[ 31.415380] kauditd_printk_skb: 9 callbacks suppressed [ 31.415388] audit: type=1800 audit(1556167979.716:33): pid=6864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.442653] audit: type=1800 audit(1556167979.716:34): pid=6864 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.737709] random: sshd: uninitialized urandom read (32 bytes read) [ 35.922516] audit: type=1400 audit(1556167984.226:35): avc: denied { map } for pid=7037 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.972687] random: sshd: uninitialized urandom read (32 bytes read) [ 36.662784] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. [ 42.491376] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/25 04:53:11 fuzzer started [ 42.687700] audit: type=1400 audit(1556167990.986:36): avc: denied { map } for pid=7046 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.649190] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/25 04:53:14 dialing manager at 10.128.0.105:35831 2019/04/25 04:53:14 syscalls: 2434 2019/04/25 04:53:14 code coverage: enabled 2019/04/25 04:53:14 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/25 04:53:14 extra coverage: extra coverage is not supported by the kernel 2019/04/25 04:53:14 setuid sandbox: enabled 2019/04/25 04:53:14 namespace sandbox: enabled 2019/04/25 04:53:14 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/25 04:53:14 fault injection: enabled 2019/04/25 04:53:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/25 04:53:14 net packet injection: enabled 2019/04/25 04:53:14 net device setup: enabled [ 46.845351] random: crng init done 04:55:26 executing program 5: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCNXCL(r0, 0x540d) prctl$PR_SET_FPEMU(0xa, 0x1) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000040)={0x8001, 0x87}) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000080)) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x11c, r1, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x69bf65e6}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd8a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NET={0x54, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffffffffff121}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3f}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x81}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xce}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xda6}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000000}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4}, 0x4) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000340)={'filter\x00', 0x0, 0x0, 0x0, [], 0xa, &(0x7f0000000300)=[{}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x118) r2 = request_key(&(0x7f0000000480)='rxrpc\x00', &(0x7f00000004c0)={'syz', 0x2}, &(0x7f0000000500)='TIPCv2\x00', 0xffffffffffffffff) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000540)=""/161) getpeername$packet(r0, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000740)=0x14) getresuid(&(0x7f0000000780)=0x0, &(0x7f00000007c0), &(0x7f0000000800)=0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x11000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000840)=@updsa={0x180, 0x1a, 0x300, 0x70bd2a, 0x25dfdbfb, {{@in=@multicast1, @in=@rand_addr=0x3, 0x4e20, 0x5, 0x4e20, 0xfb87, 0x2, 0x80, 0x20, 0x7f, r3, r4}, {@in=@local, 0x4d4, 0x33}, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, {0x4, 0x1, 0xb3a4, 0x3, 0x3ad8b822, 0x3f, 0x4e2, 0x8}, {0x1000, 0xd62, 0x7ff, 0x10000}, {0x5, 0xffffffffffff7fff, 0x1}, 0x70bd29, 0x0, 0xa, 0x0, 0x4, 0x2}, [@migrate={0x30, 0x11, [{@in6=@mcast1, @in=@multicast1, 0x2b, 0x1, 0x0, 0x0, 0xa, 0xa}]}, @algo_comp={0x58, 0x3, {{'lzs\x00'}, 0x68, "4c378252d74feec8d89e6c86cf"}}, @output_mark={0x8, 0x1d, 0xffffffff}]}, 0x180}, 0x1, 0x0, 0x0, 0x800}, 0x4004) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000a80)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x2080}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x1c, r6, 0x8, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$TIOCSIG(r0, 0x40045436, 0x4) keyctl$assume_authority(0x10, r2) vmsplice(r0, &(0x7f0000000e80)=[{&(0x7f0000000b80)="d726c52bde07a9f03ea61458361e910948245162015939715fa39798cf2f2020a801405aeb002718563e6287329bbf9c6bf40b4001b7daf43d6cd44bd2b44f6a0e17e17b7b9eae287f83ce1d8275d0f3e6edc87c989eab73603d6078d04dea058c744dd01ec2fecbbbb3f2cdd4e5bb064837871d6a076d", 0x77}, {&(0x7f0000000c00)="cfddbeaf5630cb2704e3e39a0e5a2581627ab75cbc93aa5c83090fd269fa83efefd0cc398a9932d50a31c5d8795e88fce9cc49ac51e5ec25c56cf96f58686626f2de872f5e30978d0e849311ab8c8a2f484a454f302ab4729d1e2750918298846f45d8da54807a39c3abfc8cac02bbce63f64f23ef2fe194c93f1d10262f0c02db4e8a5f63c4a39ecd9b7784334fa4acfea879d1f566b0f6cedeb8776c7fb3cb30cf09922385f2291bf4b5280d9ab607e9554c18c90eaa4922a04001b221addb4a954e7f58f6c2219be6e50e9b5c0272c10f799b0d7fe4bcf34a8972761197a0b59ee9eb5e86c840e3acb417d5d78c82bf0a33627de46e3913", 0xf9}, {&(0x7f0000000d00)="d53207c1eeb86245a4cd946c3c613d6a7b2fa9102d0d1a01c00390b0", 0x1c}, {&(0x7f0000000d40)="16c2752e7502defc08ccccec98f434ac2cb5ce8a2f796b91ff5ce5bc088286c75ad6630eb9eddeb09a0b6cc90878e58367a9bf13b105c93f001f03f3ca5f02b2da47b9d8c1b19a21943ef90353de24eedafbc31219d825", 0x57}, {&(0x7f0000000dc0)="333c38c0e2c9176d713fdb237574767f0d75213c09148c33106949ba08ed56747211db703292dd4f3e540cd874787f83dde3910cd6108b63b3ec99c3c0ccde8e48f8221f5b33977650761bffefff0ed878d5d33be506a2873f0566d599e0315f6a6722dc927eb9ac57b0c5d5cb95e612e4a6a9e8d2513362b4b7acf8ebbc7bf4a7aa1aa2e505ed89357b241b8f3a548326e6af94fe715c352c716948205421e10fc1a0ad3e18", 0xa6}], 0x5, 0x0) r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000f00)='/dev/zero\x00', 0x80, 0x0) ioctl$KDGETKEYCODE(r7, 0x4b4c, &(0x7f0000000f40)={0x1f, 0x7}) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000f80)={0x1, 0x2, 0xff}, 0x8) sysfs$1(0x1, &(0x7f0000000fc0)='keyringmd5sumposix_acl_accesskeyring\x00') openat$cgroup_type(r0, &(0x7f0000001000)='cgroup.type\x00', 0x2, 0x0) r8 = syz_open_dev$sndpcmc(&(0x7f0000001040)='/dev/snd/pcmC#D#c\x00', 0x4, 0x8000) sendmsg$nl_xfrm(r7, &(0x7f00000012c0)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001280)={&(0x7f00000010c0)=@newpolicy={0x1a0, 0x13, 0x120, 0x70bd2d, 0x25dfdbfd, {{@in=@multicast2, @in=@multicast1, 0x4e23, 0x0, 0x4e20, 0x3, 0x2, 0x20, 0x20, 0xff, 0x0, r5}, {0x800, 0x6, 0x10000000, 0x1000, 0x4, 0x2, 0x3, 0x2}, {0x3c60, 0x3fffffffc00000, 0x81, 0x2}, 0xfffffffffffffffb, 0x0, 0x1, 0x0, 0x0, 0x3}, [@replay_esn_val={0x28, 0x17, {0x3, 0x70bd27, 0x70bd2c, 0x70bd26, 0x70bd2c, 0x8001, [0x6, 0x7ff, 0x4]}}, @algo_auth_trunc={0xb4, 0x14, {{'sha3-224\x00'}, 0x340, 0x0, "3935c1e0b2624d68210ca7e6f0a9c43a99c19b4ad804595f3563e23d193871c4aa15814abb081aac255fae2c6d7ba4bbf1cae18bcd30e090a583ae5b0759072d332573ab1f129d222b074b3b25674157507ad6602212df8bf8429b1f3779b202a2ad8b2ea49e0e22"}}, @policy_type={0xc, 0x10, {0x1}}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4010) setsockopt$bt_hci_HCI_FILTER(r8, 0x0, 0x2, &(0x7f0000001300)={0x8, 0x3e527f7c, 0x80000000, 0x9}, 0x10) ioctl$BLKRESETZONE(r7, 0x40101283, &(0x7f0000001340)={0x7fff, 0x9}) ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000001380)={0x5, 0x8, 0xcf0, 0x5be, 0xfffffffffffffff9}) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000013c0)) 04:55:26 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001180)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000002c0)=""/172, 0xac}], 0x1}}], 0x1, 0x0, 0x0) 04:55:26 executing program 0: r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000000)="240000002c000900ff03f4f9002104000a04f51108000100020100020800028001000000", 0x24) 04:55:26 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x1) ioctl$int_in(r0, 0x8000008004500f, 0x0) 04:55:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x2000000000000013, &(0x7f00000003c0)) ptrace(0x10, r1) ptrace$getregset(0x18, r1, 0x0, 0x0) 04:55:26 executing program 1: openat$tun(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = syz_open_dev$vcsn(0x0, 0x0, 0x2) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x800005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x0) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r1, &(0x7f0000000080)='cifs.spnego\x00', &(0x7f00000000c0)='trusted\x00') setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000380)=""/210, &(0x7f0000000180)=0xd2) keyctl$restrict_keyring(0x1d, 0x0, &(0x7f0000000200)='trusted\x00', &(0x7f00000002c0)='\xaf\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xdf\xffc\x8a\xb3\x95\xe2\xdc\x1b5%\x9c\xa7\fy\x02\x9b]\x13\x9a\xce\xbeY\xf1\xe4d\xd5\xe3k\xf5A\xe1\x00\x8bE9IO\xba.\xd9\xfd\xa7\x1e\xa6\xe0\xc1\x17\x05\xc4\xb8\x8d\n\x17F\xcd\x83c\x84\x88\x00\xa0\x9a\xe2K\xb0D9\x00\x00\x00\x00\x00\x00\x00\b~\x906!\xfbv\xde\x85Kf\x9b\xee') prctl$PR_GET_TIMERSLACK(0x1e) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) [ 177.739819] audit: type=1400 audit(1556168126.036:37): avc: denied { map } for pid=7046 comm="syz-fuzzer" path="/root/syzkaller-shm740790985" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 177.787048] audit: type=1400 audit(1556168126.086:38): avc: denied { map } for pid=7063 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13792 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 178.310574] IPVS: ftp: loaded support on port[0] = 21 [ 178.607141] IPVS: ftp: loaded support on port[0] = 21 [ 178.657002] chnl_net:caif_netlink_parms(): no params data found [ 178.720843] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.727605] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.734912] device bridge_slave_0 entered promiscuous mode [ 178.742972] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.749533] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.757137] device bridge_slave_1 entered promiscuous mode [ 178.780798] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.790619] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.815434] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.823790] team0: Port device team_slave_0 added [ 178.836539] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.843795] IPVS: ftp: loaded support on port[0] = 21 [ 178.844144] team0: Port device team_slave_1 added [ 178.862014] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.888420] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.982707] device hsr_slave_0 entered promiscuous mode [ 179.020527] device hsr_slave_1 entered promiscuous mode [ 179.070563] chnl_net:caif_netlink_parms(): no