] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  181.016989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  181.036419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  181.045443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  181.053288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  181.061578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  181.069232] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.075692] bridge0: port 1(bridge_slave_0) entered forwarding state
[  181.083400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  181.093820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  181.109539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  181.126973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  181.136333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  181.145052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  181.153454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  181.161656] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.168989] bridge0: port 2(bridge_slave_1) entered forwarding state
[  181.192656] 8021q: adding VLAN 0 to HW filter on device bond0
[  181.208957] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  181.225439] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  181.262377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  181.277462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  181.289218] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  181.299503] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  181.307100] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  181.324006] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  181.331678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  181.341532] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  181.351384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  181.374154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  181.382291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  181.393434] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  181.402798] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  181.417322] chnl_net:caif_netlink_parms(): no params data found
[  181.426307] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  181.433839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  181.441281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  181.448296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  181.456360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  181.466886] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  181.473736] 8021q: adding VLAN 0 to HW filter on device team0
[  181.483785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  181.494942] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  181.502443] team0: Port device team_slave_0 added
[  181.515528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  181.525054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  181.533474] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  181.541275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  181.550507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  181.559120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  181.570705] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  181.576784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  181.584310] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  181.592581] team0: Port device team_slave_1 added
[  181.607520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  181.615655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  181.623443] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.629823] bridge0: port 1(bridge_slave_0) entered forwarding state
[  181.636909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  181.644513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  181.652395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  181.664678] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  181.679920] 8021q: adding VLAN 0 to HW filter on device batadv0
[  181.696429] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  181.705764] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  181.726933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  181.735348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  181.744600] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.751040] bridge0: port 2(bridge_slave_1) entered forwarding state
[  181.763057] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  181.774021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  181.843900] device hsr_slave_0 entered promiscuous mode
[  181.880517] device hsr_slave_1 entered promiscuous mode
[  181.961083] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  181.968241] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  181.982262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  181.993616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  182.016327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  182.024059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  182.032663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  182.040806] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  182.048497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  182.068899] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.076962] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.085439] device bridge_slave_0 entered promiscuous mode
[  182.093317] 8021q: adding VLAN 0 to HW filter on device batadv0
[  182.110170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  182.117716] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.124956] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.132202] device bridge_slave_1 entered promiscuous mode
[  182.143234] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  182.153298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  182.161990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  182.172561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  182.204995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  182.214193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  182.224628] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  182.237552] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  182.257395] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  182.277371] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.287175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  182.295726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  182.307990] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  182.316315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  182.350905] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  182.359193] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  182.368800] team0: Port device team_slave_0 added
[  182.375817] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  182.384346] team0: Port device team_slave_1 added
[  182.392937] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  182.409117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  182.422901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  182.426942] audit: type=1400 audit(1556168130.726:39): avc:  denied  { create } for  pid=7107 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  182.441189] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  182.465513] audit: type=1400 audit(1556168130.766:40): avc:  denied  { write } for  pid=7107 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  182.474123] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  182.501543] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
04:55:30 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x4c, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

[  182.508277] 8021q: adding VLAN 0 to HW filter on device team0
[  182.517112] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  182.535628] 8021q: adding VLAN 0 to HW filter on device batadv0
[  182.543009] audit: type=1400 audit(1556168130.766:41): avc:  denied  { read } for  pid=7107 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  182.557205] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.588951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  182.617335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  182.626653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  182.638463] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.645007] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.646792] audit: type=1400 audit(1556168130.946:42): avc:  denied  { map } for  pid=7111 comm="syz-executor.5" path="/dev/binder0" dev="devtmpfs" ino=548 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[  182.654661] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  182.687257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  182.693818] hrtimer: interrupt took 46151 ns
[  182.703520] binder: 7111:7119 ioctl c018620b 0 returned -14
[  182.715501] audit: type=1400 audit(1556168131.016:43): avc:  denied  { set_context_mgr } for  pid=7111 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
[  182.738688] binder: 7111:7114 BC_ACQUIRE_DONE u0000000000000000 node 3 cookie mismatch 0000000000000048 != 0000000000000000
[  182.740310] audit: type=1400 audit(1556168131.016:44): avc:  denied  { call } for  pid=7111 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
[  182.773408] audit: type=1400 audit(1556168131.026:45): avc:  denied  { transfer } for  pid=7111 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
[  182.802346] device hsr_slave_0 entered promiscuous mode
[  182.850915] device hsr_slave_1 entered promiscuous mode
[  182.890707] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  182.897974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  182.905526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  182.913429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  182.921765] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.928223] bridge0: port 2(bridge_slave_1) entered forwarding state
[  182.937476] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  182.952405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  182.969585] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  182.977363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  182.986101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  182.993547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  183.005085] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  183.019586] 8021q: adding VLAN 0 to HW filter on device team0
[  183.042960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
04:55:31 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070")
r1 = socket(0x20000000000000a, 0x2, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000dbb000), &(0x7f0000329000)=0x4)

[  183.055814] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  183.064039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  183.085537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  183.095004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
04:55:31 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x80005, 0x0)
r1 = socket$unix(0x1, 0x1000000005, 0x0)
bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8)
listen(r1, 0x0)
connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8)
r2 = dup2(r0, r1)
sendto$inet6(r2, 0x0, 0xfffffffffffffd28, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000000), 0x2d4e6c0a512f87d, 0x0, 0x0)

[  183.103513] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.109915] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.117917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  183.127167] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  183.138749] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  183.164275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  183.191254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  183.199419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  183.213331] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.219808] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.229758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  183.244004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
04:55:31 executing program 0:
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
mount$9p_xen(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, 0x0)

[  183.272943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  183.282877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
04:55:31 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070")
r1 = socket(0x20000000000000a, 0x2, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000dbb000), &(0x7f0000329000)=0x4)

04:55:31 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x1)
ioctl$int_in(r1, 0x80000080045017, 0x0)

[  183.319023] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  183.334639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  183.352269] binder: 7111:7119 ioctl c018620b 0 returned -14
[  183.356106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  183.387209] binder: 7111:7141 BC_ACQUIRE_DONE u0000000000000000 node 6 cookie mismatch 0000000000000048 != 0000000000000000
[  183.389589] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  183.417450] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  183.429727] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
04:55:31 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x4c, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

[  183.449895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  183.459850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  183.481516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  183.502223] binder: send failed reply for transaction 2 to 7111:7114
[  183.508966] binder: send failed reply for transaction 5 to 7111:7141
[  183.516563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  183.519239] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  183.535866] binder: undelivered TRANSACTION_ERROR: 29189
[  183.542406] binder: undelivered TRANSACTION_ERROR: 29189
[  183.557433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  183.563529] binder: 7151:7153 ioctl c018620b 0 returned -14
[  183.566148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  183.586326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  183.603026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  183.609777] binder: 7151:7153 BC_ACQUIRE_DONE u0000000000000000 node 10 cookie mismatch 0000000000000048 != 0000000000000000
[  183.612038] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  183.629620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  183.637396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  183.645818] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  183.657146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  183.669313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  183.677922] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  183.688906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  183.702477] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  183.708618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  183.716748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  183.725841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  183.736696] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  183.743718] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  183.768443] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  183.783587] 8021q: adding VLAN 0 to HW filter on device bond0
[  183.791019] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  183.802891] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.814958] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  183.826190] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.837719] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  183.845452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  183.853950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  183.865057] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  183.871591] 8021q: adding VLAN 0 to HW filter on device team0
[  183.887060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  183.894793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  183.904263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  183.912521] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.918962] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.927004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  183.937824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  183.947371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  183.956425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  183.964707] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.971175] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.981197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  183.991631] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  183.999157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  184.013107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  184.041135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  184.052494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  184.060995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  184.069207] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  184.077417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  184.086803] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  184.126071] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  184.146147] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  184.156103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  184.164413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  184.174526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  184.183503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  184.191657] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  184.201500] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  184.207614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  184.235801] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
04:55:32 executing program 2:
openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000000500)='nbd\x00')
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000001780)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="28000000000000002900000002000000fe8000000000000000000000a40a00000000080000000000"], 0x28}, 0x0)

04:55:32 executing program 0:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x4c, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

04:55:32 executing program 4:
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
fallocate(r0, 0x10, 0x0, 0x3f)
lseek(r0, 0x0, 0x3)

04:55:32 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r1, 0x5382, 0x0)

[  184.256085] 8021q: adding VLAN 0 to HW filter on device batadv0
[  184.286318] binder: release 7151:7153 transaction 9 out, still active
[  184.337371] binder: send failed reply for transaction 9, target dead
[  184.366851] binder: 7182:7188 ioctl c018620b 0 returned -14
[  184.399965] binder: 7182:7188 BC_ACQUIRE_DONE u0000000000000000 node 14 cookie mismatch 0000000000000048 != 0000000000000000
[  185.103817] binder: release 7182:7188 transaction 13 out, still active
[  185.117420] binder: send failed reply for transaction 13, target dead
04:55:33 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r1, 0x227e, 0x0)

04:55:33 executing program 5:
clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x2000000000000013, &(0x7f00000003c0))
ptrace(0x10, r0)
ptrace$getregset(0x2, r0, 0xffffffffff5ffffe, 0x0)

04:55:33 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0xfb, &(0x7f00000003c0)=""/251, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10)

04:55:33 executing program 3:
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
fallocate(r0, 0x0, 0x0, 0x1000100)
write$P9_RXATTRWALK(r0, &(0x7f0000000040)={0xf}, 0xf)
lseek(r0, 0x0, 0x3)

04:55:33 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070")
r1 = socket(0x20000000000000a, 0x2, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000dbb000), &(0x7f0000329000)=0x4)

04:55:33 executing program 0:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x4c, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

04:55:33 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r1, 0x2282, 0x0)

04:55:33 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070")
r1 = socket(0x20000000000000a, 0x2, 0x0)
getsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000dbb000), &(0x7f0000329000)=0x4)

04:55:33 executing program 2:
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
lseek(r0, 0x800000000003, 0x0)

04:55:34 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070")
r1 = socket(0x20000000000000a, 0x2, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x8, &(0x7f0000dbb000), &(0x7f0000329000)=0x4)

[  185.627617] binder: 7212:7216 ioctl c018620b 0 returned -14
[  185.655933] binder: 7212:7216 BC_ACQUIRE_DONE u0000000000000000 node 18 cookie mismatch 0000000000000048 != 0000000000000000
04:55:34 executing program 4:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

04:55:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r1, 0x2289, 0x0)

04:55:34 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="65f336224bdd3b533505b3540906a7"], 0xf)
sendfile(r2, r2, &(0x7f00000001c0), 0xa198)

[  185.864791] binder: 7241:7251 ioctl c018620b 0 returned -14
[  185.888436] binder: BINDER_SET_CONTEXT_MGR already set
[  185.897527] binder: 7241:7242 ioctl 40046207 0 returned -16
[  185.913235] binder: 7241:7242 BC_ACQUIRE_DONE u0000000000000000 node 21 cookie mismatch 0000000000000048 != 0000000000000000
04:55:34 executing program 5:

04:55:34 executing program 1:

04:55:34 executing program 2:

04:55:34 executing program 3:

04:55:34 executing program 0:

04:55:34 executing program 4:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

[  186.367439] binder: send failed reply for transaction 17 to 7212:7216
[  186.375459] binder: send failed reply for transaction 20 to 7241:7242
[  186.385713] binder: 7241:7242 ioctl c018620b 0 returned -14
[  186.391768] binder: undelivered TRANSACTION_ERROR: 29189
[  186.403090] binder: 7241:7242 transaction failed 29189/-22, size 24-8 line 2802
04:55:34 executing program 0:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

04:55:34 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

04:55:34 executing program 1:

04:55:34 executing program 2:

04:55:34 executing program 5:

[  186.542821] binder: 7264:7268 ioctl c018620b 0 returned -14
[  186.575015] binder: 7270:7272 ioctl c018620b 0 returned -14
04:55:34 executing program 1:

04:55:34 executing program 2:

[  186.592977] binder: 7271:7275 ioctl c018620b 0 returned -14
[  186.603185] binder: 7264:7281 BC_ACQUIRE_DONE u0000000000000000 node 27 cookie mismatch 0000000000000048 != 0000000000000000
[  186.632069] binder: BINDER_SET_CONTEXT_MGR already set
04:55:34 executing program 5:

[  186.646589] binder: BINDER_SET_CONTEXT_MGR already set
[  186.654524] binder: 7270:7272 ioctl 40046207 0 returned -16
[  186.662105] binder: 7271:7275 ioctl 40046207 0 returned -16
[  186.685757] binder: 7270:7282 BC_ACQUIRE_DONE u0000000000000000 node 30 cookie mismatch 0000000000000048 != 0000000000000000
04:55:35 executing program 1:

04:55:35 executing program 5:

04:55:35 executing program 2:

[  186.698801] binder: 7271:7287 BC_ACQUIRE_DONE u0000000000000000 node 33 cookie mismatch 0000000000000048 != 0000000000000000
04:55:35 executing program 4:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

04:55:35 executing program 0:

04:55:35 executing program 3:

04:55:35 executing program 5:

04:55:35 executing program 1:

04:55:35 executing program 2:

[  187.263972] binder: release 7264:7281 transaction 26 out, still active
[  187.277380] binder: send failed reply for transaction 26, target dead
[  187.288357] binder: send failed reply for transaction 29 to 7270:7282
[  187.300157] binder: send failed reply for transaction 32 to 7271:7287
04:55:35 executing program 2:

04:55:35 executing program 5:

04:55:35 executing program 1:

[  187.374632] binder: 7299:7300 ioctl c018620b 0 returned -14
04:55:35 executing program 3:

04:55:35 executing program 0:

04:55:35 executing program 5:

[  187.456906] binder: 7299:7300 BC_ACQUIRE_DONE u0000000000000000 node 37 cookie mismatch 0000000000000048 != 0000000000000000
04:55:36 executing program 4:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)})

04:55:36 executing program 2:

04:55:36 executing program 1:

04:55:36 executing program 0:

04:55:36 executing program 3:

04:55:36 executing program 5:
mkdir(&(0x7f0000027000)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
open$dir(&(0x7f0000000000)='./file0/bus\x00', 0x88040, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')

[  188.124436] binder: release 7299:7300 transaction 36 out, still active
[  188.136210] binder: send failed reply for transaction 36, target dead
04:55:36 executing program 3:
syz_open_dev$dmmidi(0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00')
ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0)
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0)
syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000700), 0x100000000000010b)

04:55:36 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x80005, 0x0)
ioctl$SIOCSIFMTU(r0, 0x89a0, &(0x7f00000000c0)={'team0\x00', 0x892})
ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0)

04:55:36 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
poll(&(0x7f00000016c0)=[{r1}], 0x1, 0x6d)

[  188.182685] audit: type=1804 audit(1556168136.486:46): pid=7329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir138794837/syzkaller.A0mSBF/11/file0/bus" dev="ramfs" ino=27080 res=1
04:55:36 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000100)=[{r1}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000300))

04:55:36 executing program 5:
mknod(&(0x7f0000000100)='./bus\x00', 0x3a0914c44f7b802c, 0x1b00)
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x400000003fd, 0x0)
pwritev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)="8150372e", 0x4}], 0x1, 0x0)

[  188.241819] binder: 7330:7331 ioctl c018620b 0 returned -14
[  188.262743] binder: 7330:7331 BC_ACQUIRE_DONE u0000000000000000 node 41 cookie mismatch 0000000000000048 != 0000000000000000
04:55:36 executing program 0:
add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000340)='@', 0x1, 0xfffffffffffffffb)

04:55:37 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000540)=""/11, 0x485)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
r2 = dup2(r1, r1)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x2000021c)
clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, 0x0, 0x0)
r3 = dup2(r0, r1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0)

04:55:37 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x1, 0x0)
ioctl$TCSETX(0xffffffffffffffff, 0x5433, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
write$P9_ROPEN(r0, &(0x7f0000000080)={0x18}, 0x18)

04:55:37 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f00000002c0)={0x0, {{0x2, 0x0, @multicast1}}}, 0x108)

04:55:37 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:37 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
fcntl$dupfd(r0, 0x11, r0)

[  188.996725] binder: send failed reply for transaction 40 to 7330:7331
[  189.008933] binder: undelivered TRANSACTION_ERROR: 29189
04:55:37 executing program 0:
shmget(0x1, 0x1000, 0x0, &(0x7f0000a86000/0x1000)=nil)

04:55:37 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080))
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040))
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000300))

04:55:37 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x80005, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'team0\x00', 0x892})
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x20000, 0x0)

04:55:37 executing program 2:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000900)='proc\x00P\xacT@\xd8\x88,\x81\xa4\xf2\xc2;\xf8tRr1c\xe9@\x10\x8b_\xe7\x97\xbdN<u@G\x9b\xb5\xd5\x90\x03Cg\x86(\xec&\xeb\x12H\x8dKjo\xdf\x8c\xa9\xd7\xc9cl\xaf\xb7\x12\xd5dr\xba-\xa5\xe3dL\xf7\xb9\xb3\xfd\xc4\xf4\x1b\xb0\x17\xdd\xee\r\x1eX\xae\xa6\xe9\xf1\x9b\xe4\xbb\x10\x04s\b=\xfa\xf6\x1f\x8b&Ps\x19b\x15\xa3F\xe7\x04\x80Nm\x99\xef\xc6\xf5\x98%K\xbd^\xb5\xdc\x8ey1g\xdd\xe2\xbf\xbd\x04\x88\xa8[\xc3Sf\xae\xc9G\x02\xc196\xcc\x94@\x9b\x8a\xbdZ6\xdd\x1d/\xfa\xaf\x8b\x80\xb7\xb7\xc1\xd7\xf4\x05\xc6\x87>\xd8\xa2/\x80\x016\x02\xdf#\xcd\v\x86u\xf90\xda\xf1\xbe\xb2\xf6N\xf7\x960\xe3L\xc9iv\xcb\xcc\xe1Ko[qU0\xa4\x05v\xea<\xa1\x1d&\xd6g\xc4P2\xfbx\xd2\xba\xc0', 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xfffff, 0x0)
r0 = creat(0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
lseek(r0, 0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x6)
pipe2(0x0, 0x0)
r1 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0)
sched_setaffinity(0x0, 0x6, &(0x7f00000003c0)=0x9)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0)
recvmmsg(r1, &(0x7f0000001380), 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400})
sendmsg(r1, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8800, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000440)=""/29, 0x3fa)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = add_key$user(0x0, &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$update(0x2, r2, &(0x7f00000002c0)="0400b908ac95fcc6b7a1e043af9d107037b455def2abd3095154681a6beb848b7d1891e00810512e3805ba652b4dfa196a3e7c15cf1608de7374a6c7a16b049c6316c29bc436292663f7de9312232f26acbef13c5fd454fc2ad3ba503e226d298bbd6204914574c269f487a2faf7d32a8d5e7586ebe48dac31975b1647b0e0c0442678f7dc78102fba6480b0c8645afbf24abfc615c4af1cfaf0a8b25167a726ab1a1f908a4f09df3ad6db531e209910b10fc156a8231e90448fc7eeab15f4657210731138f8bf641f555a6c23a74185f127c6e5f9f1d8d1", 0xd8)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$instantiate_iov(0x14, r2, &(0x7f0000000240), 0x0, 0x0)

04:55:37 executing program 0:
gettid()
timer_create(0x8000000009, 0x0, &(0x7f0000000200))
timer_settime(0x0, 0xfffffffffffffffe, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0xe4c}}, 0x0)

04:55:37 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x80005, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'team0\x00', 0x892})
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x20000, 0x0)

[  189.254184] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
04:55:37 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000540)=""/11, 0x485)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
r2 = dup2(r1, r1)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x2000021c)
clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f")
setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, 0x0, 0x0)
r3 = dup2(r0, r1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0)

[  189.297935] audit: type=1400 audit(1556168137.596:47): avc:  denied  { wake_alarm } for  pid=7397 comm="syz-executor.0" capability=35  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1
[  189.307879] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.443109] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.455916] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.468573] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.479256] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.495448] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.505522] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.526228] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  189.539099] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
04:55:38 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070")
r1 = syz_open_dev$sndtimer(&(0x7f0000000180)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, 0x0)

04:55:38 executing program 3:
mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$loop(&(0x7f0000001400)='/dev/loop#\x00', 0x0, 0x40000100083)
clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)