params data found [ 179.081095] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 179.096093] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 179.143522] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.150140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.157258] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.163765] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.181874] IPVS: ftp: loaded support on port[0] = 21 [ 179.205023] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.211542] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.218553] device bridge_slave_0 entered promiscuous mode [ 179.226040] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.232983] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.240491] device bridge_slave_1 entered promiscuous mode [ 179.316312] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.342803] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.380998] chnl_net:caif_netlink_parms(): no params data found [ 179.422928] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.431139] team0: Port device team_slave_0 added [ 179.437008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.446635] team0: Port device team_slave_1 added [ 179.452871] IPVS: ftp: loaded support on port[0] = 21 [ 179.465793] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.478664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.573353] device hsr_slave_0 entered promiscuous mode [ 179.610509] device hsr_slave_1 entered promiscuous mode [ 179.672642] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 179.707215] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.714616] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.724203] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 179.735642] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.742382] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.749425] device bridge_slave_0 entered promiscuous mode [ 179.758988] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.765529] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.772840] device bridge_slave_1 entered promiscuous mode [ 179.794768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.855898] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.875353] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.894264] chnl_net:caif_netlink_parms(): no params data found [ 179.903900] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.913545] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 179.925920] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.932625] IPVS: ftp: loaded support on port[0] = 21 [ 179.943910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.953410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.995324] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 180.002900] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.023885] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.031746] team0: Port device team_slave_0 added [ 180.040393] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.047615] team0: Port device team_slave_1 added [ 180.073131] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.079617] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.087049] device bridge_slave_0 entered promiscuous mode [ 180.095080] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.101513] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.108706] device bridge_slave_1 entered promiscuous mode [ 180.129324] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.137147] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.223791] device hsr_slave_0 entered promiscuous mode [ 180.290474] device hsr_slave_1 entered promiscuous mode [ 180.361160] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 180.377209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.387159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.407619] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 180.431208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.440740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.448411] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.454945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.463041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.471107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.478737] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.485182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.496044] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.508471] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.532514] chnl_net:caif_netlink_parms(): no params data found [ 180.565783] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.573619] team0: Port device team_slave_0 added [ 180.579511] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.586958] team0: Port device team_slave_1 added [ 180.593294] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.601751] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.615781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.623963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.632654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.641424] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.649190] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.667061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.680612] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 180.711701] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.724544] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 180.746345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.754948] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.762662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.769581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.776770] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.822362] device hsr_slave_0 entered promiscuous mode [ 180.860659] device hsr_slave_1 entered promiscuous mode [ 180.901683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.908958] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 180.918778] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 180.925370] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.934229] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.941053] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.948117] device bridge_slave_0 entered promiscuous mode [ 180.956017] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.962491] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.969901] device bridge_slave_1 entered promiscuous mode [ 180.976607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.984783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.993130] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 181.002155] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 181.016989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.036419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.045443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.053288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.061578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.069232] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.075692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.083400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.093820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 181.109539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.126973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.136333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.145052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.153454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.161656] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.168989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.192656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.208957] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.225439] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.262377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.277462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.289218] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.299503] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 181.307100] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.324006] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 181.331678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.341532] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.351384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.374154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.382291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.393434] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 181.402798] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 181.417322] chnl_net:caif_netlink_parms(): no params data found [ 181.426307] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.433839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.441281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.448296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.456360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.466886] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 181.473736] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.483785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 181.494942] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.502443] team0: Port device team_slave_0 added [ 181.515528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.525054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.533474] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 181.541275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.550507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 181.559120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 181.570705] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 181.576784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.584310] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.592581] team0: Port device team_slave_1 added [ 