04:55:38 executing program 2:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000900)='proc\x00P\xacT@\xd8\x88,\x81\xa4\xf2\xc2;\xf8tRr1c\xe9@\x10\x8b_\xe7\x97\xbdN<u@G\x9b\xb5\xd5\x90\x03Cg\x86(\xec&\xeb\x12H\x8dKjo\xdf\x8c\xa9\xd7\xc9cl\xaf\xb7\x12\xd5dr\xba-\xa5\xe3dL\xf7\xb9\xb3\xfd\xc4\xf4\x1b\xb0\x17\xdd\xee\r\x1eX\xae\xa6\xe9\xf1\x9b\xe4\xbb\x10\x04s\b=\xfa\xf6\x1f\x8b&Ps\x19b\x15\xa3F\xe7\x04\x80Nm\x99\xef\xc6\xf5\x98%K\xbd^\xb5\xdc\x8ey1g\xdd\xe2\xbf\xbd\x04\x88\xa8[\xc3Sf\xae\xc9G\x02\xc196\xcc\x94@\x9b\x8a\xbdZ6\xdd\x1d/\xfa\xaf\x8b\x80\xb7\xb7\xc1\xd7\xf4\x05\xc6\x87>\xd8\xa2/\x80\x016\x02\xdf#\xcd\v\x86u\xf90\xda\xf1\xbe\xb2\xf6N\xf7\x960\xe3L\xc9iv\xcb\xcc\xe1Ko[qU0\xa4\x05v\xea<\xa1\x1d&\xd6g\xc4P2\xfbx\xd2\xba\xc0', 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xfffff, 0x0)
r0 = creat(0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
lseek(r0, 0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x6)
pipe2(0x0, 0x0)
r1 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0)
sched_setaffinity(0x0, 0x6, &(0x7f00000003c0)=0x9)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0)
recvmmsg(r1, &(0x7f0000001380), 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400})
sendmsg(r1, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8800, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000440)=""/29, 0x3fa)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = add_key$user(0x0, &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$update(0x2, r2, &(0x7f00000002c0)="0400b908ac95fcc6b7a1e043af9d107037b455def2abd3095154681a6beb848b7d1891e00810512e3805ba652b4dfa196a3e7c15cf1608de7374a6c7a16b049c6316c29bc436292663f7de9312232f26acbef13c5fd454fc2ad3ba503e226d298bbd6204914574c269f487a2faf7d32a8d5e7586ebe48dac31975b1647b0e0c0442678f7dc78102fba6480b0c8645afbf24abfc615c4af1cfaf0a8b25167a726ab1a1f908a4f09df3ad6db531e209910b10fc156a8231e90448fc7eeab15f4657210731138f8bf641f555a6c23a74185f127c6e5f9f1d8d1", 0xd8)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$instantiate_iov(0x14, r2, &(0x7f0000000240), 0x0, 0x0)

04:55:38 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:38 executing program 4:
syz_open_dev$dmmidi(0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00')
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0)
syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0)
writev(r2, &(0x7f0000000700), 0x100000000000010b)

[  189.976039] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
04:55:38 executing program 3:
syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0)
close(r1)
openat$cgroup_ro(r0, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0)
readv(r1, &(0x7f00000002c0), 0x10000000000002f3)

04:55:38 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000002c0)={0x0, {{0x2, 0x0, @multicast1}}}, 0x108)

04:55:38 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
ppoll(&(0x7f0000000100)=[{r1}, {r0}], 0x2, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000300))

04:55:38 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000000)=0x1, 0x4)
sendmmsg(r0, &(0x7f0000001980)=[{{&(0x7f00000008c0)=@nfc={0x27, 0x1}, 0x80, 0x0}}], 0x1, 0x0)

04:55:38 executing program 0:
rt_sigprocmask(0x0, &(0x7f0000039ff8)={0xfffffffffffffffa}, 0x0, 0x8)
r0 = gettid()
timer_create(0x8000000009, &(0x7f00000001c0)={0x0, 0x3e, 0x4, @tid=r0}, &(0x7f0000000200))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

04:55:38 executing program 3:
r0 = socket$inet6(0x18, 0x2, 0x0)
r1 = dup2(r0, r0)
sendmsg$unix(r1, &(0x7f0000001700)={&(0x7f0000000300)=ANY=[@ANYBLOB="fb182e696c653000"], 0x1, 0x0}, 0x0)

04:55:38 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c)
sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)

04:55:38 executing program 2:
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)

04:55:38 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151)
connect$inet6(r0, &(0x7f0000000040), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200001e4)
r2 = memfd_create(&(0x7f0000000180)='dev ', 0x3)
write(r2, &(0x7f00000011c0)="16", 0x1)
sendfile(r1, r2, &(0x7f0000000000), 0xffff)
clone(0x3102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
fcntl$addseals(r2, 0x409, 0x8)
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1)

04:55:38 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151)
connect$inet6(r0, &(0x7f0000000040), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200001e4)
r2 = memfd_create(&(0x7f0000000180)='dev ', 0x3)
write(r2, &(0x7f00000011c0)="16", 0x1)
sendfile(r1, r2, &(0x7f0000000000), 0xffff)
clone(0x3102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_execute_func(&(0x7f0000000080)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c4c1585e5c2b71660f3a426306f5")
fcntl$addseals(r2, 0x409, 0x8)
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1)

04:55:39 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:39 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, "47951cec2e06d296031b913adab81d0ca2d6f770b895513fbaf7e0c87ded59090afdb6ad3cbf604a59d12a2678864c48100ed0d6a97612d549a5a0c5e7694190", "7f4e120aa2ba61ef7258649c631a31485e15a22d35c2edafd3ff6eda9066d9bc13c7eaed6e7dbd089d0dd73dbc87c54c957bd4de27b3525c7ba757f2349fc8fe", "b4a7738dfa449b037e1f16b5278d94d5f661f4e91a3112b53052e3e54ae60e5a"})

04:55:39 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000540)=""/11, 0x485)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
r2 = dup2(r1, r1)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x2000021c)
clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f")
setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, 0x0, 0x0)
r3 = dup2(r0, r1)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

04:55:39 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r1, 0xae78, 0x0)

04:55:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r1, 0x4008ae48, &(0x7f00000023c0))

04:55:39 executing program 1:
r0 = socket(0xa, 0x80005, 0x0)
sysinfo(&(0x7f0000000100)=""/68)
setsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, 0x0, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'team0\x00', 0x892})
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
get_mempolicy(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000003000/0x4000)=nil, 0x3)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000040)={'team0\x00`\xff\xff\xfd\x00 `\x00L\x00', 0x4ff})

04:55:39 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x80005, 0x0)
ioctl$SIOCSIFMTU(r0, 0x894c, &(0x7f00000000c0)={'team0\x00', 0x892})
ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0)

04:55:39 executing program 1:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[], 0x0)
r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0)
r2 = creat(0x0, 0x98)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000), 0x2)
write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x1)
r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x100, r4, 0x200, 0x70bd26, 0x0, {}, [@TIPC_NLA_BEARER={0x38, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x100}}, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

04:55:39 executing program 4:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2000000088)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x10)
recvmmsg(r0, &(0x7f0000000180), 0x400000000000370, 0x6, &(0x7f0000000100)={0x77359400})

04:55:39 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
shmat(0x0, &(0x7f0000ffa000/0x4000)=nil, 0x0)

04:55:42 executing program 3:

04:55:42 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:42 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x6c, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7, 0x60}}], 0x48}, 0x0)

04:55:42 executing program 1:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[], 0x0)
r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0)
r2 = creat(0x0, 0x98)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000), 0x2)
write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x1)
r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x100, r4, 0x200, 0x70bd26, 0x0, {}, [@TIPC_NLA_BEARER={0x38, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x100}}, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

04:55:42 executing program 2:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[], 0x0)
r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0)
r2 = creat(0x0, 0x98)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000), 0x2)
write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x1)
r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x100, r4, 0x200, 0x70bd26, 0x0, {}, [@TIPC_NLA_BEARER={0x38, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x100}}, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

04:55:42 executing program 0:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r1, 0x4010ae42, &(0x7f0000000340))

04:55:42 executing program 3:
r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
ioctl(r0, 0x80040084149, &(0x7f0000000040)='T')

04:55:43 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x20000000000031, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000100)={{}, 'port0\x00'})

04:55:43 executing program 4:
syz_execute_func(&(0x7f0000000100)="410f01f964ff0941c34b0fae6650c4e2c99758423e46d87312c461c5ddf13e0f1110c442019dcc6f")
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x9e89)
clone(0x1fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
connect$inet6(r0, &(0x7f0000000040), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0xfdf2)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000140), 0x4)
ioctl$sock_SIOCBRADDBR(r1, 0x89a0, 0x0)

[  194.668745] rdma_op ffff88805e7195d8 conn xmit_rdma           (null)
04:55:43 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070")
prctl$PR_SET_TSC(0x1a, 0x2)

04:55:43 executing program 4:
perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c65, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/net/tun\x00', 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6, @broadcast}, 0x10)
r2 = dup2(r1, r0)
setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000100)={0x0, 0x1, 0x6, @link_local}, 0x10)

04:55:43 executing program 3:

04:55:43 executing program 0:

04:55:43 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:43 executing program 2:

04:55:43 executing program 1:

04:55:43 executing program 3:

04:55:43 executing program 0:

04:55:43 executing program 4:

04:55:43 executing program 2:

04:55:43 executing program 1:

04:55:43 executing program 4:

04:55:43 executing program 0:

04:55:43 executing program 4:

04:55:43 executing program 3:

04:55:44 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:44 executing program 2:

04:55:44 executing program 1:

04:55:44 executing program 3:

04:55:44 executing program 0:

04:55:44 executing program 4:

04:55:44 executing program 2:

04:55:44 executing program 3:

04:55:44 executing program 4:

04:55:44 executing program 2:

04:55:44 executing program 3:

04:55:44 executing program 0:

04:55:45 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:45 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f319bd070")
r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video35\x00', 0x2, 0x0)
dup2(r0, r2)

04:55:45 executing program 0:
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x2b)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @local}}, 0x1e)

04:55:45 executing program 3:
mknod(&(0x7f0000000040)='./bus\x00', 0x8000, 0x4500)
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x40045720, &(0x7f0000000180))

04:55:45 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x508, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10)
sendto$inet(r0, &(0x7f0000000080), 0x270, 0x4008000, 0x0, 0x0)

04:55:45 executing program 4:
syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00')
ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0)
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000700), 0x100000000000010b)

04:55:45 executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000240000003c00000009000000"], 0x0, 0x18, 0x0, 0x1}, 0x20)

04:55:45 executing program 3:
mknod(&(0x7f0000000040)='./bus\x00', 0x8000, 0x4500)
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x40045720, &(0x7f0000000180))

04:55:45 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {}, {0x2, 0x0, @remote}, {0x2, 0x0, @broadcast}, 0x2a8})
ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000180)={0x0, {}, {0x2, 0x0, @local}, {0x2, 0x0, @broadcast}, 0xab042fbbe6fbd72e, 0x0, 0x0, 0x0, 0x4})

04:55:45 executing program 2:
syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dc86055e0bceec7be070")
mmap(&(0x7f0000004000/0x4000)=nil, 0xa07000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$loop(0x0, 0x0, 0x80080000004a0a)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x0, 0x800})

04:55:45 executing program 0:
syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dc86055e0bceec7be070")
r1 = syz_open_dev$loop(0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r1, 0x402812f6, &(0x7f0000000000))

04:55:45 executing program 4:
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3)
recvmmsg(r0, &(0x7f0000000200), 0x2ab, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000040), 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0)

04:55:46 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:46 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])
socket$inet(0x2, 0x0, 0x1000)

04:55:46 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = getpid()
rt_tgsigqueueinfo(r1, r1, 0x2000000000000013, &(0x7f00000003c0))
ptrace(0x10, r1)
ptrace$getregset(0x11, r1, 0xffffffffff600000, 0x0)

04:55:46 executing program 0:
syz_open_dev$admmidi(0x0, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e20, @multicast1}, 0x10)
r1 = syz_open_dev$sndpcmc(0x0, 0x8, 0x400)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20008800, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000180)="4e9e1562147aab77cf5b1f5ac4bbddf3a1b17bfaae9d994913c869d8ee8f980aa5a5235655efc8422eedd5e7c53a51dffa6c4642e0e50f330037cb64b98eb991b2b33bcca6", 0x45, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x114}}], 0xaf7, 0x2, 0x0)

04:55:46 executing program 2:
munmap(&(0x7f000001c000/0x3000)=nil, 0x3000)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
syz_open_pts(r0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")

04:55:46 executing program 4:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x3f, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3"})
prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x60, &(0x7f00000007c0)})

[  198.060641] binder: 7706:7711 transaction failed 29189/-22, size 24-8 line 2802
[  198.097743] binder: undelivered TRANSACTION_ERROR: 29189
[  198.123559] binder: 7706:7711 transaction failed 29189/-22, size 24-8 line 2802
[  198.136350] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting.
[  198.154822] binder: undelivered TRANSACTION_ERROR: 29189
04:55:46 executing program 4:
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000200), 0x2ab, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x6, 0x101000)
connect$inet6(r0, &(0x7f0000000040), 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0)

[  198.168526] ldm_validate_privheads(): Cannot find PRIVHEAD 1.
[  198.200777]  loop3: p1 p2 p3 p4
04:55:46 executing program 0:
syz_open_dev$admmidi(0x0, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e20, @multicast1}, 0x10)
r1 = syz_open_dev$sndpcmc(0x0, 0x8, 0x400)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20008800, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000180)="4e9e1562147aab77cf5b1f5ac4bbddf3a1b17bfaae9d994913c869d8ee8f980aa5a5235655efc8422eedd5e7c53a51dffa6c4642e0e50f330037cb64b98eb991b2b33bcca6", 0x45, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x114}}], 0xaf7, 0x2, 0x0)

04:55:46 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])
socket$inet(0x2, 0x0, 0x1000)

[  198.612544] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting.
[  198.631417] ldm_validate_privheads(): Cannot find PRIVHEAD 1.
[  198.644664]  loop3: p1 p2 p3 p4
04:55:47 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:47 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @rand_addr=0x5}, 0x10)

[  198.907075] RDS: rds_bind could not find a transport for 0.0.0.5, load rds_tcp or rds_rdma?
04:55:47 executing program 2:
seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0xfffffffffffffffd}]})
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x0, 0x0)
read$rfkill(r0, 0x0, 0x0)

04:55:47 executing program 1:
syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000300), 0x9eef)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000380), 0x10076)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0))

04:55:47 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])
socket$inet(0x2, 0x0, 0x1000)

04:55:47 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
semget(0x1, 0x0, 0x0)

[  199.202541] audit: type=1326 audit(1556168147.506:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7761 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000
04:55:47 executing program 0:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=@in={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="20000000000000008400000008000000ff0200000000000000000000000000019f8b9f5b2c241a4ef7fdd7593cdbde1420e7a9340e19d2d8bb7af96ec11007273da0e407cea10e24057a1e634ebe554e488be986"], 0x54, 0x20000000}], 0x1, 0x0)

04:55:47 executing program 1:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c460505ff00008000000000000002003e00050000009f0000000000000040000000000000008302000000000000070000000600380001000000850a87d80700000004000000060000000000000064f4ffffffffffff0000e0000000000003000000000000000000000000000000a00e00000000000039f6a6e3d70f0b1c418a2fab20edc1a9ac78f121ab4a49ac0013180335374db5ac4812d41b110003c9d94eb9d8e7a553df6ee15ab668b31f1975fdad4b6ada275c90badbba081c23f1ab2c6ab7198bb1bdf95279317f4380ee6536b9ce492db7334a208e8c00c603d7af841c98e6f1a6c9ca4b982ccbfe5b4202cf5b8157535509c9afcbf81d23b18a0d0e52fd17bfaf34c0abf4d793092e4d500d1aadd0ebc243817e419fdc4b45488ef031318f8baa232d4cd31e1805c30415d1fd5156d1750b629a58e432e038372efde5d8d8bf3c135e0a135e46ace4b398c0addc4a623674d3efc764d76a0c9ebf5e3e068ed1465e6b5e0e09baf3e5af8b7da9f94ab97c9f37abb65ba8233827f15000992fb62835b5f51a0380b3c0bdeaef353c76969d496dae836b02fe9e8f4162c8d0f22eae39d4d09c72ab126f8c427e7746b96379adde21d9bdc1b4be80d20e9a521732abe1bf4d7e41308b39914a8d893ef7b659ba337ee546413bbaa80d2b27f1c637101ed6949fec617814377d3985cf3128bd9e4ef4d4b8cf39ba7505abe391c020e41ef0b6790b49aab7ff35e77bce1b536c386ef0074f53658c1e818e659ae6f2a8c041b1ce2480ae04fa13a67e6be713f5bc74aac932bbc7e88c1ed73a8b1a4a0f22700a3186bcbcfebd058e84db95b0baecb33f817b821798ae896810e018d6ddd9ada64becbb364e40b9159e38aa7111545387328c9df772540a9257335be3ffc7254c30a2dbaed47b09c0fad4fe79cf24740974a1439e48892301e0719942b4500d2db55264bcec73269ecd53a050dacb3db90a064bcccd3730a4c94d0441b0746677cb7eea45a2e2ec4aa7e4524e6ca288a2258d4c4cccc4c1f5ae7700a163d2ac55293090ee3ccec110615e3e7ce45830abafb0ed6542ed8636116c7585072b7fa9ab3d6cee532f72b2f64d6ce87d74d8cc7082276c9c622ca09f955acc10668ae8218793d453f2553b5cafc79e26f2e0d03dcfea8485b37f303f645d8eddbf080dd694301609eb5b795892de7053d8d13b034fa96d470ccc588c9b9b44e47a97a7171485b065e8bba415e0ccda1a5e58ef452737007edd31ea472dc354953ea027a64a9161fb882507e4ae05d0ef62627d30638214e50379ef99d3933a8c2d2f8767bb4e2851e049d0de2bd3d0b68840d4928cbc705aabd164a55b24e7af45294cc3c5f9307b59b5d99e140681e1e71f1dd374a2236d9433ede4d79a7b832198a2a5a6400d0ab7b3f732250e9dead0802fc02b2e2e7e7e308ae1538dedb6b828cd1e5bc25cf1846cfd7dcbcfee32e64d58676cf22a6f253d0c050e8018ca3cc2570ea10d60fee6f0b6de974bb38744e4702e63c34e7d601d7c2c23e6d8bcfc8780bc9f47febb03ed0500708c1a2c2cb3ddc6a6ceeb8c0f963e0b19b3c38e448f4b464cfa616d7cf44826a7ef087c536b9ff76b7911cee677203efcd3749a5b0f2613c6d63bfb9284af562e41b8110ae96a5961117aed1a5f6092fff814f35f6d9304ec1f80d2eb91fdca2e834e273f6db003ead3e6d6db4859b0f602b0a9642e8bc14dc20bb114c1709c4fcd353c02cc5bd861bc6c8485eb0c0df9f7054906344fbfae23779f76552ec1e25069a0f82a0d44e94488962db89468cc67c3eef7fe358125e81ba2a41cfddd82a367b8f37233d3692890932229354a810d7f62985d19d752b1940c5c6fe5f0585decbb52dfe7e45aeeda24c0dc9e2edf38af86339a0da1bf52001d3e717fdb6ba0ca30eda83730a90489ec4239ff7175f59446acd55e1a3295211afec28d8c78013038671100cd6eb996c4991d93dd8174006e073b8c278a3fcd032421d4cf069af9677b2b4df6fe4b5bef7bc3c314b3bd1e781918c0fe8a781b654994b8f2716f4cedc59a70e3ad5a678c9e431d99667268c9bfe784c4889a38cf91805e3a7dd01c0f025374b3f84d41e8e2fe089e60a36373dc2973a66ac2b7f4aa8ccfba13cae768ab8364b242c3097a1865ee01551ddc97cf8092c892129569e0fd96c03c9c1e4b2ecc91c23d9642c77309c259016953ace23f35f8cd99a3e949fbc84a5002ee6781b6308e7a751e29404954bc8bd4e00d53f5858d2568f891d8b70fc33c7c238007625b39d0edd07e4ec853d26858568358bac693f306f60e583fb6ca4164287a94053dcb0c5c0546580bc89c0c90cb6dfabe1fa1dbceb87db44ffb2a2935fb4552786af0ebd9bc2e21a04ef7b6de57f6eefbe8ed3efd075edd80c434a1ceea4a2cf6df66cd75042bfc879fd1a634fe917d10e1bddd0fc7e481e76ac5886eefbb345edeef3e9a691e46b2bf5a0ef26a771f29673b893449d46c925437df19b56e5d4683d5b7e4b0d1540b1fcfb328be46d53f8851d2c295f40c16301c84a3441c047f837c9b79e871b13aae8cc2ed46837ab98dde8548485688e3a6112736a555793d1896b53a1e29d45609c241564bf49bd175dfb1f114947e6e0b360cf574d93760396fd2aeff25496c1fdb2bff6b1a7e3ce38021eb90759a4ba6d576d01149f68c8e30bb839a19378e8a38d7c0c7c1d8addd8f7ca16961b63dfc21f9f94b1d4de1a37a8fb5f37859527dda62d8bb2fdf60192942ebf6fb9fa17bb997810f449f252c92f2c8e94998dcf13929351496208b1111fcee8f03ed8a1418d3d76c66a27dde4f7774d3610114c5eb3988ddf7f7c186692f0b9e8d401b82c5f40759e5a36c1f6586e524c49730a608f4fe91ce861d450d4ed34afa650cfe903eff1583e1462235ac3a4f343829af968fed6c030488440c16d3487af10f752c5cdffc48d6ee6c862cc6312a55908106b58aaa827fede382596c2ec9b5a4111d8c29bff6780084b7a3bb6c2df96c6f6054e98c4359ca28cc816817e023df2d5c77494b99e710fe211664b3037e5ca5a73ec97cf3892b855cca5e6de315ffd8da3bc5284977083b57049bcaaaab0af987f5da069f13d26fc9e28846cb2f6916ba578558c2913a9ae917126944c4f273e412ee0468ff65b81f98e9d642884fa6329e51afa89c5d561e6e0134e70eb62620a89f446625c11eb91e2ff187b1fd3eee2035cd2f6f61b17142eb39c02e8e1239a44cfe47e18c5a5d628d4301445b6448d6df49bdc56583128253fe478205dea4c43d919294c3040045731ed01ca2ef38057fa9a162e27882a680f28f2cb06a831ec7561b713d2af6ba759b9ebdaac7611f6af907c802c29b670a3e82d4d473c4454b6f94350052577a38b078432989f403980690c3dc46c44569d9c91ad26cef49beccc55374ee84695fbb3be7256eccdee41ff631a1c23a96e88742391ec11a3186bac31bede8ed49192f4918b641067c69b33eff4c414178e2ae8f384f4441bac2a0d7ff75bbbcd5a78704906ac7eab52438fbf48d9673a332020dd112877ef36512885679ecd3bfd863eb250ad72019f4bd9148c93bae6e11a74bda2fd8a1c7dc64ad90898af45d39e7d961aa48aabab4909d6d0d1e4c254cd6dcdd36958e7deb766948d67780001256ecd2961db27b31a4331073127b7518d51fe4e18e28c0e276a062e84ca78e450e33aaaf765f8b77acfa8890a3b0dbdf3a32ce64b2bc5fb13980240e10116eb204a48fd265b2c45bcf51db5836fe91ca6de8a1f3c019e2709c0a1907e95d988ee3cad98ffec9ce4506a3b3c0fa1a4a9b8911cc692c235789679fe314241ca7c4b13de64a3c4e44f07d32c49fa48ba8b54629b6881695f008ac0c092819c2a98fc2d26f65abbc8b055c87e7fe96d22188ab0661351206b43217c1267ae960d21016170daaedc2441bae8a9092d1f16e8a820ef61e92ccfa2093d064b8921e36b5ddd7b4f0e92f271f9ef6e72a72a106c67dacccd58f5b98bf1c8f03262db735fc8e5f2b846934e02d9312c69ff4e58135fa65a2f8b7c651bf98caf52e2c31ab66a0861c23cfaf5e8e12e601145a8f93c8053cc2bde81bab89bf8d87e2ee053e1fe17f8e33ac899ba96efee6a82093646cfa86aa6e762af055ee6314e0597b72b09a898b912bc5988b12ffed918a90dd8a1e107b43121c90256178e1ddb6b590e53947bb94ca4b8e50912fa2a6b08c27e64786125a0f8199b385b33316f71fc4582d89533f7c1a2ef69970e94fed5f2c8359dda4dc54f57a58caaffcd5820031dcc4922bcf02f0ebd3284863e9b47f485a525036cec41e49fedfc977797f1b0a9ed39bc537250f35ad5f931da5fa0a01e5451527f932a3f2c7f79d6ca2e748498eca0d1694bf447fd1ba111d999ad1ea37096072b3035c9af3b5ea8cb372b4bee4201f6f7919d1ba0e51e19431dd9b4353b17ab5f4c5968bc33ba36f8c08b7c87aa266e70a68a2cf3b272c9ba52e145215fbbfb524c22a741112b7d55d2821a6bb59cc1dc720f25b9589fed6275bce9447d07f6b1abaeca80f2c75e8393819d5ebbdc9c0f1a39e943c20e908858e9195ca1808ab6e512afdc7d0b53eb2b71e3e2c8ad658770dd4dc6805610b691589e93241cf7d14595e8bca00b278d3ac85ee104d336da3a5233b81fc7e6ff6f0cc9bbbee91fb57f3597952720c5d88065c44fa98399a721d090fc631a3691c0428d050c88923dccd1517e2ba68bc3668a39ac3b7b57ad3b5bea94e4fde9c027408d1f4942c42289b73769792e18b06f96ce2004e170a5f764778487d467c5ea4e13f40f3173e024613f14edeb599264f1450202b666b9f24ecb62aba23cde22e0f7e45266e3b76660162ebcb2b52c85d6410e07427431e58a2570824d956ca43aa56a020fbc5d48e71b2f45f7e2c0359073434ceeca33ac9187abbf52d8942c9cbe2da287f87a80c4e2853caa7ccf78bccb07649a73b58f7ecd36cc5b65e5e461c8b39b33445cfa2fe29cacc1a4164e5873984bccc60a8d9f1ea9ecaee4302de5b26ac80b2d402aa25c6a381aa0a8215b20e142d428c80aa94aaf3b6bc947964b9603bc981fdda1bc9a0f7fb0cb153a4b8a9959526f4a15b91cfc8301773fd4bb41e03a5e59586c0fb451987479fdff6ca408642c7355084e5cf7ec0465712f5bffb79ae7f12dbb84e63117c00"/4212], 0x1074)
r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0)
r2 = creat(0x0, 0x98)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000)=0x200, 0x2)
write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="050000000000000065822f6365632301288de17cd359ffb3f7630a4c0a61b8999ca5cbc8d1ba62bdc36576821c6e58e25dd3409dce09768493cd10bc77281ec5f037f8ede266a24a7e5dd5774d33a68a00b39841cbf7852a891fa36ebc19c3a813363fc891c8e7ecca3f508c934eaada6d7c1d3cad883a305c5a7cd282f01858577f3921bcfefd30"], 0x1)
r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x150, r4, 0x200, 0x0, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x7c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x150}, 0x1, 0x0, 0x0, 0xc4}, 0x4)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