181.607520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.615655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.623443] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.629823] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.636909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.644513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.652395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.664678] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.679920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.696429] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.705764] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.726933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.735348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.744600] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.751040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.763057] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 181.774021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.843900] device hsr_slave_0 entered promiscuous mode [ 181.880517] device hsr_slave_1 entered promiscuous mode [ 181.961083] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 181.968241] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 181.982262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.993616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.016327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.024059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.032663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.040806] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.048497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.068899] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.076962] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.085439] device bridge_slave_0 entered promiscuous mode [ 182.093317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.110170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.117716] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.124956] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.132202] device bridge_slave_1 entered promiscuous mode [ 182.143234] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.153298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.161990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.172561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 182.204995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.214193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.224628] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 182.237552] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.257395] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.277371] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.287175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.295726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.307990] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 182.316315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.350905] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.359193] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.368800] team0: Port device team_slave_0 added [ 182.375817] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.384346] team0: Port device team_slave_1 added [ 182.392937] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 182.409117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.422901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.426942] audit: type=1400 audit(1556168130.726:39): avc: denied { create } for pid=7107 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 182.441189] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.465513] audit: type=1400 audit(1556168130.766:40): avc: denied { write } for pid=7107 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 182.474123] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 182.501543] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 04:55:30 executing program 5: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x4c, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00') ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) [ 182.508277] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.517112] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.535628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.543009] audit: type=1400 audit(1556168130.766:41): avc: denied { read } for pid=7107 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 182.557205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.588951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.617335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.626653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.638463] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.645007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.646792] audit: type=1400 audit(1556168130.946:42): avc: denied { map } for pid=7111 comm="syz-executor.5" path="/dev/binder0" dev="devtmpfs" ino=548 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 182.654661] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.687257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.693818] hrtimer: interrupt took 46151 ns [ 182.703520] binder: 7111:7119 ioctl c018620b 0 returned -14 [ 182.715501] audit: type=1400 audit(1556168131.016:43): avc: denied { set_context_mgr } for pid=7111 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 182.738688] binder: 7111:7114 BC_ACQUIRE_DONE u0000000000000000 node 3 cookie mismatch 0000000000000048 != 0000000000000000 [ 182.740310] audit: type=1400 audit(1556168131.016:44): avc: denied { call } for pid=7111 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 182.773408] audit: type=1400 audit(1556168131.026:45): avc: denied { transfer } for pid=7111 comm="/group.stat" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 182.802346] device hsr_slave_0 entered promiscuous mode [ 182.850915] device hsr_slave_1 entered promiscuous mode [ 182.890707] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 182.897974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.905526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.913429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.921765] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.928223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.937476] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 182.952405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.969585] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 182.977363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.986101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.993547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.005085] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.019586] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.042960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready 04:55:31 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070") r1 = socket(0x20000000000000a, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000dbb000), &(0x7f0000329000)=0x4) [ 183.055814] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.064039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.085537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.095004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 04:55:31 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x80005, 0x0) r1 = socket$unix(0x1, 0x1000000005, 0x0) bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8) listen(r1, 0x0) connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) r2 = dup2(r0, r1) sendto$inet6(r2, 0x0, 0xfffffffffffffd28, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000000), 0x2d4e6c0a512f87d, 0x0, 0x0) [ 183.103513] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.109915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.117917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.127167] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.138749] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.164275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.191254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.199419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.213331] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.219808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.229758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.244004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 04:55:31 executing program 0: mkdir(&(0x7f0000000380)='./file0\x00', 0x0) mount$9p_xen(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, 0x0) [ 183.272943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.282877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 04:55:31 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070") r1 = socket(0x20000000000000a, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000dbb000), &(0x7f0000329000)=0x4) 04:55:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x1) ioctl$int_in(r1, 0x80000080045017, 0x0) [ 183.319023] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.334639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.352269] binder: 7111:7119 ioctl c018620b 0 returned -14 [ 183.356106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.387209] binder: 7111:7141 BC_ACQUIRE_DONE u0000000000000000 node 6 cookie mismatch 0000000000000048 != 0000000000000000 [ 183.389589] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.417450] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.429727] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready 04:55:31 executing program 5: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x4c, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00') ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) [ 183.449895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.459850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.481516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.502223] binder: send failed reply for transaction 2 to 7111:7114 [ 183.508966] binder: send failed reply for transaction 5 to 7111:7141 [ 183.516563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.519239] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.535866] binder: undelivered TRANSACTION_ERROR: 29189 [ 183.542406] binder: undelivered TRANSACTION_ERROR: 29189 [ 183.557433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 183.563529] binder: 7151:7153 ioctl c018620b 0 returned -14 [ 183.566148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.586326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.603026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.609777] binder: 7151:7153 BC_ACQUIRE_DONE u0000000000000000 node 10 cookie mismatch 0000000000000048 != 0000000000000000 [ 