[  199.283100] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting.
[  199.304957] ldm_validate_privheads(): Cannot find PRIVHEAD 1.
[  199.311737]  loop3: p1 p2 p3 p4
04:55:47 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])
socket$inet(0x2, 0x0, 0x1000)

[  199.471376] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting.
[  199.498685] ldm_validate_privheads(): Cannot find PRIVHEAD 1.
[  199.538908]  loop3: p1 p2 p3 p4
04:55:47 executing program 4:
munmap(&(0x7f0000de3000/0x3000)=nil, 0x3000)
mlock(&(0x7f0000a00000/0x600000)=nil, 0x600000)
madvise(&(0x7f0000aa2000/0x1000)=nil, 0x1000, 0x5)

04:55:47 executing program 0:
seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0xfffffffffffffffd}]})
shutdown(0xffffffffffffffff, 0x0)

04:55:47 executing program 1:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c460505ff00008000000000000002003e00050000009f0000000000000040000000000000008302000000000000070000000600380001000000850a87d80700000004000000060000000000000064f4ffffffffffff0000e0000000000003000000000000000000000000000000a00e00000000000039f6a6e3d70f0b1c418a2fab20edc1a9ac78f121ab4a49ac0013180335374db5ac4812d41b110003c9d94eb9d8e7a553df6ee15ab668b31f1975fdad4b6ada275c90badbba081c23f1ab2c6ab7198bb1bdf95279317f4380ee6536b9ce492db7334a208e8c00c603d7af841c98e6f1a6c9ca4b982ccbfe5b4202cf5b8157535509c9afcbf81d23b18a0d0e52fd17bfaf34c0abf4d793092e4d500d1aadd0ebc243817e419fdc4b45488ef031318f8baa232d4cd31e1805c30415d1fd5156d1750b629a58e432e038372efde5d8d8bf3c135e0a135e46ace4b398c0addc4a623674d3efc764d76a0c9ebf5e3e068ed1465e6b5e0e09baf3e5af8b7da9f94ab97c9f37abb65ba8233827f15000992fb62835b5f51a0380b3c0bdeaef353c76969d496dae836b02fe9e8f4162c8d0f22eae39d4d09c72ab126f8c427e7746b96379adde21d9bdc1b4be80d20e9a521732abe1bf4d7e41308b39914a8d893ef7b659ba337ee546413bbaa80d2b27f1c637101ed6949fec617814377d3985cf3128bd9e4ef4d4b8cf39ba7505abe391c020e41ef0b6790b49aab7ff35e77bce1b536c386ef0074f53658c1e818e659ae6f2a8c041b1ce2480ae04fa13a67e6be713f5bc74aac932bbc7e88c1ed73a8b1a4a0f22700a3186bcbcfebd058e84db95b0baecb33f817b821798ae896810e018d6ddd9ada64becbb364e40b9159e38aa7111545387328c9df772540a9257335be3ffc7254c30a2dbaed47b09c0fad4fe79cf24740974a1439e48892301e0719942b4500d2db55264bcec73269ecd53a050dacb3db90a064bcccd3730a4c94d0441b0746677cb7eea45a2e2ec4aa7e4524e6ca288a2258d4c4cccc4c1f5ae7700a163d2ac55293090ee3ccec110615e3e7ce45830abafb0ed6542ed8636116c7585072b7fa9ab3d6cee532f72b2f64d6ce87d74d8cc7082276c9c622ca09f955acc10668ae8218793d453f2553b5cafc79e26f2e0d03dcfea8485b37f303f645d8eddbf080dd694301609eb5b795892de7053d8d13b034fa96d470ccc588c9b9b44e47a97a7171485b065e8bba415e0ccda1a5e58ef452737007edd31ea472dc354953ea027a64a9161fb882507e4ae05d0ef62627d30638214e50379ef99d3933a8c2d2f8767bb4e2851e049d0de2bd3d0b68840d4928cbc705aabd164a55b24e7af45294cc3c5f9307b59b5d99e140681e1e71f1dd374a2236d9433ede4d79a7b832198a2a5a6400d0ab7b3f732250e9dead0802fc02b2e2e7e7e308ae1538dedb6b828cd1e5bc25cf1846cfd7dcbcfee32e64d58676cf22a6f253d0c050e8018ca3cc2570ea10d60fee6f0b6de974bb38744e4702e63c34e7d601d7c2c23e6d8bcfc8780bc9f47febb03ed0500708c1a2c2cb3ddc6a6ceeb8c0f963e0b19b3c38e448f4b464cfa616d7cf44826a7ef087c536b9ff76b7911cee677203efcd3749a5b0f2613c6d63bfb9284af562e41b8110ae96a5961117aed1a5f6092fff814f35f6d9304ec1f80d2eb91fdca2e834e273f6db003ead3e6d6db4859b0f602b0a9642e8bc14dc20bb114c1709c4fcd353c02cc5bd861bc6c8485eb0c0df9f7054906344fbfae23779f76552ec1e25069a0f82a0d44e94488962db89468cc67c3eef7fe358125e81ba2a41cfddd82a367b8f37233d3692890932229354a810d7f62985d19d752b1940c5c6fe5f0585decbb52dfe7e45aeeda24c0dc9e2edf38af86339a0da1bf52001d3e717fdb6ba0ca30eda83730a90489ec4239ff7175f59446acd55e1a3295211afec28d8c78013038671100cd6eb996c4991d93dd8174006e073b8c278a3fcd032421d4cf069af9677b2b4df6fe4b5bef7bc3c314b3bd1e781918c0fe8a781b654994b8f2716f4cedc59a70e3ad5a678c9e431d99667268c9bfe784c4889a38cf91805e3a7dd01c0f025374b3f84d41e8e2fe089e60a36373dc2973a66ac2b7f4aa8ccfba13cae768ab8364b242c3097a1865ee01551ddc97cf8092c892129569e0fd96c03c9c1e4b2ecc91c23d9642c77309c259016953ace23f35f8cd99a3e949fbc84a5002ee6781b6308e7a751e29404954bc8bd4e00d53f5858d2568f891d8b70fc33c7c238007625b39d0edd07e4ec853d26858568358bac693f306f60e583fb6ca4164287a94053dcb0c5c0546580bc89c0c90cb6dfabe1fa1dbceb87db44ffb2a2935fb4552786af0ebd9bc2e21a04ef7b6de57f6eefbe8ed3efd075edd80c434a1ceea4a2cf6df66cd75042bfc879fd1a634fe917d10e1bddd0fc7e481e76ac5886eefbb345edeef3e9a691e46b2bf5a0ef26a771f29673b893449d46c925437df19b56e5d4683d5b7e4b0d1540b1fcfb328be46d53f8851d2c295f40c16301c84a3441c047f837c9b79e871b13aae8cc2ed46837ab98dde8548485688e3a6112736a555793d1896b53a1e29d45609c241564bf49bd175dfb1f114947e6e0b360cf574d93760396fd2aeff25496c1fdb2bff6b1a7e3ce38021eb90759a4ba6d576d01149f68c8e30bb839a19378e8a38d7c0c7c1d8addd8f7ca16961b63dfc21f9f94b1d4de1a37a8fb5f37859527dda62d8bb2fdf60192942ebf6fb9fa17bb997810f449f252c92f2c8e94998dcf13929351496208b1111fcee8f03ed8a1418d3d76c66a27dde4f7774d3610114c5eb3988ddf7f7c186692f0b9e8d401b82c5f40759e5a36c1f6586e524c49730a608f4fe91ce861d450d4ed34afa650cfe903eff1583e1462235ac3a4f343829af968fed6c030488440c16d3487af10f752c5cdffc48d6ee6c862cc6312a55908106b58aaa827fede382596c2ec9b5a4111d8c29bff6780084b7a3bb6c2df96c6f6054e98c4359ca28cc816817e023df2d5c77494b99e710fe211664b3037e5ca5a73ec97cf3892b855cca5e6de315ffd8da3bc5284977083b57049bcaaaab0af987f5da069f13d26fc9e28846cb2f6916ba578558c2913a9ae917126944c4f273e412ee0468ff65b81f98e9d642884fa6329e51afa89c5d561e6e0134e70eb62620a89f446625c11eb91e2ff187b1fd3eee2035cd2f6f61b17142eb39c02e8e1239a44cfe47e18c5a5d628d4301445b6448d6df49bdc56583128253fe478205dea4c43d919294c3040045731ed01ca2ef38057fa9a162e27882a680f28f2cb06a831ec7561b713d2af6ba759b9ebdaac7611f6af907c802c29b670a3e82d4d473c4454b6f94350052577a38b078432989f403980690c3dc46c44569d9c91ad26cef49beccc55374ee84695fbb3be7256eccdee41ff631a1c23a96e88742391ec11a3186bac31bede8ed49192f4918b641067c69b33eff4c414178e2ae8f384f4441bac2a0d7ff75bbbcd5a78704906ac7eab52438fbf48d9673a332020dd112877ef36512885679ecd3bfd863eb250ad72019f4bd9148c93bae6e11a74bda2fd8a1c7dc64ad90898af45d39e7d961aa48aabab4909d6d0d1e4c254cd6dcdd36958e7deb766948d67780001256ecd2961db27b31a4331073127b7518d51fe4e18e28c0e276a062e84ca78e450e33aaaf765f8b77acfa8890a3b0dbdf3a32ce64b2bc5fb13980240e10116eb204a48fd265b2c45bcf51db5836fe91ca6de8a1f3c019e2709c0a1907e95d988ee3cad98ffec9ce4506a3b3c0fa1a4a9b8911cc692c235789679fe314241ca7c4b13de64a3c4e44f07d32c49fa48ba8b54629b6881695f008ac0c092819c2a98fc2d26f65abbc8b055c87e7fe96d22188ab0661351206b43217c1267ae960d21016170daaedc2441bae8a9092d1f16e8a820ef61e92ccfa2093d064b8921e36b5ddd7b4f0e92f271f9ef6e72a72a106c67dacccd58f5b98bf1c8f03262db735fc8e5f2b846934e02d9312c69ff4e58135fa65a2f8b7c651bf98caf52e2c31ab66a0861c23cfaf5e8e12e601145a8f93c8053cc2bde81bab89bf8d87e2ee053e1fe17f8e33ac899ba96efee6a82093646cfa86aa6e762af055ee6314e0597b72b09a898b912bc5988b12ffed918a90dd8a1e107b43121c90256178e1ddb6b590e53947bb94ca4b8e50912fa2a6b08c27e64786125a0f8199b385b33316f71fc4582d89533f7c1a2ef69970e94fed5f2c8359dda4dc54f57a58caaffcd5820031dcc4922bcf02f0ebd3284863e9b47f485a525036cec41e49fedfc977797f1b0a9ed39bc537250f35ad5f931da5fa0a01e5451527f932a3f2c7f79d6ca2e748498eca0d1694bf447fd1ba111d999ad1ea37096072b3035c9af3b5ea8cb372b4bee4201f6f7919d1ba0e51e19431dd9b4353b17ab5f4c5968bc33ba36f8c08b7c87aa266e70a68a2cf3b272c9ba52e145215fbbfb524c22a741112b7d55d2821a6bb59cc1dc720f25b9589fed6275bce9447d07f6b1abaeca80f2c75e8393819d5ebbdc9c0f1a39e943c20e908858e9195ca1808ab6e512afdc7d0b53eb2b71e3e2c8ad658770dd4dc6805610b691589e93241cf7d14595e8bca00b278d3ac85ee104d336da3a5233b81fc7e6ff6f0cc9bbbee91fb57f3597952720c5d88065c44fa98399a721d090fc631a3691c0428d050c88923dccd1517e2ba68bc3668a39ac3b7b57ad3b5bea94e4fde9c027408d1f4942c42289b73769792e18b06f96ce2004e170a5f764778487d467c5ea4e13f40f3173e024613f14edeb599264f1450202b666b9f24ecb62aba23cde22e0f7e45266e3b76660162ebcb2b52c85d6410e07427431e58a2570824d956ca43aa56a020fbc5d48e71b2f45f7e2c0359073434ceeca33ac9187abbf52d8942c9cbe2da287f87a80c4e2853caa7ccf78bccb07649a73b58f7ecd36cc5b65e5e461c8b39b33445cfa2fe29cacc1a4164e5873984bccc60a8d9f1ea9ecaee4302de5b26ac80b2d402aa25c6a381aa0a8215b20e142d428c80aa94aaf3b6bc947964b9603bc981fdda1bc9a0f7fb0cb153a4b8a9959526f4a15b91cfc8301773fd4bb41e03a5e59586c0fb451987479fdff6ca408642c7355084e5cf7ec0465712f5bffb79ae7f12dbb84e63117c00"/4212], 0x1074)
r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0)
r2 = creat(0x0, 0x98)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000)=0x200, 0x2)
write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="050000000000000065822f6365632301288de17cd359ffb3f7630a4c0a61b8999ca5cbc8d1ba62bdc36576821c6e58e25dd3409dce09768493cd10bc77281ec5f037f8ede266a24a7e5dd5774d33a68a00b39841cbf7852a891fa36ebc19c3a813363fc891c8e7ecca3f508c934eaada6d7c1d3cad883a305c5a7cd282f01858577f3921bcfefd30"], 0x1)
r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x150, r4, 0x200, 0x0, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x7c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x150}, 0x1, 0x0, 0x0, 0xc4}, 0x4)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

04:55:47 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

[  199.607480] audit: type=1326 audit(1556168147.906:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7798 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000
04:55:48 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])

[  199.851233] audit: type=1326 audit(1556168148.156:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7761 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000
[  199.876107] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting.
[  199.886163] ldm_validate_privheads(): Cannot find PRIVHEAD 1.
[  199.892311]  loop3: p1 p2 p3 p4
04:55:48 executing program 2:
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee", 0x1d8)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
listxattr(&(0x7f0000000080)='\x00', &(0x7f0000000040), 0xfffffffffffffdc1)
syz_execute_func(&(0x7f0000000040)="f0202500000000f20f79dec4824546045ac4823193ac51000000006545d9fb41a5f0114807362e660f3834dd410030c4227d596dfe")
fallocate(r1, 0x0, 0x0, 0x1000100)
lseek(r1, 0x0, 0x3)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0)
r2 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r2, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc))

04:55:48 executing program 4:
seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0xfffffffffffffffd}]})
uname(&(0x7f00000005c0)=""/4096)

04:55:48 executing program 1:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c460505ff00008000000000000002003e00050000009f0000000000000040000000000000008302000000000000070000000600380001000000850a87d80700000004000000060000000000000064f4ffffffffffff0000e0000000000003000000000000000000000000000000a00e00000000000039f6a6e3d70f0b1c418a2fab20edc1a9ac78f121ab4a49ac0013180335374db5ac4812d41b110003c9d94eb9d8e7a553df6ee15ab668b31f1975fdad4b6ada275c90badbba081c23f1ab2c6ab7198bb1bdf95279317f4380ee6536b9ce492db7334a208e8c00c603d7af841c98e6f1a6c9ca4b982ccbfe5b4202cf5b8157535509c9afcbf81d23b18a0d0e52fd17bfaf34c0abf4d793092e4d500d1aadd0ebc243817e419fdc4b45488ef031318f8baa232d4cd31e1805c30415d1fd5156d1750b629a58e432e038372efde5d8d8bf3c135e0a135e46ace4b398c0addc4a623674d3efc764d76a0c9ebf5e3e068ed1465e6b5e0e09baf3e5af8b7da9f94ab97c9f37abb65ba8233827f15000992fb62835b5f51a0380b3c0bdeaef353c76969d496dae836b02fe9e8f4162c8d0f22eae39d4d09c72ab126f8c427e7746b96379adde21d9bdc1b4be80d20e9a521732abe1bf4d7e41308b39914a8d893ef7b659ba337ee546413bbaa80d2b27f1c637101ed6949fec617814377d3985cf3128bd9e4ef4d4b8cf39ba7505abe391c020e41ef0b6790b49aab7ff35e77bce1b536c386ef0074f53658c1e818e659ae6f2a8c041b1ce2480ae04fa13a67e6be713f5bc74aac932bbc7e88c1ed73a8b1a4a0f22700a3186bcbcfebd058e84db95b0baecb33f817b821798ae896810e018d6ddd9ada64becbb364e40b9159e38aa7111545387328c9df772540a9257335be3ffc7254c30a2dbaed47b09c0fad4fe79cf24740974a1439e48892301e0719942b4500d2db55264bcec73269ecd53a050dacb3db90a064bcccd3730a4c94d0441b0746677cb7eea45a2e2ec4aa7e4524e6ca288a2258d4c4cccc4c1f5ae7700a163d2ac55293090ee3ccec110615e3e7ce45830abafb0ed6542ed8636116c7585072b7fa9ab3d6cee532f72b2f64d6ce87d74d8cc7082276c9c622ca09f955acc10668ae8218793d453f2553b5cafc79e26f2e0d03dcfea8485b37f303f645d8eddbf080dd694301609eb5b795892de7053d8d13b034fa96d470ccc588c9b9b44e47a97a7171485b065e8bba415e0ccda1a5e58ef452737007edd31ea472dc354953ea027a64a9161fb882507e4ae05d0ef62627d30638214e50379ef99d3933a8c2d2f8767bb4e2851e049d0de2bd3d0b68840d4928cbc705aabd164a55b24e7af45294cc3c5f9307b59b5d99e140681e1e71f1dd374a2236d9433ede4d79a7b832198a2a5a6400d0ab7b3f732250e9dead0802fc02b2e2e7e7e308ae1538dedb6b828cd1e5bc25cf1846cfd7dcbcfee32e64d58676cf22a6f253d0c050e8018ca3cc2570ea10d60fee6f0b6de974bb38744e4702e63c34e7d601d7c2c23e6d8bcfc8780bc9f47febb03ed0500708c1a2c2cb3ddc6a6ceeb8c0f963e0b19b3c38e448f4b464cfa616d7cf44826a7ef087c536b9ff76b7911cee677203efcd3749a5b0f2613c6d63bfb9284af562e41b8110ae96a5961117aed1a5f6092fff814f35f6d9304ec1f80d2eb91fdca2e834e273f6db003ead3e6d6db4859b0f602b0a9642e8bc14dc20bb114c1709c4fcd353c02cc5bd861bc6c8485eb0c0df9f7054906344fbfae23779f76552ec1e25069a0f82a0d44e94488962db89468cc67c3eef7fe358125e81ba2a41cfddd82a367b8f37233d3692890932229354a810d7f62985d19d752b1940c5c6fe5f0585decbb52dfe7e45aeeda24c0dc9e2edf38af86339a0da1bf52001d3e717fdb6ba0ca30eda83730a90489ec4239ff7175f59446acd55e1a3295211afec28d8c78013038671100cd6eb996c4991d93dd8174006e073b8c278a3fcd032421d4cf069af9677b2b4df6fe4b5bef7bc3c314b3bd1e781918c0fe8a781b654994b8f2716f4cedc59a70e3ad5a678c9e431d99667268c9bfe784c4889a38cf91805e3a7dd01c0f025374b3f84d41e8e2fe089e60a36373dc2973a66ac2b7f4aa8ccfba13cae768ab8364b242c3097a1865ee01551ddc97cf8092c892129569e0fd96c03c9c1e4b2ecc91c23d9642c77309c259016953ace23f35f8cd99a3e949fbc84a5002ee6781b6308e7a751e29404954bc8bd4e00d53f5858d2568f891d8b70fc33c7c238007625b39d0edd07e4ec853d26858568358bac693f306f60e583fb6ca4164287a94053dcb0c5c0546580bc89c0c90cb6dfabe1fa1dbceb87db44ffb2a2935fb4552786af0ebd9bc2e21a04ef7b6de57f6eefbe8ed3efd075edd80c434a1ceea4a2cf6df66cd75042bfc879fd1a634fe917d10e1bddd0fc7e481e76ac5886eefbb345edeef3e9a691e46b2bf5a0ef26a771f29673b893449d46c925437df19b56e5d4683d5b7e4b0d1540b1fcfb328be46d53f8851d2c295f40c16301c84a3441c047f837c9b79e871b13aae8cc2ed46837ab98dde8548485688e3a6112736a555793d1896b53a1e29d45609c241564bf49bd175dfb1f114947e6e0b360cf574d93760396fd2aeff25496c1fdb2bff6b1a7e3ce38021eb90759a4ba6d576d01149f68c8e30bb839a19378e8a38d7c0c7c1d8addd8f7ca16961b63dfc21f9f94b1d4de1a37a8fb5f37859527dda62d8bb2fdf60192942ebf6fb9fa17bb997810f449f252c92f2c8e94998dcf13929351496208b1111fcee8f03ed8a1418d3d76c66a27dde4f7774d3610114c5eb3988ddf7f7c186692f0b9e8d401b82c5f40759e5a36c1f6586e524c49730a608f4fe91ce861d450d4ed34afa650cfe903eff1583e1462235ac3a4f343829af968fed6c030488440c16d3487af10f752c5cdffc48d6ee6c862cc6312a55908106b58aaa827fede382596c2ec9b5a4111d8c29bff6780084b7a3bb6c2df96c6f6054e98c4359ca28cc816817e023df2d5c77494b99e710fe211664b3037e5ca5a73ec97cf3892b855cca5e6de315ffd8da3bc5284977083b57049bcaaaab0af987f5da069f13d26fc9e28846cb2f6916ba578558c2913a9ae917126944c4f273e412ee0468ff65b81f98e9d642884fa6329e51afa89c5d561e6e0134e70eb62620a89f446625c11eb91e2ff187b1fd3eee2035cd2f6f61b17142eb39c02e8e1239a44cfe47e18c5a5d628d4301445b6448d6df49bdc56583128253fe478205dea4c43d919294c3040045731ed01ca2ef38057fa9a162e27882a680f28f2cb06a831ec7561b713d2af6ba759b9ebdaac7611f6af907c802c29b670a3e82d4d473c4454b6f94350052577a38b078432989f403980690c3dc46c44569d9c91ad26cef49beccc55374ee84695fbb3be7256eccdee41ff631a1c23a96e88742391ec11a3186bac31bede8ed49192f4918b641067c69b33eff4c414178e2ae8f384f4441bac2a0d7ff75bbbcd5a78704906ac7eab52438fbf48d9673a332020dd112877ef36512885679ecd3bfd863eb250ad72019f4bd9148c93bae6e11a74bda2fd8a1c7dc64ad90898af45d39e7d961aa48aabab4909d6d0d1e4c254cd6dcdd36958e7deb766948d67780001256ecd2961db27b31a4331073127b7518d51fe4e18e28c0e276a062e84ca78e450e33aaaf765f8b77acfa8890a3b0dbdf3a32ce64b2bc5fb13980240e10116eb204a48fd265b2c45bcf51db5836fe91ca6de8a1f3c019e2709c0a1907e95d988ee3cad98ffec9ce4506a3b3c0fa1a4a9b8911cc692c235789679fe314241ca7c4b13de64a3c4e44f07d32c49fa48ba8b54629b6881695f008ac0c092819c2a98fc2d26f65abbc8b055c87e7fe96d22188ab0661351206b43217c1267ae960d21016170daaedc2441bae8a9092d1f16e8a820ef61e92ccfa2093d064b8921e36b5ddd7b4f0e92f271f9ef6e72a72a106c67dacccd58f5b98bf1c8f03262db735fc8e5f2b846934e02d9312c69ff4e58135fa65a2f8b7c651bf98caf52e2c31ab66a0861c23cfaf5e8e12e601145a8f93c8053cc2bde81bab89bf8d87e2ee053e1fe17f8e33ac899ba96efee6a82093646cfa86aa6e762af055ee6314e0597b72b09a898b912bc5988b12ffed918a90dd8a1e107b43121c90256178e1ddb6b590e53947bb94ca4b8e50912fa2a6b08c27e64786125a0f8199b385b33316f71fc4582d89533f7c1a2ef69970e94fed5f2c8359dda4dc54f57a58caaffcd5820031dcc4922bcf02f0ebd3284863e9b47f485a525036cec41e49fedfc977797f1b0a9ed39bc537250f35ad5f931da5fa0a01e5451527f932a3f2c7f79d6ca2e748498eca0d1694bf447fd1ba111d999ad1ea37096072b3035c9af3b5ea8cb372b4bee4201f6f7919d1ba0e51e19431dd9b4353b17ab5f4c5968bc33ba36f8c08b7c87aa266e70a68a2cf3b272c9ba52e145215fbbfb524c22a741112b7d55d2821a6bb59cc1dc720f25b9589fed6275bce9447d07f6b1abaeca80f2c75e8393819d5ebbdc9c0f1a39e943c20e908858e9195ca1808ab6e512afdc7d0b53eb2b71e3e2c8ad658770dd4dc6805610b691589e93241cf7d14595e8bca00b278d3ac85ee104d336da3a5233b81fc7e6ff6f0cc9bbbee91fb57f3597952720c5d88065c44fa98399a721d090fc631a3691c0428d050c88923dccd1517e2ba68bc3668a39ac3b7b57ad3b5bea94e4fde9c027408d1f4942c42289b73769792e18b06f96ce2004e170a5f764778487d467c5ea4e13f40f3173e024613f14edeb599264f1450202b666b9f24ecb62aba23cde22e0f7e45266e3b76660162ebcb2b52c85d6410e07427431e58a2570824d956ca43aa56a020fbc5d48e71b2f45f7e2c0359073434ceeca33ac9187abbf52d8942c9cbe2da287f87a80c4e2853caa7ccf78bccb07649a73b58f7ecd36cc5b65e5e461c8b39b33445cfa2fe29cacc1a4164e5873984bccc60a8d9f1ea9ecaee4302de5b26ac80b2d402aa25c6a381aa0a8215b20e142d428c80aa94aaf3b6bc947964b9603bc981fdda1bc9a0f7fb0cb153a4b8a9959526f4a15b91cfc8301773fd4bb41e03a5e59586c0fb451987479fdff6ca408642c7355084e5cf7ec0465712f5bffb79ae7f12dbb84e63117c00"/4212], 0x1074)
r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0)
r2 = creat(0x0, 0x98)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000)=0x200, 0x2)
write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="050000000000000065822f6365632301288de17cd359ffb3f7630a4c0a61b8999ca5cbc8d1ba62bdc36576821c6e58e25dd3409dce09768493cd10bc77281ec5f037f8ede266a24a7e5dd5774d33a68a00b39841cbf7852a891fa36ebc19c3a813363fc891c8e7ecca3f508c934eaada6d7c1d3cad883a305c5a7cd282f01858577f3921bcfefd30"], 0x1)
r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x150, r4, 0x200, 0x0, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x7c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x150}, 0x1, 0x0, 0x0, 0xc4}, 0x4)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

04:55:48 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])

[  199.941705] audit: type=1326 audit(1556168148.246:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7827 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000
04:55:48 executing program 1:
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000000)="240000005a000900ff03f4f9002104000a04f5110c000100020100020800028001000000", 0x24)

[  200.067263] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting.
[  200.080292] ldm_validate_privheads(): Cannot find PRIVHEAD 1.
[  200.086692]  loop3: p1 p2 p3 p4
04:55:48 executing program 3:
syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])

04:55:48 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x129f0817)
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socket$inet6(0xa, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100), 0x4)

[  200.151775] nla_parse: 35 callbacks suppressed
[  200.151782] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  200.310740] ldm_validate_privheads(): Disk read failed.
[  200.316316]  loop3: p1 p2 p3 p4
[  200.345094] loop3: partition table partially beyond EOD, truncated
[  200.380800] loop3: p1 start 16 is beyond EOD, truncated
[  200.408842] audit: type=1326 audit(1556168148.706:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7798 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000
[  200.438485] loop3: p2 start 101 is beyond EOD, truncated
[  200.461642] loop3: p3 start 201 is beyond EOD, truncated
04:55:48 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e20, @multicast1}, 0x10)
syz_open_dev$sndpcmc(0x0, 0x0, 0x400)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20008800, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000180)="4e9e1562147aab77cf5b1f5ac4bbddf3a1b17bfaae9d994913c869d8ee8f980aa5a5235655efc8422eedd5e7c53a51dffa6c4642e0e50f330037cb64b98eb991b2b33bcca6", 0x45, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x114}}], 0xaf7, 0x2, 0x0)

[  200.487427] loop3: p4 start 301 is beyond EOD, truncated
04:55:48 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:48 executing program 3:
syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])

04:55:49 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

[  200.721202] ldm_validate_privheads(): Disk read failed.
[  200.726888]  loop3: p1 p2 p3 p4
[  200.741792] audit: type=1326 audit(1556168149.046:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7827 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000
04:55:49 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf64(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000003e00000000000000000000000000400000000000000000000000000000000000000000003800"/705], 0x2c1)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f68d3f09646ebb175b64f48673bab39a740b280f8876953befe1c9eb8b1494786cdda1a87dbce11989c23041ee13071a5af0e17e267cc0bf8e310b695e5f3bf0f5e0a5ba3393a", 0xe4, 0x3, 0x0, 0x0)

[  200.746499] loop3: partition table partially beyond EOD, truncated
[  200.843804] loop3: p1 start 16 is beyond EOD, truncated
[  200.859441] loop3: p2 start 101 is beyond EOD, truncated
[  200.875701] loop3: p3 start 201 is beyond EOD, truncated
[  200.889642] loop3: p4 start 301 is beyond EOD, truncated
04:55:49 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:49 executing program 3:
syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])

04:55:49 executing program 0:

04:55:49 executing program 2:

04:55:49 executing program 4:

04:55:49 executing program 2:

[  201.550830] ldm_validate_privheads(): Disk read failed.
[  201.556984]  loop3: p1 p2 p3 p4
[  201.569486] loop3: partition table partially beyond EOD, truncated
[  201.584801] loop3: p1 start 16 is beyond EOD, truncated
[  201.597184] loop3: p2 start 101 is beyond EOD, truncated
[  201.609722] loop3: p3 start 201 is beyond EOD, truncated
[  201.621253] loop3: p4 start 301 is beyond EOD, truncated
04:55:51 executing program 1:

04:55:51 executing program 4:

04:55:51 executing program 0:

04:55:51 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:51 executing program 3:
syz_read_part_table(0xe01f032b, 0x0, 0x0)

04:55:51 executing program 2:

04:55:51 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:51 executing program 1:

04:55:51 executing program 4:

04:55:51 executing program 0:

04:55:51 executing program 2:

04:55:51 executing program 3:
syz_read_part_table(0xe01f032b, 0x0, 0x0)

04:55:51 executing program 1:

04:55:51 executing program 0:

04:55:51 executing program 4:

04:55:51 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:51 executing program 2:

04:55:51 executing program 1:

04:55:51 executing program 4:

04:55:51 executing program 3:
syz_read_part_table(0xe01f032b, 0x0, 0x0)

04:55:51 executing program 0:

04:55:51 executing program 1:

04:55:51 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
rt_tgsigqueueinfo(0x0, 0x0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:51 executing program 2:

04:55:51 executing program 4:

04:55:51 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
rt_tgsigqueueinfo(0x0, 0x0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:51 executing program 0:

04:55:51 executing program 2:

04:55:51 executing program 1:

04:55:52 executing program 3:
syz_read_part_table(0xe01f032b, 0x0, &(0x7f0000000200))

04:55:52 executing program 2:

04:55:52 executing program 1:

04:55:52 executing program 0:

04:55:52 executing program 4:

04:55:52 executing program 2:

04:55:52 executing program 3:
syz_read_part_table(0xe01f032b, 0x0, &(0x7f0000000200))

04:55:52 executing program 2:

04:55:52 executing program 4:

04:55:52 executing program 1:

04:55:52 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
rt_tgsigqueueinfo(0x0, 0x0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:52 executing program 2:

04:55:52 executing program 0:

04:55:52 executing program 3:
syz_read_part_table(0xe01f032b, 0x0, &(0x7f0000000200))

04:55:52 executing program 2:

04:55:52 executing program 0:

04:55:52 executing program 2:

04:55:52 executing program 0:

04:55:52 executing program 1:

04:55:52 executing program 4:

04:55:52 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:52 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x1a0}])

04:55:52 executing program 1:

04:55:53 executing program 2:

04:55:53 executing program 0:

04:55:53 executing program 4:

04:55:53 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:53 executing program 1:

04:55:53 executing program 2:

04:55:53 executing program 0:

04:55:53 executing program 4:

04:55:53 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:53 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x80005, 0x0)
r1 = socket$unix(0x1, 0x1000000005, 0x0)
bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8)
listen(r1, 0x0)
connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8)
r2 = dup2(r0, r1)
sendto$inet6(r2, 0x0, 0xfffffffffffffd28, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000000), 0x2d4e6c0a512f87d, 0x0, 0x0)

04:55:53 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x1a0}])

04:55:53 executing program 0:
syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x4800)

04:55:53 executing program 2:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20, &(0x7f0000000340)=ANY=[])

04:55:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070")
r1 = socket(0x20000000000000a, 0x2, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x12, &(0x7f0000dbb000), &(0x7f0000329000)=0x4)

04:55:53 executing program 5:
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:53 executing program 0:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:53 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x5, 0x7f, 0x80043ae, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x3c)
r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000180)="b85181fd1abd573b428d389638595cd14a89794c42a250525600e16daf1cfb8ec6dc544ff6ab19aa9f6993d4da7fd3524d7ca61e941d0c4ab9fdb981d0861fd34b9e3511feedea6a1d3d965f25ee873ca6f1d99ba2a0d9f10578f5876bfdd8037b6a8d51545eb8a1f8e6749b0bea1d05e250bfa27c8ba63e86757c906f43419969d69cd355e704852dded1864e81b024cd32577e367b8c80ab7eade2cf2e66376b423e06e02b266a1a8237951144963e623d7871dd2b37db2a576d5cacd4a2c45835fea48bdc87cda0826d559fb7573f433a36778f9db846415087e96b6c3ca4a47036f7057471cfa92eb7c34d9e6569874872c42da6ad21c136", 0x42, 0xfffffffffffffffc)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x10000, 0x0)
write$cgroup_int(r1, &(0x7f0000000280)=0x5, 0x12)
connect$bt_sco(r1, &(0x7f00000000c0)={0x1f, {0x7f, 0x20, 0x1d5, 0x5, 0x6, 0x3}}, 0x8)
keyctl$assume_authority(0x10, r0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x80, 0x0)

04:55:53 executing program 2:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x10008001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x276, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @perf_bp={&(0x7f0000001080)}, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2000003, 0x200)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x101200, 0x0)
ioctl$SIOCRSSL2CALL(r1, 0x89e2, &(0x7f0000000180)=@null)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x8000}, 0x1c)
getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200))
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0)
getegid()
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4})
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)

04:55:53 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x1a0}])

04:55:53 executing program 4:
r0 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0xffffffffffffffff, 0x2)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x3, r0})
write$FUSE_BMAP(r0, 0x0, 0x10)
ioctl$KDDELIO(r0, 0x4b35, 0x2)

04:55:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/btrfs-control\x00', 0x400, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[0x2, 0x3, 0x5, 0x101, 0x3, 0xd9, 0x80000001, 0x8000, 0x3, 0x369, 0x5, 0x3, 0x5, 0xfff, 0xc758, 0x8001], 0xf000, 0x8000})
r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x800, 0x0)
ioctl$SG_GET_ACCESS_COUNT(r4, 0x2289, &(0x7f0000000380))
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0xffffffffffffff33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x3, 0x0, 0x0, 0x2000, 0xff], 0x1f004})
setsockopt$inet_sctp6_SCTP_NODELAY(r4, 0x84, 0x3, &(0x7f00000001c0), 0x4)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x6]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  205.420669] relay: one or more items not logged [item size (56) > sub-buffer size (9)]
[  205.521534] relay: one or more items not logged [item size (56) > sub-buffer size (9)]
04:55:55 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x80005, 0x0)
r1 = socket$unix(0x1, 0x1000000005, 0x0)
bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8)
listen(r1, 0x0)
connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8)
r2 = dup2(r0, r1)
sendto$inet6(r2, 0x0, 0xfffffffffffffd28, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000000), 0x2d4e6c0a512f87d, 0x0, 0x0)