183.612038] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.629620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.637396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.645818] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.657146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 183.669313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.677922] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.688906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 183.702477] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 183.708618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.716748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.725841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.736696] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 183.743718] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.768443] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 183.783587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.791019] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 183.802891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.814958] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.826190] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.837719] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.845452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.853950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.865057] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.871591] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.887060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.894793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.904263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.912521] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.918962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.927004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.937824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.947371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.956425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.964707] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.971175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.981197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.991631] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.999157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.013107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.041135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.052494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.060995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.069207] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.077417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.086803] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.126071] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.146147] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 184.156103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.164413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.174526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 184.183503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.191657] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.201500] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 184.207614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.235801] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 04:55:32 executing program 2: openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000500)='nbd\x00') perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000001780)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="28000000000000002900000002000000fe8000000000000000000000a40a00000000080000000000"], 0x28}, 0x0) 04:55:32 executing program 0: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x4c, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00') ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) 04:55:32 executing program 4: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fallocate(r0, 0x10, 0x0, 0x3f) lseek(r0, 0x0, 0x3) 04:55:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) r1 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0x5382, 0x0) [ 184.256085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.286318] binder: release 7151:7153 transaction 9 out, still active [ 184.337371] binder: send failed reply for transaction 9, target dead [ 184.366851] binder: 7182:7188 ioctl c018620b 0 returned -14 [ 184.399965] binder: 7182:7188 BC_ACQUIRE_DONE u0000000000000000 node 14 cookie mismatch 0000000000000048 != 0000000000000000 [ 185.103817] binder: release 7182:7188 transaction 13 out, still active [ 185.117420] binder: send failed reply for transaction 13, target dead 04:55:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) r1 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0x227e, 0x0) 04:55:33 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x2000000000000013, &(0x7f00000003c0)) ptrace(0x10, r0) ptrace$getregset(0x2, r0, 0xffffffffff5ffffe, 0x0) 04:55:33 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0xfb, &(0x7f00000003c0)=""/251, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10) 04:55:33 executing program 3: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) write$P9_RXATTRWALK(r0, &(0x7f0000000040)={0xf}, 0xf) lseek(r0, 0x0, 0x3) 04:55:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070") r1 = socket(0x20000000000000a, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000dbb000), &(0x7f0000329000)=0x4) 04:55:33 executing program 0: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x4c, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00') ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) 04:55:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) r1 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0x2282, 0x0) 04:55:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070") r1 = socket(0x20000000000000a, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000dbb000), &(0x7f0000329000)=0x4) 04:55:33 executing program 2: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) lseek(r0, 0x800000000003, 0x0) 04:55:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070") r1 = socket(0x20000000000000a, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x8, &(0x7f0000dbb000), &(0x7f0000329000)=0x4) [ 185.627617] binder: 7212:7216 ioctl c018620b 0 returned -14 [ 185.655933] binder: 7212:7216 BC_ACQUIRE_DONE u0000000000000000 node 18 cookie mismatch 0000000000000048 != 0000000000000000 04:55:34 executing program 4: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) 04:55:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) r1 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0x2289, 0x0) 04:55:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) r2 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$binfmt_elf64(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="65f336224bdd3b533505b3540906a7"], 0xf) sendfile(r2, r2, &(0x7f00000001c0), 0xa198) [ 185.864791] binder: 7241:7251 ioctl c018620b 0 returned -14 [ 185.888436] binder: BINDER_SET_CONTEXT_MGR already set [ 185.897527] binder: 7241:7242 ioctl 40046207 0 returned -16 [ 185.913235] binder: 7241:7242 BC_ACQUIRE_DONE u0000000000000000 node 21 cookie mismatch 0000000000000048 != 0000000000000000 04:55:34 executing program 5: 04:55:34 executing program 1: 04:55:34 executing program 2: 04:55:34 executing program 3: 04:55:34 executing program 0: 04:55:34 executing program 4: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) [ 186.367439] binder: send failed reply for transaction 17 to 7212:7216 [ 186.375459] binder: send failed reply for transaction 20 to 7241:7242 [ 186.385713] binder: 7241:7242 ioctl c018620b 0 returned -14 [ 186.391768] binder: undelivered TRANSACTION_ERROR: 29189 [ 186.403090] binder: 7241:7242 transaction failed 29189/-22, size 24-8 line 2802 04:55:34 executing program 0: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) 04:55:34 executing program 3: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) 04:55:34 executing program 1: 04:55:34 executing program 2: 04:55:34 executing program 5: [ 186.542821] binder: 7264:7268 ioctl c018620b 0 returned -14 [ 186.575015] binder: 7270:7272 ioctl c018620b 0 returned -14 04:55:34 executing program 1: 04:55:34 executing program 2: [ 186.592977] binder: 7271:7275 ioctl c018620b 0 returned -14 [ 186.603185] binder: 7264:7281 BC_ACQUIRE_DONE u0000000000000000 node 27 cookie mismatch 0000000000000048 != 0000000000000000 [ 186.632069] binder: BINDER_SET_CONTEXT_MGR already set 04:55:34 executing program 5: [ 186.646589] binder: BINDER_SET_CONTEXT_MGR already set [ 186.654524] binder: 7270:7272 ioctl 40046207 0 returned -16 [ 186.662105] binder: 7271:7275 ioctl 40046207 0 returned -16 [ 186.685757] binder: 7270:7282 BC_ACQUIRE_DONE u0000000000000000 node 30 cookie mismatch 0000000000000048 != 0000000000000000 04:55:35 executing program 1: 04:55:35 executing program 5: 04:55:35 executing program 2: [ 186.698801] binder: 7271:7287 BC_ACQUIRE_DONE u0000000000000000 node 33 cookie mismatch 0000000000000048 != 0000000000000000 04:55:35 executing program 4: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) 04:55:35 executing program 0: 04:55:35 executing program 3: 04:55:35 executing program 5: 04:55:35 executing program 1: 04:55:35 executing program 2: [ 187.263972] binder: release 7264:7281 transaction 26 out, still active [ 187.277380] binder: send failed reply for transaction 26, target dead [ 187.288357] binder: send failed reply for transaction 29 to 7270:7282 [ 187.300157] binder: send failed reply for transaction 32 to 7271:7287 04:55:35 executing program 2: 04:55:35 executing program 5: 04:55:35 executing program 1: [ 187.374632] binder: 7299:7300 ioctl c018620b 0 returned -14 04:55:35 executing program 3: 04:55:35 executing program 0: 04:55:35 executing program 5: [ 187.456906] binder: 7299:7300 BC_ACQUIRE_DONE u0000000000000000 node 37 cookie mismatch 0000000000000048 != 0000000000000000 04:55:36 executing program 4: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x56, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3d9f6d958dd03695246acccffd5f34fb78adb0f0810a165"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000001000/0x1000)=nil, 0x1000}, &(0x7f0000000480)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done={0x40106309, 0x0, 0x48}], 0xfffffffffffffeb3, 0x60, &(0x7f00000007c0)}) 04:55:36 executing program 2: 04:55:36 executing program 1: 04:55:36 executing program 0: 04:55:36 executing program 3: 04:55:36 executing program 5: mkdir(&(0x7f0000027000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) open$dir(&(0x7f0000000000)='./file0/bus\x00', 0x88040, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') [ 188.124436] binder: release 7299:7300 transaction 36 out, still active [ 188.136210] binder: send failed reply for transaction 36, target dead 04:55:36 executing program 3: syz_open_dev$dmmidi(0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x100000000000010b) 04:55:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x80005, 0x0) ioctl$SIOCSIFMTU(r0, 0x89a0, &(0x7f00000000c0)={'team0\x00', 0x892}) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0) 04:55:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) r1 = syz_open_dev$sg(0x0, 0x0, 0x0) poll(&(0x7f00000016c0)=[{r1}], 0x1, 0x6d) [ 188.182685] audit: type=1804 audit(1556168136.486:46): pid=7329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir138794837/syzkaller.A0mSBF/11/file0/bus" dev="ramfs" ino=27080 res=1 04:55:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ppoll(&(0x7f0000000100)=[{r1}], 0x1, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000300)) 04:55:36 executing program 5: mknod(&(0x7f0000000100)='./bus\x00', 0x3a0914c44f7b802c, 0x1b00) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x400000003fd, 0x0) pwritev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)="8150372e", 0x4}], 0x1, 0x0) [ 188.241819] binder: 7330:7331 ioctl c018620b 0 returned -14 [ 188.262743] binder: 7330:7331 BC_ACQUIRE_DONE u0000000000000000 node 41 cookie mismatch 0000000000000048 != 0000000000000000 04:55:36 executing program 0: add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000340)='@', 0x1, 0xfffffffffffffffb) 04:55:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x2000021c) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, 0x0, 0x0) r3 = dup2(r0, r1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) 04:55:37 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETX(0xffffffffffffffff, 0x5433, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$P9_ROPEN(r0, &(0x7f0000000080)={0x18}, 0x18) 04:55:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f00000002c0)={0x0, {{0x2, 0x0, @multicast1}}}, 0x108) 04:55:37 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:37 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) fcntl$dupfd(r0, 0x11, r0) [ 188.996725] binder: send failed reply for transaction 40 to 7330:7331 [ 189.008933] binder: undelivered TRANSACTION_ERROR: 29189 04:55:37 executing program 0: shmget(0x1, 0x1000, 0x0, &(0x7f0000a86000/0x1000)=nil) 04:55:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000300)) 04:55:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x80005, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'team0\x00', 0x892}) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) openat$sequencer(0xffffffffffffff9c, 0x0, 0x20000, 0x0) 04:55:37 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000900)='proc\x00P\xacT@\xd8\x88,\x81\xa4\xf2\xc2;\xf8tRr1c\xe9@\x10\x8b_\xe7\x97\xbdN\xd8\xa2/\x80\x016\x02\xdf#\xcd\v\x86u\xf90\xda\xf1\xbe\xb2\xf6N\xf7\x960\xe3L\xc9iv\xcb\xcc\xe1Ko[qU0\xa4\x05v\xea<\xa1\x1d&\xd6g\xc4P2\xfbx\xd2\xba\xc0', 0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xfffff, 0x0) r0 = creat(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) lseek(r0, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x6) pipe2(0x0, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) sched_setaffinity(0x0, 0x6, &(0x7f00000003c0)=0x9) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) recvmmsg(r1, &(0x7f0000001380), 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) sendmsg(r1, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8800, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000440)=""/29, 0x3fa) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = add_key$user(0x0, &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$update(0x2, r2, &(0x7f00000002c0)="0400b908ac95fcc6b7a1e043af9d107037b455def2abd3095154681a6beb848b7d1891e00810512e3805ba652b4dfa196a3e7c15cf1608de7374a6c7a16b049c6316c29bc436292663f7de9312232f26acbef13c5fd454fc2ad3ba503e226d298bbd6204914574c269f487a2faf7d32a8d5e7586ebe48dac31975b1647b0e0c0442678f7dc78102fba6480b0c8645afbf24abfc615c4af1cfaf0a8b25167a726ab1a1f908a4f09df3ad6db531e209910b10fc156a8231e90448fc7eeab15f4657210731138f8bf641f555a6c23a74185f127c6e5f9f1d8d1", 0xd8) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$instantiate_iov(0x14, r2, &(0x7f0000000240), 0x0, 0x0) 04:55:37 executing program 0: gettid() timer_create(0x8000000009, 0x0, &(0x7f0000000200)) timer_settime(0x0, 0xfffffffffffffffe, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0xe4c}}, 0x0) 04:55:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x80005, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'team0\x00', 0x892}) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) openat$sequencer(0xffffffffffffff9c, 0x0, 0x20000, 0x0) [ 189.254184] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 04:55:37 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x2000021c) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, 0x0, 0x0) r3 = dup2(r0, r1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) [ 189.297935] audit: type=1400 audit(1556168137.596:47): avc: denied { wake_alarm } for pid=7397 comm="syz-executor.0" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 189.307879] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.443109] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.455916] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.468573] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.479256] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.495448] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.505522] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.526228] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.539099] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 04:55:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = syz_open_dev$sndtimer(&(0x7f0000000180)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, 0x0) 04:55:38 executing program 3: mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000001400)='/dev/loop#\x00', 0x0, 0x40000100083) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:55:38 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000900)='proc\x00P\xacT@\xd8\x88,\x81\xa4\xf2\xc2;\xf8tRr1c\xe9@\x10\x8b_\xe7\x97\xbdN\xd8\xa2/\x80\x016\x02\xdf#\xcd\v\x86u\xf90\xda\xf1\xbe\xb2\xf6N\xf7\x960\xe3L\xc9iv\xcb\xcc\xe1Ko[qU0\xa4\x05v\xea<\xa1\x1d&\xd6g\xc4P2\xfbx\xd2\xba\xc0', 0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xfffff, 0x0) r0 = creat(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) lseek(r0, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x6) pipe2(0x0, 0x0) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) sched_setaffinity(0x0, 0x6, &(0x7f00000003c0)=0x9) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) recvmmsg(r1, &(0x7f0000001380), 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) sendmsg(r1, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8800, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000440)=""/29, 0x3fa) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = add_key$user(0x0, &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$update(0x2, r2, &(0x7f00000002c0)="0400b908ac95fcc6b7a1e043af9d107037b455def2abd3095154681a6beb848b7d1891e00810512e3805ba652b4dfa196a3e7c15cf1608de7374a6c7a16b049c6316c29bc436292663f7de9312232f26acbef13c5fd454fc2ad3ba503e226d298bbd6204914574c269f487a2faf7d32a8d5e7586ebe48dac31975b1647b0e0c0442678f7dc78102fba6480b0c8645afbf24abfc615c4af1cfaf0a8b25167a726ab1a1f908a4f09df3ad6db531e209910b10fc156a8231e90448fc7eeab15f4657210731138f8bf641f555a6c23a74185f127c6e5f9f1d8d1", 0xd8) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$instantiate_iov(0x14, r2, &(0x7f0000000240), 0x0, 0x0) 04:55:38 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:38 executing program 4: syz_open_dev$dmmidi(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0) writev(r2, &(0x7f0000000700), 0x100000000000010b) [ 189.976039] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 04:55:38 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) close(r1) openat$cgroup_ro(r0, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) readv(r1, &(0x7f00000002c0), 0x10000000000002f3) 04:55:38 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000002c0)={0x0, {{0x2, 0x0, @multicast1}}}, 0x108) 04:55:38 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ppoll(&(0x7f0000000100)=[{r1}, {r0}], 0x2, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000300)) 04:55:38 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000000)=0x1, 0x4) sendmmsg(r0, &(0x7f0000001980)=[{{&(0x7f00000008c0)=@nfc={0x27, 0x1}, 0x80, 0x0}}], 0x1, 0x0) 04:55:38 executing program 0: rt_sigprocmask(0x0, &(0x7f0000039ff8)={0xfffffffffffffffa}, 0x0, 0x8) r0 = gettid() timer_create(0x8000000009, &(0x7f00000001c0)={0x0, 0x3e, 0x4, @tid=r0}, &(0x7f0000000200)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) 04:55:38 executing program 3: r0 = socket$inet6(0x18, 0x2, 0x0) r1 = dup2(r0, r0) sendmsg$unix(r1, &(0x7f0000001700)={&(0x7f0000000300)=ANY=[@ANYBLOB="fb182e696c653000"], 0x1, 0x0}, 0x0) 04:55:38 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 04:55:38 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 04:55:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200001e4) r2 = memfd_create(&(0x7f0000000180)='dev ', 0x3) write(r2, &(0x7f00000011c0)="16", 0x1) sendfile(r1, r2, &(0x7f0000000000), 0xffff) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$addseals(r2, 0x409, 0x8) readv(r1, &(0x7f00000002c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1) 04:55:38 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200001e4) r2 = memfd_create(&(0x7f0000000180)='dev ', 0x3) write(r2, &(0x7f00000011c0)="16", 0x1) sendfile(r1, r2, &(0x7f0000000000), 0xffff) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000080)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c4c1585e5c2b71660f3a426306f5") fcntl$addseals(r2, 0x409, 0x8) readv(r1, &(0x7f00000002c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1) 04:55:39 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:39 