04:55:55 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x1a0}])

04:55:55 executing program 4:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x1a0}])

04:55:55 executing program 0:
r0 = socket$inet(0x15, 0x0, 0x6)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00')
recvfrom$inet(r0, 0x0, 0x0, 0x1, 0x0, 0x0)

04:55:55 executing program 2:
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
listen(r0, 0x7)
fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0xfffffffffffffffe, 0x84)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vsock\x00', 0x400, 0x0)
ioctl$CAPI_INSTALLED(r2, 0x80024322)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x3, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0c01faff", @ANYRES16=r4, @ANYBLOB="120027bd7000fbdbdf250a0000003c000300080007004e2200000800010000000000080004000000000008000800fe0000000800080007000000080001000000000008000100000000004c00010008000b007369700008000b007369700008000b007369700008000200970000000c0006006c626c63000000000800080008000000080009001f0000000c000700040000003f0000002c000200080002004e230000080002004e200000080009000400000008000400ffffff7f08000800060000001800020014000100000000000000000000000000000000002400030008000500ac1e010108000800ff000000080003000100000008000800c30000000800060001010000"], 0x10c}, 0x1, 0x0, 0x0, 0x11}, 0x4000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
close(r6)

04:55:55 executing program 5:
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/status\x00', 0x0, 0x0)
getsockopt$inet6_dccp_int(r2, 0x21, 0x3, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x200, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000180)={{0x73, @remote, 0x4e20, 0x4, 'ovf\x00', 0x1, 0xffffffffffffff7d, 0x5a}, {@broadcast, 0x4e23, 0x2000, 0x3, 0x1, 0x6}}, 0x44)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {{}, 0x0, 0x4107, 0x0, {0x14, 0x18, {0x100, @bearer=@udp='udp:syz2\x00'}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40080)
ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={0x1, @null, @bpq0='bpq0\x00', 0x1f, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xffffffff, 0x2, [@null, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="014cda09ae1a416afd23ef0f94c18e00000018902b815fda000000000000040200"/45])
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000040)={0x8, 0x7fff})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

[  207.315533] Unknown ioctl -2147335390
[  207.524368] Unknown ioctl -2147335390
04:55:55 executing program 0:
r0 = timerfd_create(0x7, 0x0)
timerfd_settime(r0, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x5}}, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0)
write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20, 0xfffffffffffffffe, 0x1, {0x0, 0x6}}, 0x20)
ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000040))
timerfd_gettime(r0, &(0x7f0000003fe0))

04:55:55 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
lsetxattr$security_ima(0x0, 0x0, &(0x7f0000000280), 0x1, 0x0)
flock(0xffffffffffffffff, 0x80000005)
recvmmsg(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000004200)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x0, 0x0)
getsockname$unix(0xffffffffffffffff, 0x0, &(0x7f00000000c0))
getsockopt$inet6_dccp_buf(r1, 0x21, 0xce, &(0x7f0000000440)=""/228, &(0x7f0000000100)=0xe4)
write$FUSE_ENTRY(r0, &(0x7f0000000380)={0x90, 0x0, 0x5, {0x0, 0x3, 0x5, 0x20, 0x0, 0x5b81, {0x4, 0x9, 0x0, 0x9, 0xb0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000}}}, 0x90)
r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x1000000000004202, 0x0)
truncate(&(0x7f0000000240)='./file0\x00', 0x90002)
semget$private(0x0, 0x3, 0x82)
sendfile(r0, r2, 0x0, 0x7fffffff)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r2, r2, &(0x7f0000000140)=0x8800, 0x8800000)
writev(0xffffffffffffffff, &(0x7f00000023c0), 0x1000000000000252)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000000)={0x101ff, 0x0, &(0x7f0000ffc000/0x3000)=nil})
syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x0, 0x80000)

04:55:55 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f123c123f319bd070")
r1 = socket$rxrpc(0x21, 0x2, 0x2)
ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000000)={0x1, @broadcast})
r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8600003}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x20005000}, 0x8800)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000100)=0x1)
bind$rxrpc(r1, &(0x7f00000002c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24)

04:55:55 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x1a0}])

04:55:56 executing program 0:
socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0))
getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040))
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5)
r2 = getpgrp(0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"])
syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000})
r4 = socket$inet6(0xa, 0x3, 0x13ab)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0xfffffffffffffefd)

[  208.024169] overlayfs: missing 'lowerdir'
[  208.076809] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size.
[  208.258000] overlayfs: missing 'lowerdir'
[  208.271470] overlayfs: failed to resolve './file1': -2
04:55:57 executing program 1:
setresuid(0x0, 0xee01, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080))
r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x6, 0xcd})
keyctl$clear(0x7, 0x0)
socket$bt_hidp(0x1f, 0x3, 0x6)
socket$can_raw(0x1d, 0x3, 0x1)

04:55:57 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x7fff)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000d0cffb)="e6558f1a", 0x4)
r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, &(0x7f0000000040)=0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000080)={<r2=>0x0, 0x688, 0x0, 0x5b9c18e7}, &(0x7f00000000c0)=0x10)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000100)={r2, @in6={{0xa, 0x4e24, 0x80, @rand_addr="875d112fe34ac162a3df36c75df76a4d", 0x4}}}, 0x84)

04:55:57 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x1a0}])

04:55:57 executing program 5:
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:57 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x845, 0x0)
poll(&(0x7f0000000000)=[{r0, 0x2}, {r0}, {r0, 0x28}, {r0, 0x9008}, {r0}], 0x5, 0x3)

04:55:57 executing program 0:
socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0))
getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040))
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5)
r2 = getpgrp(0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"])
syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000})
r4 = socket$inet6(0xa, 0x3, 0x13ab)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0xfffffffffffffefd)

04:55:57 executing program 2:
r0 = socket$inet(0x2, 0x100000000805, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, 0x0, &(0x7f0000000080))
fsetxattr$security_smack_entry(r0, &(0x7f00000000c0)='security.SMACK64EXEC\x00', &(0x7f0000000100)='cgroup\x00', 0x7, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x4, 0x400000)
ioctl$KDGKBLED(r1, 0x4b64, &(0x7f0000000040))

04:55:57 executing program 4:
r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000480)='X{', 0x2, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000380)="7fd43f71da0164555cbe213ece9c83fed49e24d51bf2f636294b40863e585acac8d10a9e20b2574fd85b07dbe46d0d5edd7c5a7dd457d1008888a29b88399ae8f3105aeb7dc5571727dd18027ad3e18b391df921c211132084d8ceaa5870d73772bb3d7e95681e4cb8f9ca357def4519b2bc0552638d6a9395ab0088726cfd0bea061e3856c1f5310e4d40e6cb", 0xfffffffffffffff9, 0xfffffffffffffffd)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f00000004c0)={0x0, 0xfb, 0xd0, 0x2, 0x80, "959d050f824503fb8756a40ae15ab48e", "c17d6e9a4bd7d3b6e76601a3f276f1f66f0c90e9c873fafaeb9c9285f87b890e084c063035f0feaa911ea60c840846049c9b7f409ebf68f09964921fe645b7fb1bd3c5f8e1b88dbfb7996f3cdc33c455f43436ed0ed4ed50aefdfbdac4e3ca306a5ba439cedb2bde4a39b3b762db8a001830fa5ffddec3a28938fab36c8d950f36461dc923b3405a7b0729711321ae35f53aaf06806f6f41eddfcf023370f5f7a144f6773b98a356243492764c27e0329f8b9a821c42439bfe4e7e"}, 0xd0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r1}, 0x0, 0x0, 0x0)

04:55:57 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='sgroup.procr\x00\xdb\xde+\xde\xab\x923\xd0\xce\xcaX\x1fT\xc6\xed\xf4\xa4\x19z\xd1i\xf5\xdb\xccM\xee\x18\rb\x17\xb8G\x936\xaaoL\x1d\x84\xb8\xb7\x1buLx\xf1\x90\n\b\xacX?\r\xba\xf2', 0x2, 0x0)
r2 = socket$kcm(0x29, 0x5, 0x0)
sendfile(r2, r1, 0x0, 0x63)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x0, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x10080, 0x0)
syz_open_dev$midi(&(0x7f00000001c0)='/dev/midi#\x00', 0x59f, 0x80)
r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20ncci\x00', 0x420200, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f00000000c0)=0xfffffffffffffeb9)
prctl$PR_SVE_GET_VL(0x33, 0x17faf)
read(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(&(0x7f00000004c0)=ANY=[], &(0x7f0000000200)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000))
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
utime(0x0, 0x0)
chdir(&(0x7f0000000280)='./file0/../file0\x00')
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00')
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
getrusage(0x0, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000700)=ANY=[], 0x0)
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000240))
socket$inet_smc(0x2b, 0x1, 0x0)

04:55:57 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e515320000000002008801260010000000640000000001", 0x30, 0x1a0}])

04:55:57 executing program 4:
syz_mount_image$xfs(&(0x7f0000000080)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@logbufs={'logbufs', 0x3d, 0x6}}]})
stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
membarrier(0x5, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000240)={{{@in=@empty, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000340)=0xe8)
mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x1000, &(0x7f0000000380)={'trans=unix,', {[{@uname={'uname', 0x3d, 'xfs\x00'}}, {@version_9p2000='version=9p2000'}, {@loose='loose'}, {@access_uid={'access', 0x3d, r0}}, {@access_client='access=client'}, {@msize={'msize'}}, {@version_L='version=9p2000.L'}, {@access_client='access=client'}], [{@obj_user={'obj_user', 0x3d, '},\x9d['}}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@dont_hash='dont_hash'}, {@obj_type={'obj_type'}}, {@audit='audit'}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@uid_lt={'uid<', r1}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}]}})

04:55:57 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070")
mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0xfffffffffffffffd, 0x31, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x7ff, 0x10000)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000080)=0x3)
r2 = socket$packet(0x11, 0x3, 0x300)
accept4$nfc_llcp(r1, 0x0, &(0x7f0000000100), 0x0)
setsockopt$packet_fanout(r2, 0x107, 0xe, &(0x7f0000000000), 0x4)

[  209.048728] overlayfs: missing 'lowerdir'
04:55:57 executing program 1:
r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2)
bind$netrom(r0, &(0x7f0000000080)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @null]}, 0x48)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000700)={'ip6tnl0\x00', @ifru_addrs=@in={0x2, 0x4e20}})

[  209.132978] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size.
04:55:57 executing program 4:
r0 = socket$inet6(0xa, 0x80001, 0x0)
r1 = socket$inet6(0xa, 0x6, 0x7fffffff)
dup2(r0, r1)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000440)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}]}, 0x190)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000a83000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)

04:55:57 executing program 2:
r0 = syz_open_dev$sndmidi(&(0x7f0000000100)='/dev/snd/midiC#D#\x00', 0x7, 0x4000)
ioctl(r0, 0xffffffff00000000, &(0x7f0000000140)="0adc1f123c123f319bd070")
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0)
ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000180))
sendfile(r1, r1, 0x0, 0x401)
getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=<r2=>0x0, &(0x7f0000000080)=0x4)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000001280)=r2, 0xffffffffffffff2f)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r2, 0x9}, 0x8)
unshare(0x20000000)
kexec_load(0x3, 0x2, &(0x7f0000001240)=[{&(0x7f00000001c0)="ab16d04a1193815da198c92fa0464f26f98bdd1328d09984982c2c8d0a66c1cc3b11d342f3f4798622e7335e88fbb8b266fe7eead0305cb245a287c94714bde8ab673c14b2", 0x45, 0xfff}, {&(0x7f0000000240)="e25a9e80ce481f29017a5883bc22d7e364bee54d2359890f5be69f75c3d1ac158c259a19d05a6f3c83b605670a0ec87265c3bb1ef62eb51e11173e424578659aefdd0c8c62c8a268862ab8a2ea533960e2cb641a641ef46c82347dcbe4d9f1fd65d7a5caf0f47631a4ca1b6e73808ea087f50cad4e58c92dca69ecd8d2fc97d77cf7292753a65e765ec325e256c939eebe9023a873e2054668c9439385ba63e18c38a415987c7e15117e90ffe1216f090ec4f980885c2e216e1b64f01d1b413c5a0ccd034fcc23e863b5e4b528aa5ed5ddc5fef8bd4c5b0a805681cb35836118b73d837b6d06542a36849434bb0113582b5c10dfa6d40666a4416e1569611faf13fa742677e6714e02d725328f55285a84c02bce05ab11e048f6e37ce8f226ca10f536a7a77694c4828f29abd3438e9162471336b23774348e552660910974f089013b02b3f87c20b1721833ec0d4c16c93bbe2a2dc1d06f8deb7e2c8e9bb7c70b49f6c519a33f1edada495deb0216c8cd3eaf54c7489b686daa48347bc98b52bc780235f055a01958a0a21b55523f3aafd1a9cd2f761954e2464df71d619759706e5834d09cdbcf8adfe5f932a10763a6d523c82bc4f96a077858b012c4840cab12dc55e1aa6de099f988129a188e3a25aca558d4d483d3ef320fce6759bfcb951b060144c7c0e797b443c4c5f0f3eea84bcbfb6505a226f550700abfb2c7866ad11380ebc3a6f4e5d57d2d5a1477eff9248ef583197f3a7ea31e745889e0066dad91c5529dd83d6d535da4492403fa0d04eab02dca5dc7220a8ae15d39410c7c337870e9f7dafcfdd66ae4493d70b0043c59155014a66a21a85b545069cf2e7168bc8c734cead1e9e56e3a4f667f1b86f096191ea3b39b04794f0d2e9718a2ed67587fae36841f1e73115342443cf0157896f964a673b13196e2e794bbec2f18bc5e0b96d1dfa07e9be8374b56c17924d588bd52c5095e0407aac9d2239e6c3b4c9f13bda1f69d3523e6cc31a0650c02b7bf2baeaad8384986d25a0f31ef0b324fd4f8fe324be19715156698a0477d5bb9c479e4490d29b1db48c97e28d180274d616378e41ab3a5854f512b2fbcd64b64519cdc19e515104ac69b499c51d1fcc728ddc1a701e2f06258471eb65fbecb6ba54e11ada85894ef1e9228aa3cbb38907f58b682f4944cb73f46e371916d688c131e44f05e7e3d6becd34668ec83ab7862d1fcc163a84246daebaa79c353ee9d36c138842c33c7cc61572d76318f11bd973e8fb367352a2e252250bc297bea019e0ab7236a137445d3a35cb634c6f2517a49f1e0c7252449c9cef4e0d1b66ad7e78bcc66416d8bfcc877d3021eccc21b9aa26192e3e3384d6495cce9ec6cabeaa0665c580a63487e576196bcf3218405edb0804ec430d8eba227ac4f6c9fdddb1d036f17872e27e40c32c72ffab7ecb4ed9416bf19970896d57a6a868b77554a158d28724e222bfd356216b03c67e827ba33464af97f0f985d60b3d8d7777ea11ffcb2447af1150030bfa0de81f4dad26de916d2953f0dd8b3e3821c99e506038ce55d58a8eae5bcc2fef8abf7fc3f7c0dfee2ebe54354bb9847e7be58e6a8396de6ea7bfce14b60ba33748a7f30008062885f10c29a872570aa7b31703e94fb6ec509ed7a8a40b50f835c92c9a5ae62728702921f67eade2a1ce0cc6638024c67cb5e974ae8ce809e1937c30f431e26635ad7b7382a53fa3717dd521da5bd5934b845142ee75d885a932de48bdad4036a4f9de17829d65ad199a5d2ac089a1afe5156f4fff5c6bad236e2997e845b3be7b4d54eb805ca0f1c578989a81f8c747140591f1d1d9fb360a89e09f2c7c3f55ed22f1f10844511c966037bbc3f1fa75368de1e824305e1f36c91a2e309c653991e2ffe2511062b66c860e75bddad9e4b513323fb461b55a1320c539dc032686704c9780c4d6f350eed2eb48142609018e918c701f58e1a56e2e3399054aed1172f8eeb5eec43a4a8d9e9d4494a9ca6ce74360769568aa5b79855b8eca8cf13542447fd81c7427ffbf3f4eeff3231c180b67860115dd3d6b17085cd5011b0651d648cc1408c2ea86b4892fa17fee055e89cdf04eb00f6b551648d0ee22f625598c46bad4a591583aaab4f565f75db720e217308f4ed6eaafe2d4fd9989f5a1564f0311d1a233f8f89c716b44fe85b42c7b41b16bb43029287ef5aa8566b3a2717d3d33c02566b03492c918a769eb1645cba2b398258029c736022f69d41440c57d4b6a34f5a2ea709a0bbfe41c0e4e4570836b62c4df6135e2ef85a9f47929b3261114cbb04ddf0d00cb998caf20b48f58f77189a384ba597249d6a1c696a1bc45f331246108deb7a09babbb00ff5cdcdca7408dc74ec746348b76bc9231d0a8fe546cc47762e3e8939b5ee9df2ac5cf9b17defe76784047ef49eecea3eae3fc063a15da465186c1d992fddb4f94b1e4c07df89a28cede9dbe0d3122b187e42de48aca29f7225675fcc95fe4d762bd01aa1b1e6388a0f2507073d18fb0ed74dfa10b39370dfcb98c6dffab6119aebc1e0c3887c06e8a3dea9c08a25f76e0fbf9d9f6b53410f3d39aa6441784d13c56fdf5ce7012460dec59676101c644aa21bb4f99ba36259b3d4361832cfff375c435eaec9b699151401deeb3939829dfccb982c57eebcf65d126ae7b7a07a2cbc04db8b812f6a5ab83d986f16ac5f8ee8691b24ae879cdf4a150b9b9f5aa93b11be83a37eb6554cf180570cab9ec477628fecfdc89a1ae39f533cc330124977c1685cc308421362ccd071958d52afd05b1361c2298a3d579c92f1aca91f2f4bcfc729d82ba352327f6e4e01d2bf3162ca624ddaf33d75e53095c2c5b41d5dc8be4cb7145015f82a18dc00b58482a71d8a7ff5619f33ad7a0a0a19fcf53c4a2dd058047371c4f043b57d094bac4bc8c10009256d84c80934900f273cbba123d7c4f85b7ca4575337c48e9e387323a7b0685d334a0a325a3ae38970e6cc709240bdb03d28019091d003b10285f1ca6f594cc13390cce3d9d8a59dc8f4a08922dee0c37fb3431331be89e401c58f0d0cb553d3d7afc78386d55e016929f98c4a11f34423465d31df9f7cbd752e913c9bee4769923a46cd1084f4fa21130aed5fa95bb99822b4f5e710f6fd82351ecf5adb12f3ca6d0fc447f0539cdd2a2e5845ba1850a2d8dbc4c289fc34b68f16c589996693265dea72b3e01efa7809bd82ce2730982cc1e2d0b2625993de79317e407ad24e31fde1978c2768a116b5a32274547a83317351879b327f88ffb7e8df7bf96c90bca6d0162a09afd3173829614413df4c1005f62655f61e6ceffa4ee7b9a11aa240081e43c9799f245b3437c19ad28083fee53042bd695feb90aefec87f6a8eb8c1f1bc716f5c69ca90fc3c02655a1b2c84bc0cd2cb7db74e5e531a97f7329e7d62eb0685226ff83348433ddd21d1243230bfb0ebe4649bf4777a465ed7ec2ca83dbfeabf8b9374b2d5a8fe9173f831a6175bf0dfe32586d2e65a4d8d8a5b75f3e6f01070ec442361e539d598fc16dfee7e4b9d7a1fff2eeb0bf4d68de62d233374515f77a40c9e08cf55e9c0009a57ea36a51340bfa461760624a782fa30b71c95f55bfdb451b696570e8c7bf502e22e113a40f4fa58f8d936a30753f3d067db465afd8fde37c57134a8d7172b4ac09669e7492249a978fed5eaf75bc30f762d2604436b0c868ce032a417abb078eed2b7901e176de1559fd9e0b6dede245276e49d19debdc77479e786eb49f64fc3932b32b5acb525da73163d4804c46663419a088515075c8cde8b1af53d6fbc2afafa06435abde6fd976bbc67e48d892e577d3af10b25c8ee0cda44ebd99f949d6ad13f507b908e447638c6736debbfb96536e33ecab888c24ec786e36f6c6b1ff5a72a04422f752824267547e14d4feab79d46cf244f7d0098150581219eda71477ad2833f1720ca1437619285ae4803e9247d7223c4b39f82891111062b55e9503e49ea420daa4e38cb76dde65607f5ad9c21ff87e54df5d50364fb4c0d0b200ab4211fc018db6c7b004b6d60b191dee6f3535afc0367a3f008926dc682f3a7a2ee09d5f5ce66196a5a6322582582c620cf9828aa3fd6836c547d022b3358a783e93625b4113c507430d065664263df7f39fb48dfb565f8f1ac3f9e8d18a4b27447902fda0c25c97cd9d902afdf8a5e6b03194a0dd35c0b59cba37d01b70e0d2d3cae7cae7585b37fbad90d6a442e4c5e5b8db1bfd8fa59d57374c9d8c806ec3d2142b60a476fd621a2e11edba20be881e0aeaf26b127a97168635268b372821a764d32b388eb7277135c64580ecb83af0765920ed38bd29fbc35f3057ddfee1b45155d55484a8686dcd69f9c62a049d0404fbad687310c3471a10ed9fd36f574f83a9b1e86133901cadaf2e27a303f955b1399c3ccb7e33bd1ea0b6efb087b148b069419a165ddaa14b01467f63a0f3d984a06894784fd7179e6de175a08b1d75b108d220337afba105cd0f5fb9a34eedee6c503ebd6ae841c08e791b003f94867831e91892e64cedca49a619c8ed1d8798afc3b609906fb20f185b227ce5c16fc2130b8ef29fbe43981825b250a84f1cb558c3976eafe9a05a52303b907c17791113a66e5b36e6f12bb798e3f2b488746a658be67d34d623c971f8e97cc05e38824086c0dafbf152ed048dff1e2c9ff546759577c77f74cbcfe3604edab3554ee57e0239d17010a662fa3dec5364424ff84df15de0b994d0dc0460c078196f0fa4591ea4cb05532a9b8835c29e7ed93bbc85eeb9b87ac4e064bfb91bdeb78ba68df53b1e397cb1b9d636fbab6fff2a092fe2959cd41e766bc26b740bce08a4d87828d143495bcc9e756cc351f50b54ef85a977270f80db21f0ba9dd011ca4e810fda6dede5752afd08a6999228eeaec9cc18021f82c1e6c60496a1d554331c0e24e80caa27a03605f4349ab35edee2caf24cb708e729650613badb5b4cd8d6d28f00a9e76c65e2f6a6b0b66679986fa73d9f1efcbdea41aaeb0489132f1a08f17758164e3304f263b3e47fe18f63808fcd331dcc819088ab8abd2ffedfe0f06add116cfdd2ff6b226c9697a32390a90e29f17b91ef6ec757f2f086be5b2746667b58f2685b52d3c2f2b9ce817f003779ea96c4211f522be96fb2037cfab0163e1ed7ce7d60dffbfab6ba4095c409a7f1ffaee263cb63688519169ec99a51a38b5ef5472a354c7c43d5bc219e105b0cb9c4159144540ca2e6af630c96c15c5ae8893781e85a9f9d78c11ee230e41b100fca9c07396c2932399dbf864a29ea375f230db2186d6d7331c75b061576480c90ae9d7c74f9fec7c463d5ba4b3e6c5493c3c47cfa73d2ca6ad3231a84fe8bb6c53edf4f574254b7b3752fcbc6961e2ee7e916b7a1e2fac80be4812e41f04ca191913b1e1fdea2c7017c1f06ecc750c342a2d8b2006c4fd410c3a07f70a71f0db5c3a0b8db9dbcafb574acd2381f3b19ba21c05fc6c8c66ff30f8be47972d39ba0dbf73f6fad21769d44eba33b51dd48c9ba7167af1d10a508fdedb121998ab56cb3a44f85fcd5abbbee16f91b4929589d7001e8c3e3ec19cb7f46f2f22deca1abc9405327d3da2d4858367ca9b77f6aa112e2ba5c49b7373e7ee535ab059a88077e77f14a532f8002388a3ab0e86fb1adf505aa40a61dd31870895af64943f35741c89a9636e3d9359d4b66c42e2b2074c98fd0c5d0b68d3d313737bf46934bea4d3aeb7c7b5f04bb1560f33c4f3d0cb69faccd34dc6d41b05a0eb1f4a53", 0x1000, 0x80000000, 0x2}], 0x140000)