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, "47951cec2e06d296031b913adab81d0ca2d6f770b895513fbaf7e0c87ded59090afdb6ad3cbf604a59d12a2678864c48100ed0d6a97612d549a5a0c5e7694190", "7f4e120aa2ba61ef7258649c631a31485e15a22d35c2edafd3ff6eda9066d9bc13c7eaed6e7dbd089d0dd73dbc87c54c957bd4de27b3525c7ba757f2349fc8fe", "b4a7738dfa449b037e1f16b5278d94d5f661f4e91a3112b53052e3e54ae60e5a"}) 04:55:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x2000021c) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, 0x0, 0x0) r3 = dup2(r0, r1) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 04:55:39 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT(r1, 0xae78, 0x0) 04:55:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT(r1, 0x4008ae48, &(0x7f00000023c0)) 04:55:39 executing program 1: r0 = socket(0xa, 0x80005, 0x0) sysinfo(&(0x7f0000000100)=""/68) setsockopt$TIPC_CONN_TIMEOUT(0xffffffffffffffff, 0x10f, 0x82, 0x0, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'team0\x00', 0x892}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000003000/0x4000)=nil, 0x3) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000040)={'team0\x00`\xff\xff\xfd\x00 `\x00L\x00', 0x4ff}) 04:55:39 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x80005, 0x0) ioctl$SIOCSIFMTU(r0, 0x894c, &(0x7f00000000c0)={'team0\x00', 0x892}) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0) 04:55:39 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[], 0x0) r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0) r2 = creat(0x0, 0x98) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000), 0x2) write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x1) r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x100, r4, 0x200, 0x70bd26, 0x0, {}, [@TIPC_NLA_BEARER={0x38, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x100}}, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 04:55:39 executing program 4: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x2000000088) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x10) recvmmsg(r0, &(0x7f0000000180), 0x400000000000370, 0x6, &(0x7f0000000100)={0x77359400}) 04:55:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") shmat(0x0, &(0x7f0000ffa000/0x4000)=nil, 0x0) 04:55:42 executing program 3: 04:55:42 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x6c, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7, 0x60}}], 0x48}, 0x0) 04:55:42 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[], 0x0) r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0) r2 = creat(0x0, 0x98) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000), 0x2) write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x1) r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x100, r4, 0x200, 0x70bd26, 0x0, {}, [@TIPC_NLA_BEARER={0x38, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x100}}, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 04:55:42 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[], 0x0) r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0) r2 = creat(0x0, 0x98) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000), 0x2) write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x1) r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x100, r4, 0x200, 0x70bd26, 0x0, {}, [@TIPC_NLA_BEARER={0x38, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x100}}, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 04:55:42 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT(r1, 0x4010ae42, &(0x7f0000000340)) 04:55:42 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x80040084149, &(0x7f0000000040)='T') 04:55:43 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x20000000000031, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000100)={{}, 'port0\x00'}) 04:55:43 executing program 4: syz_execute_func(&(0x7f0000000100)="410f01f964ff0941c34b0fae6650c4e2c99758423e46d87312c461c5ddf13e0f1110c442019dcc6f") clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x9e89) clone(0x1fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0xfdf2) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000140), 0x4) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, 0x0) [ 194.668745] rdma_op ffff88805e7195d8 conn xmit_rdma (null) 04:55:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") prctl$PR_SET_TSC(0x1a, 0x2) 04:55:43 executing program 4: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c65, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6, @broadcast}, 0x10) r2 = dup2(r1, r0) setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000100)={0x0, 0x1, 0x6, @link_local}, 0x10) 04:55:43 executing program 3: 04:55:43 executing program 0: 04:55:43 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:43 executing program 2: 04:55:43 executing program 1: 04:55:43 executing program 3: 04:55:43 executing program 0: 04:55:43 executing program 4: 04:55:43 executing program 2: 04:55:43 executing program 1: 04:55:43 executing program 4: 04:55:43 executing program 0: 04:55:43 executing program 4: 04:55:43 executing program 3: 04:55:44 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:44 executing program 2: 04:55:44 executing program 1: 04:55:44 executing program 3: 04:55:44 executing program 0: 04:55:44 executing program 4: 04:55:44 executing program 2: 04:55:44 executing program 3: 04:55:44 executing program 4: 04:55:44 executing program 2: 04:55:44 executing program 3: 04:55:44 executing program 0: 04:55:45 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:45 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f319bd070") r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video35\x00', 0x2, 0x0) dup2(r0, r2) 04:55:45 executing program 0: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x2b) connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @local}}, 0x1e) 04:55:45 executing program 3: mknod(&(0x7f0000000040)='./bus\x00', 0x8000, 0x4500) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x40045720, &(0x7f0000000180)) 04:55:45 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x508, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000080), 0x270, 0x4008000, 0x0, 0x0) 04:55:45 executing program 4: syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700), 0x100000000000010b) 04:55:45 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000240000003c00000009000000"], 0x0, 0x18, 0x0, 0x1}, 0x20) 04:55:45 executing program 3: mknod(&(0x7f0000000040)='./bus\x00', 0x8000, 0x4500) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x40045720, &(0x7f0000000180)) 04:55:45 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {}, {0x2, 0x0, @remote}, {0x2, 0x0, @broadcast}, 0x2a8}) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000180)={0x0, {}, {0x2, 0x0, @local}, {0x2, 0x0, @broadcast}, 0xab042fbbe6fbd72e, 0x0, 0x0, 0x0, 0x4}) 04:55:45 executing program 2: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dc86055e0bceec7be070") mmap(&(0x7f0000004000/0x4000)=nil, 0xa07000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(0x0, 0x0, 0x80080000004a0a) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x0, 0x800}) 04:55:45 executing program 0: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dc86055e0bceec7be070") r1 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKZEROOUT(r1, 0x402812f6, &(0x7f0000000000)) 04:55:45 executing program 4: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3) recvmmsg(r0, &(0x7f0000000200), 0x2ab, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040), 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) 04:55:46 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) socket$inet(0x2, 0x0, 0x1000) 04:55:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x2000000000000013, &(0x7f00000003c0)) ptrace(0x10, r1) ptrace$getregset(0x11, r1, 0xffffffffff600000, 0x0) 04:55:46 executing program 0: syz_open_dev$admmidi(0x0, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e20, @multicast1}, 0x10) r1 = syz_open_dev$sndpcmc(0x0, 0x8, 0x400) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008800, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000180)="4e9e1562147aab77cf5b1f5ac4bbddf3a1b17bfaae9d994913c869d8ee8f980aa5a5235655efc8422eedd5e7c53a51dffa6c4642e0e50f330037cb64b98eb991b2b33bcca6", 0x45, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x114}}], 0xaf7, 0x2, 0x0) 04:55:46 executing program 2: munmap(&(0x7f000001c000/0x3000)=nil, 0x3000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) syz_open_pts(r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 04:55:46 executing program 4: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000900)=[@register_looper], 0x3f, 0x0, &(0x7f0000000840)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae4201ca1ee9c2231708e18a47bc68a2a79a0b4a531f6ff6d3095bbabd89d9f9a38c3"}) prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='/group.stat\x00') ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x60, &(0x7f00000007c0)}) [ 198.060641] binder: 7706:7711 transaction failed 29189/-22, size 24-8 line 2802 [ 198.097743] binder: undelivered TRANSACTION_ERROR: 29189 [ 198.123559] binder: 7706:7711 transaction failed 29189/-22, size 24-8 line 2802 [ 198.136350] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 198.154822] binder: undelivered TRANSACTION_ERROR: 29189 04:55:46 executing program 4: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3) bind$inet6(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000200), 0x2ab, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x6, 0x101000) connect$inet6(r0, &(0x7f0000000040), 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) [ 198.168526] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 198.200777] loop3: p1 p2 p3 p4 04:55:46 executing program 0: syz_open_dev$admmidi(0x0, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e20, @multicast1}, 0x10) r1 = syz_open_dev$sndpcmc(0x0, 0x8, 0x400) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008800, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000180)="4e9e1562147aab77cf5b1f5ac4bbddf3a1b17bfaae9d994913c869d8ee8f980aa5a5235655efc8422eedd5e7c53a51dffa6c4642e0e50f330037cb64b98eb991b2b33bcca6", 0x45, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x114}}], 0xaf7, 0x2, 0x0) 04:55:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) socket$inet(0x2, 0x0, 0x1000) [ 198.612544] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 198.631417] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 198.644664] loop3: p1 p2 p3 p4 04:55:47 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:47 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @rand_addr=0x5}, 