04:55:57 executing program 5:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:57 executing program 1:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/version\x00Z\xa2\xac\x00\x00\xb8\xb5\xa2\x8a)\xae\xcb\xf8C8ZQ%\x03\x98\xce\x12\xd9\x84\xf5*\x14\x9e\xaf\x98f\xf3\xc38(\xfes\xd4\xf3\x19R\x8b\xbd\x89\xfc\xef\xb6%\xad\xacF\xdfu\"\xeb\xb2<\x98\xadi\xbd\xc8%\t\xdfoCy\x17\x02\x00\x00\x00\xca\x02\x98\x89\x05\xb6r\xc3\xa2\r\x10\xf8\x90\xb9\xf5w$4\v8N\xcaa6\xea\xe4\xfdJ\x01^\a0v\xb8\xf1\xcd\xe4^\xea\x0f\x0f\f<\xa6N\xbd\xd0\xce\xfc\r\x9e\x8e\xa9\x1d\v\xbb\xa5\x00'/160, 0x2, 0x0)
write$FUSE_STATFS(r0, &(0x7f0000000000)={0x60, 0xfffffffffffffff5, 0x7, {{0x4, 0x401, 0x0, 0x1, 0x8, 0x4f, 0x9, 0x8}}}, 0x60)
pread64(r0, 0x0, 0x0, 0x800003)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000180)="c06632eedd773bc12ee21acafcddb24d7913d6b1462553ca97540dcae42bbdd0052594da471a759504ac14d8a977ad7d1cc4a924e2ca1a98608b603bc6830f7f5f021b378222a7e6d1e6fbaaecf1c04541f83afc74bc8f3227a170a7b0c9aa2146ce16fd6dc956fd0a99c6418101fff9439dd344663c9925c467464cc8c8e37544df4f52956e16067c3751d2c392e4d468093bb3316e91eaf47fd1c8638d8f1bb7a1933827fd7164179061fff6eafeccf770bbd9ffb075f039c1d668343ef4b163bfa589f0036b11c41c708fc1509412e5f46075b5bc2c3859dfc2e3832f32949fbed2d06430e197ca90e50b977de50028f4d33c03509b35a6ca1b1d53ca", &(0x7f0000000280)=""/108}, 0x18)

04:55:57 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
clone(0x1ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@rand_addr="623ad882c0d98a0d7ed2fa6843dd3c22", 0x0, 0x0, 0x0, 0x4}, 0x20)
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MIGRATE(r3, 0x6609)
tkill(r2, 0x1)

04:55:57 executing program 0:
socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0))
getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040))
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5)
r2 = getpgrp(0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"])
syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000})
r4 = socket$inet6(0xa, 0x3, 0x13ab)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0xfffffffffffffefd)

04:55:57 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e515320000000002008801260010000000640000000001", 0x30, 0x1a0}])

04:55:57 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r0, 0x6, 0xc, &(0x7f0000bfcffc), &(0x7f0000000240)=0xffffffffffffff3a)

04:55:58 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0)
poll(&(0x7f0000002880)=[{r0}], 0x200000000000002b, 0xc4)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070")
r2 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x5, 0x2000301000)
openat$cgroup_procs(r2, &(0x7f0000000140)='tasks\x00', 0x2, 0x0)
socketpair(0x15, 0x80007, 0x9, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
setsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, &(0x7f0000000080)=0x28787e4f, 0x4)

04:55:58 executing program 4:
r0 = socket(0x10, 0x802, 0x0)
write(r0, &(0x7f0000000040)="240000001a0025f0001b000400edfc0e1c0b0020e80000001009ffeb0800010000000100", 0x24)
r1 = syz_genetlink_get_family_id$ipvs(0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x1, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000180)={{0x0, 0x1000, 0x0, 0x0, 0x40, 0x7, 0x2, 0x4, 0x20, 0xfdc, 0x6, 0x6}, {0x2, 0x100000, 0xd, 0x36, 0x1, 0x0, 0xffffffff, 0x8, 0x6, 0x8, 0x0, 0xa2b}, {0x0, 0x10d004, 0x0, 0x8, 0xe8f5, 0x700000000000, 0x7, 0xc967, 0x7b5e, 0x92f8, 0x1, 0x2}, {0x6006, 0x103001, 0x4, 0xbc3, 0x6, 0x5, 0x7, 0x5, 0x4, 0x5, 0x401, 0x4}, {0x10d000, 0x5004, 0x1f, 0x6, 0x9, 0x4, 0x200, 0x7fffffff, 0x5, 0x30000000, 0xc4, 0x6}, {0x10f000, 0x6000, 0xf, 0x1, 0x0, 0x141bfcb5, 0x1, 0x80000000, 0x1, 0xff, 0x9, 0x803}, {0xf000, 0x7002, 0x8, 0x8f20, 0x800, 0x200, 0x80, 0x0, 0x1e, 0x0, 0x8, 0x80}, {0x7000, 0x1, 0xf, 0x6, 0x4, 0x4, 0x4, 0x673, 0x0, 0x49, 0x5, 0xf2}, {0x6000, 0x1000}, {0x10000, 0x10000}, 0x20000000, 0x0, 0xf005, 0x200000, 0x6, 0x1900, 0x0, [0x9, 0x7, 0x0, 0xffffffff]})
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r1, 0x303, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffffffd}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3f}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x8000)

[  209.711621] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  209.731247] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
04:55:58 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e515320000000002008801260010000000640000000001", 0x30, 0x1a0}])

04:55:58 executing program 4:
unshare(0x24020400)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f00000000c0)={0x0, <r1=>0x0})
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000100)={0x0, r1})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f0000000040)={0x8001}, 0x4)
statx(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x800, &(0x7f0000000180))
perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, r3)

[  209.845411] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8302 comm=syz-executor.4
04:55:58 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
clone(0x3102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x8)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r3=>0x0})
connect$packet(r2, &(0x7f00000001c0)={0x11, 0xf7, r3, 0x1, 0x3f, 0x6, @dev={[], 0x19}}, 0x14)
tkill(r1, 0x2a)
ptrace$poke(0x4, r1, &(0x7f0000000200), 0x0)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$cont(0x20, r1, 0x1, 0x6)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x1, 0x3, 0x65})
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/btrfs-control\x00', 0x20000000000004fe, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x1f, r1, 0x0, 0x0)

04:55:58 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900", 0x48, 0x1a0}])

[  210.002962] overlayfs: missing 'lowerdir'
[  210.015684] overlayfs: failed to resolve './file1': -2
[  210.169220] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size.
04:55:58 executing program 5:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:55:58 executing program 4:
r0 = memfd_create(&(0x7f000088f000)='b\n\x00', 0x4)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x9c, r1, 0xd00, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x32}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2a}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x4}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4040}, 0x4000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x5011, r0, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x4, 0x81)
getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ftruncate(r0, 0x0)

[  210.592615] audit: type=1400 audit(1556168158.896:54): avc:  denied  { map } for  pid=8332 comm="syz-executor.4" path=2F6D656D66643A620A202864656C6574656429 dev="hugetlbfs" ino=30179 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1
04:56:01 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}, @icmp=@address_reply}}}}, 0x0)
r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x4, 0x503080)
ioctl$TIOCSCTTY(r2, 0x540e, 0x7ff)
recvmmsg(r1, &(0x7f0000005e40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffc1}}], 0x1, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(r1, 0x8906, 0x0)

04:56:01 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900", 0x48, 0x1a0}])

04:56:01 executing program 0:
socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0))
getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040))
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5)
r2 = getpgrp(0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"])
syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000})
r4 = socket$inet6(0xa, 0x3, 0x13ab)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0xfffffffffffffefd)

04:56:01 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket(0x11, 0x80002, 0x0)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000200)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@mcast2}}, &(0x7f0000000100)=0xe8)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000000400)=0xe8)
lstat(&(0x7f0000000440)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000540)={{{@in=@dev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@dev}, 0x0, @in6=@dev}}, &(0x7f0000000640)=0xe8)
getgroups(0x1, &(0x7f0000000680)=[<r6=>0xee01])
setxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f00000006c0)={{}, {0x1, 0x5}, [{0x2, 0x0, r2}, {0x2, 0x2, r3}, {0x2, 0x3, r4}, {0x2, 0x3, r5}], {0x4, 0x4}, [{0x8, 0x3, r6}], {0x10, 0x1}, {0x20, 0x3}}, 0x4c, 0x2)
sendmmsg(r0, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x50, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0)

04:56:01 executing program 5:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:56:01 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900", 0x48, 0x1a0}])

04:56:01 executing program 2:
clone(0x2103001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7fff, 0x80)
ioctl$CAPI_SET_FLAGS(r0, 0x80044324, &(0x7f0000000040)=0x1)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781500000000f6000008000000070000006043110000000090bd60000e9d597a000000000700000000385a58e40200"], 0x3e)
ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x9, 0x8, &(0x7f0000000080)=0x8})

[  212.863485] overlayfs: missing 'lowerdir'
[  212.873756] overlayfs: failed to resolve './file1': -2
[  212.886818] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size.
04:56:01 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000240))
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000180)={[{0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]})

[  212.911914] SELinux: failed to load policy
04:56:01 executing program 1:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000000c0)={0x0, 0x0, 0x103, 0xffffffffffffffff, {0x3, 0x3, 0x7e, 0x5}})
readv(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1)
fcntl$setstatus(r0, 0x4, 0x4400)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@hopopts={0x3f, 0x0, [], [@pad1]}, 0x10)
pwritev(r0, &(0x7f0000000280), 0x300, 0x0)

04:56:01 executing program 4:
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x100, 0x0)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000340)=0x1, &(0x7f0000000380)=0x2)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000400)={0x1, 0x0, @ioapic={0xf004, 0x0, 0x9, 0x101, 0x0, [{0xfffffffffffffc00, 0x6, 0x5, [], 0x10001}, {0x0, 0x1ff, 0x8, [], 0x5}, {0x0, 0x4, 0xfffffffffffff2e3, [], 0x80}, {0x5, 0x2, 0x5, [], 0x8000}, {0x4, 0x81, 0x4, [], 0x7}, {0xffffffff, 0x548cb9fc, 0x7fff, [], 0x45}, {0x1, 0x0, 0x1, [], 0x3309a8f3}, {0x6, 0x6, 0x9, [], 0xffff}, {0x0, 0xfffffffffffffffb, 0x7, [], 0x8000}, {0xfffffffffffffff7, 0x9, 0xffffffffffff8000, [], 0x1f}, {0x20, 0x8001, 0x101, [], 0x7}, {0x0, 0x4, 0x0, [], 0x8}, {0x9, 0x0, 0x8, [], 0x3}, {0x6, 0x7f, 0x183, [], 0x7}, {0x1, 0x6, 0x100, [], 0x9}, {0xfffffffffffffffe, 0x62, 0x1}, {0xfff, 0x1, 0x8, [], 0x8001}, {0x1, 0x1, 0x5, [], 0x100}, {0x1, 0x0, 0x1, [], 0x477}, {0x3, 0x9ab5, 0x3, [], 0x10000}, {0x400, 0x81, 0x1, [], 0x7ff}, {0xffffffffffffffe1, 0x20, 0x0, [], 0x6}, {0xf56f, 0x0, 0x3f, [], 0x8}, {0x2b, 0x3}]}})
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2000000000002)
r1 = syz_open_procfs(0x0, &(0x7f0000000540)='mountinfo\x00')
openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x0, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0e85667, &(0x7f0000000200)={0xc0000000, 0x1, "aabeeef54b1e39d23cb25fa987119dba58afd924881e6b3f70438b24f1865bee", 0x8, 0x0, 0x2d, 0x7fffffff, 0x5, 0x100000000, 0x0, 0x80, [0xeaa2, 0x0, 0x955, 0x5]})
ioctl$KVM_SET_FPU(r1, 0x41a0ae8d, &(0x7f0000000040)={[], 0x2, 0xd1, 0x100000000, 0x0, 0x1, 0x3000, 0x10000, [], 0x5d})

04:56:01 executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x8000, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x50000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'eql\x00', 0x2})
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x48002, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f00000000c0)={0x0, 0xb2dc, 0x0, 0x1})
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000080)=0x9)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r2, 0x8923, &(0x7f0000000180)={'eql\x00', @ifru_flags=0x3301})

[  213.036214] mmap: syz-executor.4 (8383) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
04:56:01 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900000064000000000432004220", 0x54, 0x1a0}])

04:56:01 executing program 0:
socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0))
getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040))
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5)
r2 = getpgrp(0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"])
syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000})
socket$inet6(0xa, 0x3, 0x13ab)

04:56:01 executing program 1:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000000c0)={0x0, 0x0, 0x103, 0xffffffffffffffff, {0x3, 0x3, 0x7e, 0x5}})
readv(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1)
fcntl$setstatus(r0, 0x4, 0x4400)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@hopopts={0x3f, 0x0, [], [@pad1]}, 0x10)
pwritev(r0, &(0x7f0000000280), 0x300, 0x0)

[  213.169935] : renamed from eql
04:56:01 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900000064000000000432004220", 0x54, 0x1a0}])

04:56:01 executing program 1:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000000c0)={0x0, 0x0, 0x103, 0xffffffffffffffff, {0x3, 0x3, 0x7e, 0x5}})
readv(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1)
fcntl$setstatus(r0, 0x4, 0x4400)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@hopopts={0x3f, 0x0, [], [@pad1]}, 0x10)
pwritev(r0, &(0x7f0000000280), 0x300, 0x0)

04:56:01 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:56:01 executing program 2:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
r0 = gettid()
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000040)=r0)
r2 = socket$inet(0x10, 0x2000000000000003, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="2e0000009d76ffe2000000249da07352cbae1a0000000000", @ANYRES32=0x0, @ANYRES16=r2], 0x1e)
r3 = syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0x5, 0x40000)
getsockopt$SO_COOKIE(r3, 0x1, 0x39, &(0x7f0000000300), &(0x7f0000000340)=0x8)
write$P9_RUNLINKAT(r3, &(0x7f0000000240)={0x7, 0x4d, 0x1}, 0x7)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x80000, 0x0)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000003c0)={0x3, [0x20, 0x5, 0x9]}, &(0x7f0000000400)=0xa)
setsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f00000002c0)=0xa, 0x4)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000140)=0x2)
ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00\x00\x00\x00\x00r\xed\x02\x00', @ifru_flags=0x2})
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0)
write$P9_RLOCK(r5, &(0x7f00000000c0)={0x8, 0x35, 0x2, 0x1}, 0x8)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000001c0)={'batadv0\x00', {0x2, 0x4e20, @multicast1}})
syz_open_dev$sndseq(&(0x7f0000000380)='/dev/snd/seq\x00', 0x0, 0x200000)

04:56:01 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900000064000000000432004220", 0x54, 0x1a0}])

04:56:01 executing program 1:
mknod$loop(&(0x7f0000001440)='./file0\x00', 0x0, 0xffffffffffffffff)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d764161ee6b626e0adc3dcb1c7c5ed0836e8fad4bcbee9c107719f7653ade2e71fd436686a5ddc955821773a0bcf6e259d50d9f78864da5c51f68b9858a06a50779bad0d9", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
r1 = open$dir(&(0x7f0000000040)='.\x00', 0x0, 0x0)
name_to_handle_at(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)={0xfffffffffffffde8}, 0x0, 0x1000)

04:56:01 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:56:01 executing program 4:
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e10f2287620300f32303030303f303537000000000000000000"], 0x1, 0x0)
r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe)
keyctl$update(0x2, r0, 0x0, 0x0)

04:56:01 executing program 1:
mkdir(&(0x7f000002b000)='./file0\x00', 0x0)
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x80000)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000100)=<r2=>0x0)
mq_notify(r1, &(0x7f0000000140)={0x0, 0x9, 0x1, @tid=r2})
syslog(0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000700)='./file0\x00', 0x0, 0x20000, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r4, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
sendfile(r0, r3, 0x0, 0x800000080000002)

04:56:01 executing program 2:
syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x9cca, 0x80)
r0 = syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0xff, 0x10000)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0)
perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
accept4$rose(r0, &(0x7f00000001c0)=@short={0xb, @dev, @remote, 0x1, @null}, &(0x7f0000000200)=0x1c, 0x80000)
clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0)
sysinfo(&(0x7f0000000000)=""/248)
r1 = socket$inet(0x10, 0x3, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags})
write$rfkill(r2, &(0x7f0000000100)={0x3, 0x1, 0x2, 0x1}, 0x8)
syz_open_dev$radio(&(0x7f0000000340)='/dev/radio#\x00', 0x0, 0x2)

[  213.610668] overlayfs: missing 'lowerdir'
[  213.629135] overlayfs: failed to resolve './file1': -2
[  213.700633] encrypted_key: master key parameter '020000?057' is invalid
[  213.738371] audit: type=1400 audit(1556168162.036:55): avc:  denied  { sys_admin } for  pid=8442 comm="syz-executor.2" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[  213.775291] encrypted_key: master key parameter '020000?057' is invalid
[  213.788532] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size.
04:56:02 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000", 0x5a, 0x1a0}])

04:56:02 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:56:02 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x98)
r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000240)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x4e20, 0x0, @local}}}, 0x38)