0x10) [ 198.907075] RDS: rds_bind could not find a transport for 0.0.0.5, load rds_tcp or rds_rdma? 04:55:47 executing program 2: seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0xfffffffffffffffd}]}) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x0, 0x0) read$rfkill(r0, 0x0, 0x0) 04:55:47 executing program 1: syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000300), 0x9eef) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000380), 0x10076) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)) 04:55:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) socket$inet(0x2, 0x0, 0x1000) 04:55:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") semget(0x1, 0x0, 0x0) [ 199.202541] audit: type=1326 audit(1556168147.506:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7761 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000 04:55:47 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=@in={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="20000000000000008400000008000000ff0200000000000000000000000000019f8b9f5b2c241a4ef7fdd7593cdbde1420e7a9340e19d2d8bb7af96ec11007273da0e407cea10e24057a1e634ebe554e488be986"], 0x54, 0x20000000}], 0x1, 0x0) 04:55:47 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c460505ff00008000000000000002003e00050000009f0000000000000040000000000000008302000000000000070000000600380001000000850a87d80700000004000000060000000000000064f4ffffffffffff0000e0000000000003000000000000000000000000000000a00e00000000000039f6a6e3d70f0b1c418a2fab20edc1a9ac78f121ab4a49ac0013180335374db5ac4812d41b110003c9d94eb9d8e7a553df6ee15ab668b31f1975fdad4b6ada275c90badbba081c23f1ab2c6ab7198bb1bdf95279317f4380ee6536b9ce492db7334a208e8c00c603d7af841c98e6f1a6c9ca4b982ccbfe5b4202cf5b8157535509c9afcbf81d23b18a0d0e52fd17bfaf34c0abf4d793092e4d500d1aadd0ebc243817e419fdc4b45488ef031318f8baa232d4cd31e1805c30415d1fd5156d1750b629a58e432e038372efde5d8d8bf3c135e0a135e46ace4b398c0addc4a623674d3efc764d76a0c9ebf5e3e068ed1465e6b5e0e09baf3e5af8b7da9f94ab97c9f37abb65ba8233827f15000992fb62835b5f51a0380b3c0bdeaef353c76969d496dae836b02fe9e8f4162c8d0f22eae39d4d09c72ab126f8c427e7746b96379adde21d9bdc1b4be80d20e9a521732abe1bf4d7e41308b39914a8d893ef7b659ba337ee546413bbaa80d2b27f1c637101ed6949fec617814377d3985cf3128bd9e4ef4d4b8cf39ba7505abe391c020e41ef0b6790b49aab7ff35e77bce1b536c386ef0074f53658c1e818e659ae6f2a8c041b1ce2480ae04fa13a67e6be713f5bc74aac932bbc7e88c1ed73a8b1a4a0f22700a3186bcbcfebd058e84db95b0baecb33f817b821798ae896810e018d6ddd9ada64becbb364e40b9159e38aa7111545387328c9df772540a9257335be3ffc7254c30a2dbaed47b09c0fad4fe79cf24740974a1439e48892301e0719942b4500d2db55264bcec73269ecd53a050dacb3db90a064bcccd3730a4c94d0441b0746677cb7eea45a2e2ec4aa7e4524e6ca288a2258d4c4cccc4c1f5ae7700a163d2ac55293090ee3ccec110615e3e7ce45830abafb0ed6542ed8636116c7585072b7fa9ab3d6cee532f72b2f64d6ce87d74d8cc7082276c9c622ca09f955acc10668ae8218793d453f2553b5cafc79e26f2e0d03dcfea8485b37f303f645d8eddbf080dd694301609eb5b795892de7053d8d13b034fa96d470ccc588c9b9b44e47a97a7171485b065e8bba415e0ccda1a5e58ef452737007edd31ea472dc354953ea027a64a9161fb882507e4ae05d0ef62627d30638214e50379ef99d3933a8c2d2f8767bb4e2851e049d0de2bd3d0b68840d4928cbc705aabd164a55b24e7af45294cc3c5f9307b59b5d99e140681e1e71f1dd374a2236d9433ede4d79a7b832198a2a5a6400d0ab7b3f732250e9dead0802fc02b2e2e7e7e308ae1538dedb6b828cd1e5bc25cf1846cfd7dcbcfee32e64d58676cf22a6f253d0c050e8018ca3cc2570ea10d60fee6f0b6de974bb38744e4702e63c34e7d601d7c2c23e6d8bcfc8780bc9f47febb03ed0500708c1a2c2cb3ddc6a6ceeb8c0f963e0b19b3c38e448f4b464cfa616d7cf44826a7ef087c536b9ff76b7911cee677203efcd3749a5b0f2613c6d63bfb9284af562e41b8110ae96a5961117aed1a5f6092fff814f35f6d9304ec1f80d2eb91fdca2e834e273f6db003ead3e6d6db4859b0f602b0a9642e8bc14dc20bb114c1709c4fcd353c02cc5bd861bc6c8485eb0c0df9f7054906344fbfae23779f76552ec1e25069a0f82a0d44e94488962db89468cc67c3eef7fe358125e81ba2a41cfddd82a367b8f37233d3692890932229354a810d7f62985d19d752b1940c5c6fe5f0585decbb52dfe7e45aeeda24c0dc9e2edf38af86339a0da1bf52001d3e717fdb6ba0ca30eda83730a90489ec4239ff7175f59446acd55e1a3295211afec28d8c78013038671100cd6eb996c4991d93dd8174006e073b8c278a3fcd032421d4cf069af9677b2b4df6fe4b5bef7bc3c314b3bd1e781918c0fe8a781b654994b8f2716f4cedc59a70e3ad5a678c9e431d99667268c9bfe784c4889a38cf91805e3a7dd01c0f025374b3f84d41e8e2fe089e60a36373dc2973a66ac2b7f4aa8ccfba13cae768ab8364b242c3097a1865ee01551ddc97cf8092c892129569e0fd96c03c9c1e4b2ecc91c23d9642c77309c259016953ace23f35f8cd99a3e949fbc84a5002ee6781b6308e7a751e29404954bc8bd4e00d53f5858d2568f891d8b70fc33c7c238007625b39d0edd07e4ec853d26858568358bac693f306f60e583fb6ca4164287a94053dcb0c5c0546580bc89c0c90cb6dfabe1fa1dbceb87db44ffb2a2935fb4552786af0ebd9bc2e21a04ef7b6de57f6eefbe8ed3efd075edd80c434a1ceea4a2cf6df66cd75042bfc879fd1a634fe917d10e1bddd0fc7e481e76ac5886eefbb345edeef3e9a691e46b2bf5a0ef26a771f29673b893449d46c925437df19b56e5d4683d5b7e4b0d1540b1fcfb328be46d53f8851d2c295f40c16301c84a3441c047f837c9b79e871b13aae8cc2ed46837ab98dde8548485688e3a6112736a555793d1896b53a1e29d45609c241564bf49bd175dfb1f114947e6e0b360cf574d93760396fd2aeff25496c1fdb2bff6b1a7e3ce38021eb90759a4ba6d576d01149f68c8e30bb839a19378e8a38d7c0c7c1d8addd8f7ca16961b63dfc21f9f94b1d4de1a37a8fb5f37859527dda62d8bb2fdf60192942ebf6fb9fa17bb997810f449f252c92f2c8e94998dcf13929351496208b1111fcee8f03ed8a1418d3d76c66a27dde4f7774d3610114c5eb3988ddf7f7c186692f0b9e8d401b82c5f40759e5a36c1f6586e524c49730a608f4fe91ce861d450d4ed34afa650cfe903eff1583e1462235ac3a4f343829af968fed6c030488440c16d3487af10f752c5cdffc48d6ee6c862cc6312a55908106b58aaa827fede382596c2ec9b5a4111d8c29bff6780084b7a3bb6c2df96c6f6054e98c4359ca28cc816817e023df2d5c77494b99e710fe211664b3037e5ca5a73ec97cf3892b855cca5e6de315ffd8da3bc5284977083b57049bcaaaab0af987f5da069f13d26fc9e28846cb2f6916ba578558c2913a9ae917126944c4f273e412ee0468ff65b81f98e9d642884fa6329e51afa89c5d561e6e0134e70eb62620a89f446625c11eb91e2ff187b1fd3eee2035cd2f6f61b17142eb39c02e8e1239a44cfe47e18c5a5d628d4301445b6448d6df49bdc56583128253fe478205dea4c43d919294c3040045731ed01ca2ef38057fa9a162e27882a680f28f2cb06a831ec7561b713d2af6ba759b9ebdaac7611f6af907c802c29b670a3e82d4d473c4454b6f94350052577a38b078432989f403980690c3dc46c44569d9c91ad26cef49beccc55374ee84695fbb3be7256eccdee41ff631a1c23a96e88742391ec11a3186bac31bede8ed49192f4918b641067c69b33eff4c414178e2ae8f384f4441bac2a0d7ff75bbbcd5a78704906ac7eab52438fbf48d9673a332020dd112877ef36512885679ecd3bfd863eb250ad72019f4bd9148c93bae6e11a74bda2fd8a1c7dc64ad90898af45d39e7d961aa48aabab4909d6d0d1e4c254cd6dcdd36958e7deb766948d67780001256ecd2961db27b31a4331073127b7518d51fe4e18e28c0e276a062e84ca78e450e33aaaf765f8b77acfa8890a3b0dbdf3a32ce64b2bc5fb13980240e10116eb204a48fd265b2c45bcf51db5836fe91ca6de8a1f3c019e2709c0a1907e95d988ee3cad98ffec9ce4506a3b3c0fa1a4a9b8911cc692c235789679fe314241ca7c4b13de64a3c4e44f07d32c49fa48ba8b54629b6881695f008ac0c092819c2a98fc2d26f65abbc8b055c87e7fe96d22188ab0661351206b43217c1267ae960d21016170daaedc2441bae8a9092d1f16e8a820ef61e92ccfa2093d064b8921e36b5ddd7b4f0e92f271f9ef6e72a72a106c67dacccd58f5b98bf1c8f03262db735fc8e5f2b846934e02d9312c69ff4e58135fa65a2f8b7c651bf98caf52e2c31ab66a0861c23cfaf5e8e12e601145a8f93c8053cc2bde81bab89bf8d87e2ee053e1fe17f8e33ac899ba96efee6a82093646cfa86aa6e762af055ee6314e0597b72b09a898b912bc5988b12ffed918a90dd8a1e107b43121c90256178e1ddb6b590e53947bb94ca4b8e50912fa2a6b08c27e64786125a0f8199b385b33316f71fc4582d89533f7c1a2ef69970e94fed5f2c8359dda4dc54f57a58caaffcd5820031dcc4922bcf02f0ebd3284863e9b47f485a525036cec41e49fedfc977797f1b0a9ed39bc537250f35ad5f931da5fa0a01e5451527f932a3f2c7f79d6ca2e748498eca0d1694bf447fd1ba111d999ad1ea37096072b3035c9af3b5ea8cb372b4bee4201f6f7919d1ba0e51e19431dd9b4353b17ab5f4c5968bc33ba36f8c08b7c87aa266e70a68a2cf3b272c9ba52e145215fbbfb524c22a741112b7d55d2821a6bb59cc1dc720f25b9589fed6275bce9447d07f6b1abaeca80f2c75e8393819d5ebbdc9c0f1a39e943c20e908858e9195ca1808ab6e512afdc7d0b53eb2b71e3e2c8ad658770dd4dc6805610b691589e93241cf7d14595e8bca00b278d3ac85ee104d336da3a5233b81fc7e6ff6f0cc9bbbee91fb57f3597952720c5d88065c44fa98399a721d090fc631a3691c0428d050c88923dccd1517e2ba68bc3668a39ac3b7b57ad3b5bea94e4fde9c027408d1f4942c42289b73769792e18b06f96ce2004e170a5f764778487d467c5ea4e13f40f3173e024613f14edeb599264f1450202b666b9f24ecb62aba23cde22e0f7e45266e3b76660162ebcb2b52c85d6410e07427431e58a2570824d956ca43aa56a020fbc5d48e71b2f45f7e2c0359073434ceeca33ac9187abbf52d8942c9cbe2da287f87a80c4e2853caa7ccf78bccb07649a73b58f7ecd36cc5b65e5e461c8b39b33445cfa2fe29cacc1a4164e5873984bccc60a8d9f1ea9ecaee4302de5b26ac80b2d402aa25c6a381aa0a8215b20e142d428c80aa94aaf3b6bc947964b9603bc981fdda1bc9a0f7fb0cb153a4b8a9959526f4a15b91cfc8301773fd4bb41e03a5e59586c0fb451987479fdff6ca408642c7355084e5cf7ec0465712f5bffb79ae7f12dbb84e63117c00"/4212], 0x1074) r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0) r2 = creat(0x0, 0x98) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000)=0x200, 0x2) write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="050000000000000065822f6365632301288de17cd359ffb3f7630a4c0a61b8999ca5cbc8d1ba62bdc36576821c6e58e25dd3409dce09768493cd10bc77281ec5f037f8ede266a24a7e5dd5774d33a68a00b39841cbf7852a891fa36ebc19c3a813363fc891c8e7ecca3f508c934eaada6d7c1d3cad883a305c5a7cd282f01858577f3921bcfefd30"], 0x1) r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x150, r4, 0x200, 0x0, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x7c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x150}, 0x1, 0x0, 0x0, 0xc4}, 0x4) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) [ 199.283100] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 199.304957] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 199.311737] loop3: p1 p2 p3 p4 04:55:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) socket$inet(0x2, 0x0, 0x1000) [ 199.471376] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 199.498685] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 199.538908] loop3: p1 p2 p3 p4 04:55:47 executing program 4: munmap(&(0x7f0000de3000/0x3000)=nil, 0x3000) mlock(&(0x7f0000a00000/0x600000)=nil, 0x600000) madvise(&(0x7f0000aa2000/0x1000)=nil, 0x1000, 0x5) 04:55:47 executing program 0: seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0xfffffffffffffffd}]}) shutdown(0xffffffffffffffff, 0x0) 04:55:47 