04:56:02 executing program 4:
syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000080)=[{&(0x7f00000002c0)="cefaad1bb83c000000dc35c961021610a93fceb8d3f4900b073fb6564411efb238d333bc888706e315e2d44307c5c80d32f0240f0c82398c6702caa430234a223424eab01b4f537ff1889c69ae8b39631e88a829126fccd36237866f77c52cd3a9d39c58e7d8135c0f4f5f2bafb88baf95d7f64a31169a70df37fd36c5f06d2aeac897874ca3104b46fd91d23e0cb91fb4b46b9bc0e91fb85d42e3f33b7209761be9e2b3f43d5132cd92cc6880aee3329e0b442b03637bc4a6ffd61a55745b06978c28eed9f22d64034dd0dfb2fa02d3f7030b2b0904cd7cf0f3dbf4b73fb92900535bf0b82f1c9384554fcdf3bd63d0683da7cfbad67ada52c90a29abc6a326f9a894c9ce558ab251abb0293bb082a2ca813e00560ef321072272b7084906bdd36e404898da9ee1487e77b901f558ea12897ebf4dd078594251f78e7445ba9e4b2fd7e56d1e1bfa025b5aaf661fc358c1af964335681167f0ff6dc915f07ca47d61aeb8108f7a12c3900442834fc409e0f9fec162693b9bee5fb6974dc69146e97e39f413b45a71e761aa45240be5efea756e0b09137f652f8409b2c8cf393a0e8dd0c7f7c74c1fcf3a75a0d875d8a2ca72e0ad52d55d8fa56a144aa9c21515a4fbfdc9561d8d162762bb83dd7d36fc7b4a1290bd0a64317b9de3597496ef4cbd8339b02f3ef8953592ef281ba853abbb094b919d9d6c585a0bc57e3d4e4d09ebd2ec5bcf6c752ecc", 0x209}], 0x0, 0x24)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x400, 0x4)
ioctl$NBD_DO_IT(r0, 0xab03)

04:56:02 executing program 0:
socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0))
getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040))
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5)
r2 = getpgrp(0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"])
syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000})
socket$inet6(0xa, 0x3, 0x13ab)

04:56:02 executing program 2:
syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x9cca, 0x80)
r0 = syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0xff, 0x10000)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0)
perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
accept4$rose(r0, &(0x7f00000001c0)=@short={0xb, @dev, @remote, 0x1, @null}, &(0x7f0000000200)=0x1c, 0x80000)
clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0)
sysinfo(&(0x7f0000000000)=""/248)
r1 = socket$inet(0x10, 0x3, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags})
write$rfkill(r2, &(0x7f0000000100)={0x3, 0x1, 0x2, 0x1}, 0x8)
syz_open_dev$radio(&(0x7f0000000340)='/dev/radio#\x00', 0x0, 0x2)

04:56:02 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(0x0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

[  213.981910] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  213.999753] BFS-fs: bfs_fill_super(): Last block not available: 6593261
04:56:02 executing program 2:
socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0))
getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040))
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5)
r2 = getpgrp(0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"])
syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000})
socket$inet6(0xa, 0x3, 0x13ab)

04:56:02 executing program 3:
syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000", 0x5a, 0x1a0}])

04:56:02 executing program 4:
socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0))
getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040)
ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040))
mkdir(&(0x7f00000013c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5)
r2 = getpgrp(0xffffffffffffffff)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"])
syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000})
socket$inet6(0xa, 0x3, 0x13ab)

04:56:02 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(0x0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:56:02 executing program 1:
r0 = socket$inet6(0xa, 0x10400000000001, 0xffffffffffffffff)
close(r0)
r1 = socket$netlink(0x10, 0x3, 0x400000000000a)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$setstatus(r1, 0x4, 0x2000)
ftruncate(r2, 0x200004)
sendfile(r0, r2, 0x0, 0x80003f000002)

04:56:02 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(0x0, r0, 0x4000000000000016, &(0x7f00000004c0))
ptrace(0x4206, r0)
rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a})
wait4(0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0)

04:56:02 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$swradio(&(0x7f0000000180)='/dev/swradio#\x00', 0x0, 0x2)
ioctl$KDSKBLED(r1, 0x4b65, 0x2)
r2 = getpgid(0x0)
perf_event_open(&(0x7f0000000300)={0x7, 0x70, 0x100000001, 0x6, 0xe37, 0x3, 0x0, 0x3, 0x4, 0xc, 0x9000000000, 0xffffffff, 0x7, 0x5, 0x5, 0xfffffffffffffff8, 0x5, 0x1, 0x200, 0x4, 0x0, 0x401, 0xd335, 0x9, 0x0, 0x10000, 0x2f, 0x9f, 0x1, 0xda05, 0x386b, 0x9, 0x2, 0x2, 0xfc, 0x3, 0x80, 0x2ce, 0x0, 0x8001, 0x4, @perf_config_ext={0x7, 0xffffffffffffff7f}, 0x1000, 0x8, 0x6, 0x5, 0x6, 0x6, 0x1f}, r2, 0x6, r1, 0x2)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000240)={<r3=>0x0, 0x10}, &(0x7f0000000280)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r3, 0x0, 0x30}, 0xc)
r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x0, 0x0)
connect$unix(r4, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
mkdir(&(0x7f00000012c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffdfffff, @perf_config_ext={0xffffffffffffffff}, 0xa00000000, 0x0, 0x40000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCSISO7816(r4, 0xc0285443, &(0x7f00000001c0)={0x4, 0x4, 0x800, 0x800, 0x4})
ioctl$SIOCAX25NOUID(r1, 0x89e3, &(0x7f0000000200)=0x1)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000))

[  214.256298] overlayfs: missing 'lowerdir'
[  214.275011] audit: type=1400 audit(1556168162.576:56): avc:  denied  { create } for  pid=8504 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1
[  214.291397] overlayfs: failed to resolve './file1': -2
[  214.339113] overlayfs: missing 'lowerdir'
[  214.347095] overlayfs: failed to resolve './file1': -2
04:56:02 executing program 1:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, 0x0)
open(0x0, 0x400, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
mkdir(&(0x7f0000001c40)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, 0x0)
r1 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1)
fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1})
unshare(0x34040006)
ftruncate(r1, 0x39)
dup2(r0, r1)
msgget(0xffffffffffffffff, 0x0)

[  214.425473] overlayfs: missing 'lowerdir'
[  214.436653] overlayfs: failed to resolve './file1': -2
[  427.991325] INFO: task syz-executor.5:7069 blocked for more than 140 seconds.
[  427.998728]       Not tainted 4.14.113 #3
[  428.003418] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.011465] syz-executor.5  D24992  7069      1 0x00000004
[  428.017233] Call Trace:
[  428.019823]  __schedule+0x7be/0x1cf0
[  428.023645]  ? __mutex_lock+0x737/0x1470
[  428.027745]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.032903]  schedule+0x92/0x1c0
[  428.036365]  schedule_preempt_disabled+0x13/0x20
[  428.041432]  __mutex_lock+0x73c/0x1470
[  428.045335]  ? trace_hardirqs_on+0x10/0x10
[  428.049724]  ? lo_release+0x84/0x1b0
[  428.053534]  ? save_trace+0x280/0x290
[  428.057342]  ? mutex_trylock+0x1c0/0x1c0
[  428.061485]  ? __blkdev_put+0x397/0x7f0
[  428.066223]  ? find_held_lock+0x35/0x130
[  428.070475]  ? __blkdev_put+0x397/0x7f0
[  428.074463]  ? loop_clr_fd+0xae0/0xae0
[  428.078350]  mutex_lock_nested+0x16/0x20
[  428.082513]  ? mutex_lock_nested+0x16/0x20
[  428.086775]  lo_release+0x84/0x1b0
[  428.090396]  ? loop_clr_fd+0xae0/0xae0
[  428.094353]  __blkdev_put+0x436/0x7f0
[  428.098160]  ? bd_set_size+0xb0/0xb0
[  428.102025]  ? wait_for_completion+0x420/0x420
[  428.106694]  blkdev_put+0x88/0x510
[  428.110329]  ? fcntl_setlk+0xb90/0xb90
[  428.114241]  ? blkdev_put+0x510/0x510
[  428.118093]  blkdev_close+0x8b/0xb0
[  428.121946]  __fput+0x277/0x7a0
[  428.125811]  ____fput+0x16/0x20
[  428.129101]  task_work_run+0x119/0x190
[  428.133103]  exit_to_usermode_loop+0x1da/0x220
[  428.137717]  do_syscall_64+0x4a9/0x630
[  428.142424]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  428.147309]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  428.152616] RIP: 0033:0x412b30
[  428.155897] RSP: 002b:00007ffcb4c50128 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  428.163686] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000412b30
[  428.171035] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
[  428.178368] RBP: 0000000000000092 R08: 0000000000000000 R09: 000000000000000a
[  428.185731] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  428.193059] R13: 00007ffcb4c50160 R14: 00000000000344ab R15: 00007ffcb4c50170
[  428.200471] INFO: task syz-executor.1:7073 blocked for more than 140 seconds.
[  428.207750]       Not tainted 4.14.113 #3
[  428.211964] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.219957] syz-executor.1  D24992  7073      1 0x00000004
[  428.225801] Call Trace:
[  428.228403]  __schedule+0x7be/0x1cf0
[  428.232280]  ? __mutex_lock+0x737/0x1470
[  428.236352]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.241462]  schedule+0x92/0x1c0
[  428.244934]  schedule_preempt_disabled+0x13/0x20
[  428.249694]  __mutex_lock+0x73c/0x1470
[  428.253666]  ? __mutex_unlock_slowpath+0x71/0x800
[  428.258622]  ? __blkdev_get+0x145/0x1120
[  428.262783]  ? mutex_trylock+0x1c0/0x1c0
[  428.267019]  ? exact_match+0xd/0x20
[  428.270702]  ? kobj_lookup+0x319/0x410
[  428.274597]  ? blkdev_ioctl+0x1880/0x1880
[  428.278744]  mutex_lock_nested+0x16/0x20
[  428.282869]  ? mutex_lock_nested+0x16/0x20
[  428.287108]  __blkdev_get+0x145/0x1120
[  428.291082]  ? __blkdev_put+0x7f0/0x7f0
[  428.295072]  ? bd_acquire+0x178/0x2c0
[  428.298866]  ? find_held_lock+0x35/0x130
[  428.303027]  blkdev_get+0xa8/0x8e0
[  428.306597]  ? bd_may_claim+0xd0/0xd0
[  428.310497]  ? _raw_spin_unlock+0x2d/0x50
[  428.314661]  blkdev_open+0x1d1/0x260
[  428.318372]  ? security_file_open+0x8f/0x1a0
[  428.322873]  do_dentry_open+0x73e/0xeb0
[  428.326876]  ? bd_acquire+0x2c0/0x2c0
[  428.330759]  vfs_open+0x105/0x230
[  428.334227]  path_openat+0x8bd/0x3f70
[  428.338028]  ? trace_hardirqs_on+0x10/0x10
[  428.342352]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  428.347096]  ? find_held_lock+0x35/0x130
[  428.351280]  ? __alloc_fd+0x1d4/0x4a0
[  428.355718]  do_filp_open+0x18e/0x250
[  428.359624]  ? may_open_dev+0xe0/0xe0
[  428.363506]  ? _raw_spin_unlock+0x2d/0x50
[  428.367700]  ? __alloc_fd+0x1d4/0x4a0
[  428.371574]  do_sys_open+0x2c5/0x430
[  428.375297]  ? filp_open+0x70/0x70
[  428.378823]  SyS_open+0x2d/0x40
[  428.382193]  ? do_sys_open+0x430/0x430
[  428.386088]  do_syscall_64+0x1eb/0x630
[  428.389965]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  428.394966]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  428.400214] RIP: 0033:0x412d10
[  428.403399] RSP: 002b:00007ffc292eb888 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  428.411182] RAX: ffffffffffffffda RBX: 0000000000034593 RCX: 0000000000412d10
[  428.418525] RDX: 00007ffc292eb91a RSI: 0000000000000002 RDI: 00007ffc292eb910
[  428.425898] RBP: 000000000000009e R08: 0000000000000000 R09: 000000000000000a
[  428.433234] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  428.440579] R13: 00007ffc292eb8c0 R14: 0000000000034571 R15: 00007ffc292eb8d0
[  428.448024] INFO: task syz-executor.0:8494 blocked for more than 140 seconds.
[  428.455553]       Not tainted 4.14.113 #3
[  428.459699] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.467750] syz-executor.0  D29344  8494   7068 0x00000004
[  428.473507] Call Trace:
[  428.476100]  __schedule+0x7be/0x1cf0
[  428.479797]  ? __mutex_lock+0x737/0x1470
[  428.484050]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.489136]  schedule+0x92/0x1c0
[  428.492559]  schedule_preempt_disabled+0x13/0x20
[  428.497313]  __mutex_lock+0x73c/0x1470
[  428.501259]  ? blkdev_put+0x2b/0x510
[  428.504979]  ? loop_probe+0x160/0x160
[  428.508764]  ? mutex_trylock+0x1c0/0x1c0
[  428.512962]  ? blkdev_ioctl+0x10e/0x1880
[  428.517026]  ? fsnotify+0x933/0x11e0
[  428.520805]  ? blkdev_put+0x510/0x510
[  428.524611]  mutex_lock_nested+0x16/0x20
[  428.528650]  ? mutex_lock_nested+0x16/0x20
[  428.532945]  blkdev_put+0x2b/0x510
[  428.536548]  ? fcntl_setlk+0xb90/0xb90
[  428.540490]  ? blkdev_put+0x510/0x510
[  428.544297]  blkdev_close+0x8b/0xb0
[  428.547991]  __fput+0x277/0x7a0
[  428.551378]  ____fput+0x16/0x20
[  428.554667]  task_work_run+0x119/0x190
[  428.558547]  exit_to_usermode_loop+0x1da/0x220
[  428.563247]  do_syscall_64+0x4a9/0x630
[  428.567134]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  428.572016]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  428.577305] RIP: 0033:0x412b51
[  428.580528] RSP: 002b:00007f78c436ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  428.588235] RAX: 0000000000000000 RBX: 00007f78c436d6d4 RCX: 0000000000412b51
[  428.595581] RDX: 0000000000000008 RSI: 0000000000004c00 RDI: 0000000000000009
[  428.602876] RBP: 0000000000000009 R08: 0000000000000000 R09: 000000000000000a
[  428.610189] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000008
[  428.617459] R13: 00000000004c7975 R14: 00000000004dd9b0 R15: 00000000ffffffff
[  428.624829] INFO: task syz-executor.2:8501 blocked for more than 140 seconds.
[  428.632179]       Not tainted 4.14.113 #3
[  428.636318] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.644480] syz-executor.2  D28304  8501   7072 0x00000004
[  428.650148] Call Trace:
[  428.652725]  __schedule+0x7be/0x1cf0
[  428.656523]  ? __mutex_lock+0x737/0x1470
[  428.660636]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.665655]  schedule+0x92/0x1c0
[  428.669000]  schedule_preempt_disabled+0x13/0x20
[  428.673788]  __mutex_lock+0x73c/0x1470
[  428.677680]  ? lo_ioctl+0x87/0x1c70
[  428.681341]  ? lock_downgrade+0x6d0/0x6e0
[  428.685498]  ? mutex_trylock+0x1c0/0x1c0
[  428.689665]  ? avc_has_extended_perms+0x8ec/0xe40
[  428.694546]  ? putname+0xdb/0x120
[  428.698001]  ? avc_ss_reset+0x110/0x110
[  428.702151]  ? kasan_slab_free+0x75/0xc0
[  428.706262]  mutex_lock_nested+0x16/0x20
[  428.710396]  ? mutex_lock_nested+0x16/0x20
[  428.714688]  lo_ioctl+0x87/0x1c70
[  428.718127]  ? loop_probe+0x160/0x160
[  428.721968]  blkdev_ioctl+0x983/0x1880
[  428.725855]  ? blkpg_ioctl+0x980/0x980
[  428.729788]  ? __might_sleep+0x93/0xb0
[  428.733771]  ? __fget+0x210/0x370
[  428.737254]  block_ioctl+0xde/0x120
[  428.741081]  ? blkdev_fallocate+0x3b0/0x3b0
[  428.745407]  do_vfs_ioctl+0x7b9/0x1070
[  428.749277]  ? selinux_file_mprotect+0x5d0/0x5d0
[  428.754077]  ? lock_downgrade+0x6e0/0x6e0
[  428.758226]  ? ioctl_preallocate+0x1c0/0x1c0
[  428.762666]  ? __fget+0x237/0x370
[  428.766125]  ? security_file_ioctl+0x8f/0xc0
[  428.770592]  SyS_ioctl+0x8f/0xc0
[  428.773969]  ? do_vfs_ioctl+0x1070/0x1070
[  428.778117]  do_syscall_64+0x1eb/0x630
[  428.782038]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  428.786934]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  428.792164] RIP: 0033:0x458c07
[  428.795350] RSP: 002b:00007f5f7d267a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  428.803133] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458c07
[  428.810427] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008
[  428.817689] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a
[  428.825002] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007
[  428.832299] R13: 00000000004c7975 R14: 00000000004dd9b0 R15: 00000000ffffffff
[  428.839576] INFO: task syz-executor.3:8490 blocked for more than 140 seconds.
[  428.846905]       Not tainted 4.14.113 #3
[  428.851056] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.859015] syz-executor.3  D26960  8490   7071 0x00000004
[  428.864694] Call Trace:
[  428.867272]  __schedule+0x7be/0x1cf0
[  428.871149]  ? __mutex_lock+0x737/0x1470
[  428.875210]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.880276]  schedule+0x92/0x1c0
[  428.883721]  schedule_preempt_disabled+0x13/0x20
[  428.888462]  __mutex_lock+0x73c/0x1470
[  428.892404]  ? blkdev_reread_part+0x1f/0x40
[  428.896724]  ? mutex_trylock+0x1c0/0x1c0
[  428.900844]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  428.905947]  ? __wake_up_common_lock+0xe3/0x160
[  428.910699]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  428.915814]  mutex_lock_nested+0x16/0x20
[  428.919873]  ? mutex_lock_nested+0x16/0x20
[  428.924193]  blkdev_reread_part+0x1f/0x40
[  428.928365]  loop_reread_partitions+0x7c/0x90
[  428.932913]  loop_clr_fd+0x844/0xae0
[  428.936632]  lo_ioctl+0x8d0/0x1c70
[  428.940319]  ? __check_object_size+0x12a/0x2ab
[  428.944913]  ? loop_probe+0x160/0x160
[  428.948704]  blkdev_ioctl+0x983/0x1880
[  428.952660]  ? blkpg_ioctl+0x980/0x980
[  428.956551]  ? lock_downgrade+0x6e0/0x6e0
[  428.960760]  ? __might_sleep+0x93/0xb0
[  428.964645]  ? __fget+0x210/0x370
[  428.968094]  block_ioctl+0xde/0x120
[  428.971794]  ? blkdev_fallocate+0x3b0/0x3b0
[  428.976171]  do_vfs_ioctl+0x7b9/0x1070
[  428.980140]  ? selinux_file_mprotect+0x5d0/0x5d0
[  428.984894]  ? lock_downgrade+0x6e0/0x6e0
[  428.989027]  ? ioctl_preallocate+0x1c0/0x1c0
[  428.993508]  ? __fget+0x237/0x370
[  428.997090]  ? security_file_ioctl+0x8f/0xc0
[  429.001571]  SyS_ioctl+0x8f/0xc0
[  429.004985]  ? do_vfs_ioctl+0x1070/0x1070
[  429.009132]  do_syscall_64+0x1eb/0x630
[  429.013091]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.017980]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.023331] RIP: 0033:0x458c07
[  429.026526] RSP: 002b:00007f975c5539f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  429.034354] RAX: ffffffffffffffda RBX: 00007f975c5546d4 RCX: 0000000000458c07
[  429.041673] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000004
[  429.048949] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000c
[  429.056288] R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000003
[  429.063604] R13: 0000000000000000 R14: 0000000000000004 R15: 0000000000000004
[  429.070963] INFO: task blkid:8495 blocked for more than 140 seconds.
[  429.077455]       Not tainted 4.14.113 #3
[  429.081645] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.089796] blkid           D28512  8495   7032 0x00000004
[  429.095514] Call Trace:
[  429.098110]  __schedule+0x7be/0x1cf0
[  429.101875]  ? __mutex_lock+0x737/0x1470
[  429.105934]  ? pci_mmcfg_check_reserved+0x150/0x150
[  429.111487]  schedule+0x92/0x1c0
[  429.114846]  schedule_preempt_disabled+0x13/0x20
[  429.119595]  __mutex_lock+0x73c/0x1470
[  429.123565]  ? lo_release+0x1e/0x1b0
[  429.127290]  ? mutex_trylock+0x1c0/0x1c0
[  429.131416]  ? blkdev_put+0x7b/0x510
[  429.135205]  ? blkdev_put+0x7b/0x510
[  429.138908]  ? loop_clr_fd+0xae0/0xae0
[  429.142938]  mutex_lock_nested+0x16/0x20
[  429.147003]  ? mutex_lock_nested+0x16/0x20
[  429.151301]  lo_release+0x1e/0x1b0
[  429.154850]  ? loop_clr_fd+0xae0/0xae0
[  429.158721]  __blkdev_put+0x436/0x7f0
[  429.162595]  ? bd_set_size+0xb0/0xb0
[  429.166382]  ? wait_for_completion+0x420/0x420
[  429.171026]  blkdev_put+0x88/0x510
[  429.174599]  ? fcntl_setlk+0xb90/0xb90
[  429.178470]  ? blkdev_put+0x510/0x510
[  429.182355]  blkdev_close+0x8b/0xb0
[  429.185986]  __fput+0x277/0x7a0
[  429.189260]  ____fput+0x16/0x20
[  429.192597]  task_work_run+0x119/0x190
[  429.196491]  exit_to_usermode_loop+0x1da/0x220
[  429.201143]  do_syscall_64+0x4a9/0x630
[  429.205032]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.210138]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.215335] RIP: 0033:0x7fbc7e9382b0
[  429.219288] RSP: 002b:00007ffd055ad058 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  429.227108] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fbc7e9382b0
[  429.234474] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  429.241786] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[  429.249048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001796030
[  429.256357] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000005
[  429.263675] INFO: task syz-executor.4:8505 blocked for more than 140 seconds.
[  429.271288]       Not tainted 4.14.113 #3
[  429.275431] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.283422] syz-executor.4  D28256  8505   7070 0x00000004
[  429.295251] Call Trace:
[  429.297835]  __schedule+0x7be/0x1cf0
[  429.301570]  ? __mutex_lock+0x737/0x1470
[  429.305628]  ? pci_mmcfg_check_reserved+0x150/0x150
[  429.310705]  schedule+0x92/0x1c0
[  429.314469]  schedule_preempt_disabled+0x13/0x20
[  429.319203]  __mutex_lock+0x73c/0x1470
[  429.323141]  ? lo_ioctl+0x87/0x1c70
[  429.326770]  ? lock_downgrade+0x6d0/0x6e0
[  429.330965]  ? mutex_trylock+0x1c0/0x1c0
[  429.335224]  ? avc_has_extended_perms+0x8ec/0xe40
[  429.340117]  ? is_bpf_text_address+0xa6/0x120
[  429.344614]  ? kernel_text_address+0x73/0xf0
[  429.349011]  ? __unwind_start+0x1f6/0x3d0
[  429.353214]  ? avc_ss_reset+0x110/0x110
[  429.357194]  mutex_lock_nested+0x16/0x20
[  429.361277]  ? mutex_lock_nested+0x16/0x20
[  429.365511]  lo_ioctl+0x87/0x1c70
[  429.369011]  ? retint_kernel+0x2d/0x2d
[  429.372958]  ? loop_probe+0x160/0x160
[  429.376829]  blkdev_ioctl+0x983/0x1880
[  429.380749]  ? blkpg_ioctl+0x980/0x980
[  429.384701]  ? check_preemption_disabled+0x3c/0x250
[  429.389770]  ? retint_kernel+0x2d/0x2d
[  429.393703]  block_ioctl+0xde/0x120
[  429.397330]  ? blkdev_fallocate+0x3b0/0x3b0
[  429.401676]  do_vfs_ioctl+0x7b9/0x1070
[  429.405572]  ? selinux_file_mprotect+0x5d0/0x5d0
[  429.410373]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  429.415140]  ? ioctl_preallocate+0x1c0/0x1c0
[  429.419532]  ? check_preemption_disabled+0x3c/0x250
[  429.424695]  ? retint_kernel+0x2d/0x2d
[  429.428603]  ? security_file_ioctl+0x8f/0xc0
[  429.433233]  SyS_ioctl+0x8f/0xc0
[  429.436609]  ? do_vfs_ioctl+0x1070/0x1070
[  429.440813]  do_syscall_64+0x1eb/0x630
[  429.444704]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.449599]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.454869] RIP: 0033:0x458c07
[  429.458126] RSP: 002b:00007fb9e23ada88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  429.465908] RAX: ffffffffffffffda RBX: 00007fb9e23adb40 RCX: 0000000000458c07
[  429.473334] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000007
[  429.480676] RBP: 0000000000000000 R08: 00007fb9e23adb40 R09: 00007fb9e23adae0
[  429.488003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  429.495378] R13: 00000000004c7833 R14: 00000000004dd848 R15: 00000000ffffffff
[  429.503399] INFO: task syz-executor.4:8512 blocked for more than 140 seconds.
[  429.510801]       Not tainted 4.14.113 #3
[  429.514957] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.523024] syz-executor.4  D29152  8512   7070 0x00000004
[  429.528865] Call Trace:
[  429.531515]  __schedule+0x7be/0x1cf0
[  429.535233]  ? __mutex_lock+0x737/0x1470
[  429.539293]  ? pci_mmcfg_check_reserved+0x150/0x150
[  429.544421]  schedule+0x92/0x1c0
[  429.547863]  schedule_preempt_disabled+0x13/0x20
[  429.552761]  __mutex_lock+0x73c/0x1470
[  429.556699]  ? lo_open+0x1d/0xb0
[  429.560134]  ? refcount_inc_not_zero+0x50/0xe0
[  429.564736]  ? mutex_trylock+0x1c0/0x1c0
[  429.568866]  ? exact_match+0xd/0x20
[  429.572593]  ? kobj_lookup+0x319/0x410
[  429.576486]  ? loop_unregister_transfer+0x90/0x90
[  429.581390]  mutex_lock_nested+0x16/0x20
[  429.585458]  ? mutex_lock_nested+0x16/0x20
[  429.589681]  lo_open+0x1d/0xb0
[  429.593029]  __blkdev_get+0xab1/0x1120
[  429.596917]  ? __blkdev_put+0x7f0/0x7f0
[  429.600957]  ? bd_acquire+0x178/0x2c0
[  429.604775]  ? find_held_lock+0x35/0x130
[  429.608836]  blkdev_get+0xa8/0x8e0
[  429.612463]  ? bd_may_claim+0xd0/0xd0
[  429.616277]  ? _raw_spin_unlock+0x2d/0x50
[  429.620483]  blkdev_open+0x1d1/0x260
[  429.624214]  ? security_file_open+0x8f/0x1a0
[  429.628655]  do_dentry_open+0x73e/0xeb0
[  429.632697]  ? bd_acquire+0x2c0/0x2c0
[  429.636511]  vfs_open+0x105/0x230
[  429.640146]  path_openat+0x8bd/0x3f70
[  429.643961]  ? trace_hardirqs_on+0x10/0x10
[  429.648255]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  429.653109]  ? find_held_lock+0x35/0x130
[  429.657175]  ? __alloc_fd+0x1d4/0x4a0
[  429.661023]  do_filp_open+0x18e/0x250
[  429.664823]  ? may_open_dev+0xe0/0xe0
[  429.668735]  ? _raw_spin_unlock+0x2d/0x50
[  429.673161]  ? __alloc_fd+0x1d4/0x4a0
[  429.676977]  do_sys_open+0x2c5/0x430
[  429.680740]  ? filp_open+0x70/0x70
[  429.684288]  ? do_sys_ftruncate.constprop.0+0x370/0x490
[  429.689661]  SyS_open+0x2d/0x40
[  429.693041]  ? do_sys_open+0x430/0x430
[  429.696982]  do_syscall_64+0x1eb/0x630
[  429.701036]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.705966]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.711239] RIP: 0033:0x412d31
[  429.714425] RSP: 002b:00007fb9e238ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  429.722225] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412d31
[  429.729565] RDX: 00007fb9e238cb0a RSI: 0000000000000002 RDI: 00007fb9e238cb00
[  429.737024] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a
[  429.744346] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000008
[  429.751683] R13: 00000000004c7975 R14: 00000000004dd9b0 R15: 00000000ffffffff
[  429.758986] INFO: task blkid:8502 blocked for more than 140 seconds.
[  429.765544]       Not tainted 4.14.113 #3
[  429.769784] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.777844] blkid           D28496  8502   7195 0x00000004
[  429.783572] Call Trace:
[  429.786264]  __schedule+0x7be/0x1cf0
[  429.789966]  ? __mutex_lock+0x737/0x1470
[  429.794118]  ? pci_mmcfg_check_reserved+0x150/0x150
[  429.799152]  schedule+0x92/0x1c0
[  429.802579]  schedule_preempt_disabled+0x13/0x20
[  429.807355]  __mutex_lock+0x73c/0x1470
[  429.811315]  ? lo_ioctl+0x87/0x1c70
[  429.814950]  ? lock_downgrade+0x6d0/0x6e0
[  429.819095]  ? mutex_trylock+0x1c0/0x1c0
[  429.823282]  ? avc_has_extended_perms+0x8ec/0xe40
[  429.828250]  ? __might_fault+0x110/0x1d0
[  429.832432]  ? avc_ss_reset+0x110/0x110
[  429.836434]  mutex_lock_nested+0x16/0x20
[  429.840581]  ? mutex_lock_nested+0x16/0x20
[  429.844834]  lo_ioctl+0x87/0x1c70
[  429.848286]  ? loop_probe+0x160/0x160
[  429.852158]  blkdev_ioctl+0x983/0x1880
[  429.856049]  ? blkpg_ioctl+0x980/0x980
[  429.859950]  ? __might_sleep+0x93/0xb0
[  429.863951]  ? save_trace+0x290/0x290
[  429.867791]  block_ioctl+0xde/0x120
[  429.871516]  ? blkdev_fallocate+0x3b0/0x3b0
[  429.875869]  do_vfs_ioctl+0x7b9/0x1070
[  429.879789]  ? selinux_file_mprotect+0x5d0/0x5d0
[  429.884630]  ? ioctl_preallocate+0x1c0/0x1c0
[  429.889048]  ? lock_downgrade+0x6e0/0x6e0
[  429.893281]  ? security_file_ioctl+0x83/0xc0
[  429.897696]  ? security_file_ioctl+0x8f/0xc0
[  429.902190]  SyS_ioctl+0x8f/0xc0
[  429.905558]  ? do_vfs_ioctl+0x1070/0x1070
[  429.909699]  do_syscall_64+0x1eb/0x630
[  429.913645]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.918502]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.923750] RIP: 0033:0x7fc8a67bc347
[  429.927460] RSP: 002b:00007ffea3e2b5d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  429.935298] RAX: ffffffffffffffda RBX: 0000000002312030 RCX: 00007fc8a67bc347
[  429.942612] RDX: 0000000000000000 RSI: 0000000000005331 RDI: 0000000000000003
[  429.949888] RBP: 0000000000000003 R08: 00007fc8a6a6c5a0 R09: 0000000000000008
[  429.957344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  429.964666] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000005
[  429.972021] INFO: task blkid:8507 blocked for more than 140 seconds.
[  429.978515]       Not tainted 4.14.113 #3
[  429.982705] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.990723] blkid           D28512  8507   7278 0x00000004
[  429.996367] Call Trace:
[  429.998952]  __schedule+0x7be/0x1cf0
[  430.002747]  ? __mutex_lock+0x737/0x1470
[  430.006855]  ? pci_mmcfg_check_reserved+0x150/0x150
[  430.011929]  schedule+0x92/0x1c0
[  430.015398]  schedule_preempt_disabled+0x13/0x20
[  430.020221]  __mutex_lock+0x73c/0x1470
[  430.024133]  ? trace_hardirqs_on+0x10/0x10
[  430.028367]  ? lo_release+0x1e/0x1b0
[  430.032165]  ? save_trace+0x280/0x290
[  430.035964]  ? mutex_trylock+0x1c0/0x1c0
[  430.040109]  ? __blkdev_put+0x397/0x7f0
[  430.044101]  ? find_held_lock+0x35/0x130
[  430.048159]  ? __blkdev_put+0x397/0x7f0
[  430.052221]  ? loop_clr_fd+0xae0/0xae0
[  430.056122]  mutex_lock_nested+0x16/0x20
[  430.060278]  ? mutex_lock_nested+0x16/0x20
[  430.064563]  lo_release+0x1e/0x1b0
[  430.068097]  ? loop_clr_fd+0xae0/0xae0
[  430.072161]  __blkdev_put+0x436/0x7f0
[  430.075966]  ? bd_set_size+0xb0/0xb0
[  430.079666]  ? wait_for_completion+0x420/0x420
[  430.084321]  blkdev_put+0x88/0x510
[  430.087866]  ? fcntl_setlk+0xb90/0xb90
[  430.091890]  ? blkdev_put+0x510/0x510
[  430.095699]  blkdev_close+0x8b/0xb0
[  430.099324]  __fput+0x277/0x7a0
[  430.102689]  ____fput+0x16/0x20
[  430.105974]  task_work_run+0x119/0x190
[  430.109853]  exit_to_usermode_loop+0x1da/0x220
[  430.114527]  do_syscall_64+0x4a9/0x630
[  430.118508]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  430.123482]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  430.128721] RIP: 0033:0x7efd8c8882b0
[  430.132482] RSP: 002b:00007ffe51131498 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  430.140251] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007efd8c8882b0
[  430.147543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  430.155035] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[  430.162370] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000155d030
[  430.169729] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000005
[  430.177172] 
[  430.177172] Showing all locks held in the system:
[  430.183614] 1 lock held by khungtaskd/1007:
[  430.188061]  #0:  (tasklist_lock){.+.+}, at: [<ffffffff81486f98>] debug_show_all_locks+0x7f/0x21f
[  430.197227] 2 locks held by getty/7024:
[  430.201334]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.210160]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.219572] 2 locks held by getty/7025:
[  430.223781]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.232541]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.241916] 2 locks held by getty/7026:
[  430.245887]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.254703]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.271377] 2 locks held by getty/7027:
[  430.275336]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.284101]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.293475] 2 locks held by getty/7028:
[  430.297435]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.306205]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.315611] 2 locks held by getty/7029:
[  430.319573]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.328334]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.337887] 2 locks held by getty/7030:
[  430.341939]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.350860]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.360287] 3 locks held by syz-executor.5/7069:
[  430.365138]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a7936>] __blkdev_put+0xa6/0x7f0
[  430.373716]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373b1ee>] lo_release+0x1e/0x1b0
[  430.382247]  #2:  (loop_ctl_mutex#2){+.+.}, at: [<ffffffff8373b254>] lo_release+0x84/0x1b0
[  430.390768] 1 lock held by syz-executor.1/7073:
[  430.395506]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.404281] 1 lock held by syz-executor.0/8494:
[  430.408950]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a91cb>] blkdev_put+0x2b/0x510
[  430.417391] 1 lock held by syz-executor.2/8501:
[  430.422114]  #0:  (loop_ctl_mutex/1){+.+.}, at: [<ffffffff8373cec7>] lo_ioctl+0x87/0x1c70
[  430.430546] 2 locks held by syz-executor.3/8490:
[  430.435309]  #0:  (loop_ctl_mutex/1){+.+.}, at: [<ffffffff8373cec7>] lo_ioctl+0x87/0x1c70
[  430.443702]  #1:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff82caa54f>] blkdev_reread_part+0x1f/0x40
[  430.452732] 2 locks held by blkid/8495:
[  430.456703]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a7936>] __blkdev_put+0xa6/0x7f0
[  430.465299]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373b1ee>] lo_release+0x1e/0x1b0
[  430.473904] 1 lock held by syz-executor.4/8505:
[  430.478629]  #0:  (loop_ctl_mutex/1){+.+.}, at: [<ffffffff8373cec7>] lo_ioctl+0x87/0x1c70
[  430.487044] 2 locks held by syz-executor.4/8512:
[  430.491995]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.500950]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373663d>] lo_open+0x1d/0xb0
[  430.509281] 1 lock held by blkid/8502:
[  430.513233]  #0:  (loop_ctl_mutex/1){+.+.}, at: [<ffffffff8373cec7>] lo_ioctl+0x87/0x1c70
[  430.521712] 2 locks held by blkid/8507:
[  430.525732]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a7936>] __blkdev_put+0xa6/0x7f0
[  430.534537]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373b1ee>] lo_release+0x1e/0x1b0
[  430.543103] 1 lock held by blkid/8515:
[  430.547055]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.556231] 2 locks held by blkid/8516:
[  430.560246]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.568946]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373663d>] lo_open+0x1d/0xb0
[  430.577109] 1 lock held by blkid/8517:
[  430.581105]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.589805] 
[  430.591525] =============================================
[  430.591525] 
[  430.598602] NMI backtrace for cpu 1
[  430.602315] CPU: 1 PID: 1007 Comm: khungtaskd Not tainted 4.14.113 #3
[  430.608891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  430.618240] Call Trace:
[  430.620842]  dump_stack+0x138/0x19c
[  430.624479]  nmi_cpu_backtrace.cold+0x57/0x94
[  430.628987]  ? irq_force_complete_move.cold+0x7d/0x7d
[  430.634189]  nmi_trigger_cpumask_backtrace+0x141/0x189
[  430.639462]  arch_trigger_cpumask_backtrace+0x14/0x20
[  430.644668]  watchdog+0x5e7/0xb90
[  430.648141]  kthread+0x31c/0x430
[  430.651511]  ? hungtask_pm_notify+0x60/0x60
[  430.655819]  ? kthread_create_on_node+0xd0/0xd0
[  430.660572]  ret_from_fork+0x3a/0x50
[  430.664449] Sending NMI from CPU 1 to CPUs 0:
[  430.669322] NMI backtrace for cpu 0
[  430.669326] CPU: 0 PID: 2300 Comm: kworker/u4:5 Not tainted 4.14.113 #3
[  430.669331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  430.669334] Workqueue: bat_events batadv_purge_orig
[  430.669339] task: ffff8880a1abe540 task.stack: ffff8880a1ad0000
[  430.669342] RIP: 0010:__lock_acquire+0x203/0x45e0
[  430.669345] RSP: 0018:ffff8880a1ad7a30 EFLAGS: 00000046
[  430.669350] RAX: ffffffff88d33700 RBX: 0000000000000000 RCX: 0000000000000000
[  430.669354] RDX: 1ffff1100cc5d000 RSI: 0000000000000000 RDI: ffff8880662e8000
[  430.669357] RBP: ffff8880a1ad7bd8 R08: 0000000000000001 R09: 0000000000000000
[  430.669361] R10: 0000000000000000 R11: ffff8880a1abe540 R12: ffff8880662e7ff8
[  430.669364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  430.669368] FS:  0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
[  430.669371] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  430.669375] CR2: 00007fcc6b7f3000 CR3: 00000000a5b13000 CR4: 00000000001406f0
[  430.669378] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  430.669382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  430.669384] Call Trace:
[  430.669386]  ? save_trace+0x290/0x290
[  430.669389]  ? lock_downgrade+0x6e0/0x6e0
[  430.669392]  ? trace_hardirqs_on+0x10/0x10
[  430.669394]  ? trace_hardirqs_on+0x10/0x10
[  430.669397]  ? save_trace+0x290/0x290
[  430.669399]  ? debug_object_deactivate+0x1cc/0x350
[  430.669402]  ? _batadv_purge_orig+0x9cc/0xf70
[  430.669405]  ? find_held_lock+0x35/0x130
[  430.669407]  lock_acquire+0x16f/0x430
[  430.669410]  ? _batadv_purge_orig+0x11e/0xf70
[  430.669412]  _raw_spin_lock_bh+0x33/0x50
[  430.669415]  ? _batadv_purge_orig+0x11e/0xf70
[  430.669418]  _batadv_purge_orig+0x11e/0xf70
[  430.669421]  ? check_preemption_disabled+0x3c/0x250
[  430.669423]  batadv_purge_orig+0x1b/0x70
[  430.669426]  process_one_work+0x868/0x1610
[  430.669429]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[  430.669431]  worker_thread+0x5d9/0x1050
[  430.669433]  kthread+0x31c/0x430
[  430.669436]  ? process_one_work+0x1610/0x1610
[  430.669439]  ? kthread_create_on_node+0xd0/0xd0
[  430.669441]  ret_from_fork+0x3a/0x50
[  430.669443] Code: ff ff ff 48 b8 00 00 00 00 00 fc ff df 41 89 f5 4b 8d 7c ec 08 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 63 2e 00 00 4b 8b 44 ec 08 <48> 85 c0 0f 84 15 ff ff ff f0 ff 80 38 01 00 00 49 8d b3 78 08 
[  430.670641] Kernel panic - not syncing: hung_task: blocked tasks
[  430.903579] CPU: 1 PID: 1007 Comm: khungtaskd Not tainted 4.14.113 #3
[  430.910143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  430.919511] Call Trace:
[  430.922098]  dump_stack+0x138/0x19c
[  430.925727]  panic+0x1f2/0x438
[  430.928905]  ? add_taint.cold+0x16/0x16
[  430.932861]  ? ___preempt_schedule+0x16/0x18
[  430.937258]  watchdog+0x5f8/0xb90
[  430.940703]  kthread+0x31c/0x430
[  430.944054]  ? hungtask_pm_notify+0x60/0x60
[  430.948363]  ? kthread_create_on_node+0xd0/0xd0
[  430.953020]  ret_from_fork+0x3a/0x50
[  430.957813] Kernel Offset: disabled
[  430.961445] Rebooting in 86400 seconds..