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c460505ff00008000000000000002003e00050000009f0000000000000040000000000000008302000000000000070000000600380001000000850a87d80700000004000000060000000000000064f4ffffffffffff0000e0000000000003000000000000000000000000000000a00e00000000000039f6a6e3d70f0b1c418a2fab20edc1a9ac78f121ab4a49ac0013180335374db5ac4812d41b110003c9d94eb9d8e7a553df6ee15ab668b31f1975fdad4b6ada275c90badbba081c23f1ab2c6ab7198bb1bdf95279317f4380ee6536b9ce492db7334a208e8c00c603d7af841c98e6f1a6c9ca4b982ccbfe5b4202cf5b8157535509c9afcbf81d23b18a0d0e52fd17bfaf34c0abf4d793092e4d500d1aadd0ebc243817e419fdc4b45488ef031318f8baa232d4cd31e1805c30415d1fd5156d1750b629a58e432e038372efde5d8d8bf3c135e0a135e46ace4b398c0addc4a623674d3efc764d76a0c9ebf5e3e068ed1465e6b5e0e09baf3e5af8b7da9f94ab97c9f37abb65ba8233827f15000992fb62835b5f51a0380b3c0bdeaef353c76969d496dae836b02fe9e8f4162c8d0f22eae39d4d09c72ab126f8c427e7746b96379adde21d9bdc1b4be80d20e9a521732abe1bf4d7e41308b39914a8d893ef7b659ba337ee546413bbaa80d2b27f1c637101ed6949fec617814377d3985cf3128bd9e4ef4d4b8cf39ba7505abe391c020e41ef0b6790b49aab7ff35e77bce1b536c386ef0074f53658c1e818e659ae6f2a8c041b1ce2480ae04fa13a67e6be713f5bc74aac932bbc7e88c1ed73a8b1a4a0f22700a3186bcbcfebd058e84db95b0baecb33f817b821798ae896810e018d6ddd9ada64becbb364e40b9159e38aa7111545387328c9df772540a9257335be3ffc7254c30a2dbaed47b09c0fad4fe79cf24740974a1439e48892301e0719942b4500d2db55264bcec73269ecd53a050dacb3db90a064bcccd3730a4c94d0441b0746677cb7eea45a2e2ec4aa7e4524e6ca288a2258d4c4cccc4c1f5ae7700a163d2ac55293090ee3ccec110615e3e7ce45830abafb0ed6542ed8636116c7585072b7fa9ab3d6cee532f72b2f64d6ce87d74d8cc7082276c9c622ca09f955acc10668ae8218793d453f2553b5cafc79e26f2e0d03dcfea8485b37f303f645d8eddbf080dd694301609eb5b795892de7053d8d13b034fa96d470ccc588c9b9b44e47a97a7171485b065e8bba415e0ccda1a5e58ef452737007edd31ea472dc354953ea027a64a9161fb882507e4ae05d0ef62627d30638214e50379ef99d3933a8c2d2f8767bb4e2851e049d0de2bd3d0b68840d4928cbc705aabd164a55b24e7af45294cc3c5f9307b59b5d99e140681e1e71f1dd374a2236d9433ede4d79a7b832198a2a5a6400d0ab7b3f732250e9dead0802fc02b2e2e7e7e308ae1538dedb6b828cd1e5bc25cf1846cfd7dcbcfee32e64d58676cf22a6f253d0c050e8018ca3cc2570ea10d60fee6f0b6de974bb38744e4702e63c34e7d601d7c2c23e6d8bcfc8780bc9f47febb03ed0500708c1a2c2cb3ddc6a6ceeb8c0f963e0b19b3c38e448f4b464cfa616d7cf44826a7ef087c536b9ff76b7911cee677203efcd3749a5b0f2613c6d63bfb9284af562e41b8110ae96a5961117aed1a5f6092fff814f35f6d9304ec1f80d2eb91fdca2e834e273f6db003ead3e6d6db4859b0f602b0a9642e8bc14dc20bb114c1709c4fcd353c02cc5bd861bc6c8485eb0c0df9f7054906344fbfae23779f76552ec1e25069a0f82a0d44e94488962db89468cc67c3eef7fe358125e81ba2a41cfddd82a367b8f37233d3692890932229354a810d7f62985d19d752b1940c5c6fe5f0585decbb52dfe7e45aeeda24c0dc9e2edf38af86339a0da1bf52001d3e717fdb6ba0ca30eda83730a90489ec4239ff7175f59446acd55e1a3295211afec28d8c78013038671100cd6eb996c4991d93dd8174006e073b8c278a3fcd032421d4cf069af9677b2b4df6fe4b5bef7bc3c314b3bd1e781918c0fe8a781b654994b8f2716f4cedc59a70e3ad5a678c9e431d99667268c9bfe784c4889a38cf91805e3a7dd01c0f025374b3f84d41e8e2fe089e60a36373dc2973a66ac2b7f4aa8ccfba13cae768ab8364b242c3097a1865ee01551ddc97cf8092c892129569e0fd96c03c9c1e4b2ecc91c23d9642c77309c259016953ace23f35f8cd99a3e949fbc84a5002ee6781b6308e7a751e29404954bc8bd4e00d53f5858d2568f891d8b70fc33c7c238007625b39d0edd07e4ec853d26858568358bac693f306f60e583fb6ca4164287a94053dcb0c5c0546580bc89c0c90cb6dfabe1fa1dbceb87db44ffb2a2935fb4552786af0ebd9bc2e21a04ef7b6de57f6eefbe8ed3efd075edd80c434a1ceea4a2cf6df66cd75042bfc879fd1a634fe917d10e1bddd0fc7e481e76ac5886eefbb345edeef3e9a691e46b2bf5a0ef26a771f29673b893449d46c925437df19b56e5d4683d5b7e4b0d1540b1fcfb328be46d53f8851d2c295f40c16301c84a3441c047f837c9b79e871b13aae8cc2ed46837ab98dde8548485688e3a6112736a555793d1896b53a1e29d45609c241564bf49bd175dfb1f114947e6e0b360cf574d93760396fd2aeff25496c1fdb2bff6b1a7e3ce38021eb90759a4ba6d576d01149f68c8e30bb839a19378e8a38d7c0c7c1d8addd8f7ca16961b63dfc21f9f94b1d4de1a37a8fb5f37859527dda62d8bb2fdf60192942ebf6fb9fa17bb997810f449f252c92f2c8e94998dcf13929351496208b1111fcee8f03ed8a1418d3d76c66a27dde4f7774d3610114c5eb3988ddf7f7c186692f0b9e8d401b82c5f40759e5a36c1f6586e524c49730a608f4fe91ce861d450d4ed34afa650cfe903eff1583e1462235ac3a4f343829af968fed6c030488440c16d3487af10f752c5cdffc48d6ee6c862cc6312a55908106b58aaa827fede382596c2ec9b5a4111d8c29bff6780084b7a3bb6c2df96c6f6054e98c4359ca28cc816817e023df2d5c77494b99e710fe211664b3037e5ca5a73ec97cf3892b855cca5e6de315ffd8da3bc5284977083b57049bcaaaab0af987f5da069f13d26fc9e28846cb2f6916ba578558c2913a9ae917126944c4f273e412ee0468ff65b81f98e9d642884fa6329e51afa89c5d561e6e0134e70eb62620a89f446625c11eb91e2ff187b1fd3eee2035cd2f6f61b17142eb39c02e8e1239a44cfe47e18c5a5d628d4301445b6448d6df49bdc56583128253fe478205dea4c43d919294c3040045731ed01ca2ef38057fa9a162e27882a680f28f2cb06a831ec7561b713d2af6ba759b9ebdaac7611f6af907c802c29b670a3e82d4d473c4454b6f94350052577a38b078432989f403980690c3dc46c44569d9c91ad26cef49beccc55374ee84695fbb3be7256eccdee41ff631a1c23a96e88742391ec11a3186bac31bede8ed49192f4918b641067c69b33eff4c414178e2ae8f384f4441bac2a0d7ff75bbbcd5a78704906ac7eab52438fbf48d9673a332020dd112877ef36512885679ecd3bfd863eb250ad72019f4bd9148c93bae6e11a74bda2fd8a1c7dc64ad90898af45d39e7d961aa48aabab4909d6d0d1e4c254cd6dcdd36958e7deb766948d67780001256ecd2961db27b31a4331073127b7518d51fe4e18e28c0e276a062e84ca78e450e33aaaf765f8b77acfa8890a3b0dbdf3a32ce64b2bc5fb13980240e10116eb204a48fd265b2c45bcf51db5836fe91ca6de8a1f3c019e2709c0a1907e95d988ee3cad98ffec9ce4506a3b3c0fa1a4a9b8911cc692c235789679fe314241ca7c4b13de64a3c4e44f07d32c49fa48ba8b54629b6881695f008ac0c092819c2a98fc2d26f65abbc8b055c87e7fe96d22188ab0661351206b43217c1267ae960d21016170daaedc2441bae8a9092d1f16e8a820ef61e92ccfa2093d064b8921e36b5ddd7b4f0e92f271f9ef6e72a72a106c67dacccd58f5b98bf1c8f03262db735fc8e5f2b846934e02d9312c69ff4e58135fa65a2f8b7c651bf98caf52e2c31ab66a0861c23cfaf5e8e12e601145a8f93c8053cc2bde81bab89bf8d87e2ee053e1fe17f8e33ac899ba96efee6a82093646cfa86aa6e762af055ee6314e0597b72b09a898b912bc5988b12ffed918a90dd8a1e107b43121c90256178e1ddb6b590e53947bb94ca4b8e50912fa2a6b08c27e64786125a0f8199b385b33316f71fc4582d89533f7c1a2ef69970e94fed5f2c8359dda4dc54f57a58caaffcd5820031dcc4922bcf02f0ebd3284863e9b47f485a525036cec41e49fedfc977797f1b0a9ed39bc537250f35ad5f931da5fa0a01e5451527f932a3f2c7f79d6ca2e748498eca0d1694bf447fd1ba111d999ad1ea37096072b3035c9af3b5ea8cb372b4bee4201f6f7919d1ba0e51e19431dd9b4353b17ab5f4c5968bc33ba36f8c08b7c87aa266e70a68a2cf3b272c9ba52e145215fbbfb524c22a741112b7d55d2821a6bb59cc1dc720f25b9589fed6275bce9447d07f6b1abaeca80f2c75e8393819d5ebbdc9c0f1a39e943c20e908858e9195ca1808ab6e512afdc7d0b53eb2b71e3e2c8ad658770dd4dc6805610b691589e93241cf7d14595e8bca00b278d3ac85ee104d336da3a5233b81fc7e6ff6f0cc9bbbee91fb57f3597952720c5d88065c44fa98399a721d090fc631a3691c0428d050c88923dccd1517e2ba68bc3668a39ac3b7b57ad3b5bea94e4fde9c027408d1f4942c42289b73769792e18b06f96ce2004e170a5f764778487d467c5ea4e13f40f3173e024613f14edeb599264f1450202b666b9f24ecb62aba23cde22e0f7e45266e3b76660162ebcb2b52c85d6410e07427431e58a2570824d956ca43aa56a020fbc5d48e71b2f45f7e2c0359073434ceeca33ac9187abbf52d8942c9cbe2da287f87a80c4e2853caa7ccf78bccb07649a73b58f7ecd36cc5b65e5e461c8b39b33445cfa2fe29cacc1a4164e5873984bccc60a8d9f1ea9ecaee4302de5b26ac80b2d402aa25c6a381aa0a8215b20e142d428c80aa94aaf3b6bc947964b9603bc981fdda1bc9a0f7fb0cb153a4b8a9959526f4a15b91cfc8301773fd4bb41e03a5e59586c0fb451987479fdff6ca408642c7355084e5cf7ec0465712f5bffb79ae7f12dbb84e63117c00"/4212], 0x1074) r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0) r2 = creat(0x0, 0x98) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000)=0x200, 0x2) write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="050000000000000065822f6365632301288de17cd359ffb3f7630a4c0a61b8999ca5cbc8d1ba62bdc36576821c6e58e25dd3409dce09768493cd10bc77281ec5f037f8ede266a24a7e5dd5774d33a68a00b39841cbf7852a891fa36ebc19c3a813363fc891c8e7ecca3f508c934eaada6d7c1d3cad883a305c5a7cd282f01858577f3921bcfefd30"], 0x1) r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x150, r4, 0x200, 0x0, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x7c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x150}, 0x1, 0x0, 0x0, 0xc4}, 0x4) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 04:55:47 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) [ 199.607480] audit: type=1326 audit(1556168147.906:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7798 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000 04:55:48 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) [ 199.851233] audit: type=1326 audit(1556168148.156:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7761 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000 [ 199.876107] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 199.886163] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 199.892311] loop3: p1 p2 p3 p4 04:55:48 executing program 2: open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee", 0x1d8) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) listxattr(&(0x7f0000000080)='\x00', &(0x7f0000000040), 0xfffffffffffffdc1) syz_execute_func(&(0x7f0000000040)="f0202500000000f20f79dec4824546045ac4823193ac51000000006545d9fb41a5f0114807362e660f3834dd410030c4227d596dfe") fallocate(r1, 0x0, 0x0, 0x1000100) lseek(r1, 0x0, 0x3) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r2, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) 04:55:48 executing program 4: seccomp(0x1, 0x0, &(0x7f0000001980)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0xfffffffffffffffd}]}) uname(&(0x7f00000005c0)=""/4096) 04:55:48 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c460505ff00008000000000000002003e00050000009f0000000000000040000000000000008302000000000000070000000600380001000000850a87d80700000004000000060000000000000064f4ffffffffffff0000e0000000000003000000000000000000000000000000a00e00000000000039f6a6e3d70f0b1c418a2fab20edc1a9ac78f121ab4a49ac0013180335374db5ac4812d41b110003c9d94eb9d8e7a553df6ee15ab668b31f1975fdad4b6ada275c90badbba081c23f1ab2c6ab7198bb1bdf95279317f4380ee6536b9ce492db7334a208e8c00c603d7af841c98e6f1a6c9ca4b982ccbfe5b4202cf5b8157535509c9afcbf81d23b18a0d0e52fd17bfaf34c0abf4d793092e4d500d1aadd0ebc243817e419fdc4b45488ef031318f8baa232d4cd31e1805c30415d1fd5156d1750b629a58e432e038372efde5d8d8bf3c135e0a135e46ace4b398c0addc4a623674d3efc764d76a0c9ebf5e3e068ed1465e6b5e0e09baf3e5af8b7da9f94ab97c9f37abb65ba8233827f15000992fb62835b5f51a0380b3c0bdeaef353c76969d496dae836b02fe9e8f4162c8d0f22eae39d4d09c72ab126f8c427e7746b96379adde21d9bdc1b4be80d20e9a521732abe1bf4d7e41308b39914a8d893ef7b659ba337ee546413bbaa80d2b27f1c637101ed6949fec617814377d3985cf3128bd9e4ef4d4b8cf39ba7505abe391c020e41ef0b6790b49aab7ff35e77bce1b536c386ef0074f53658c1e818e659ae6f2a8c041b1ce2480ae04fa13a67e6be713f5bc74aac932bbc7e88c1ed73a8b1a4a0f22700a3186bcbcfebd058e84db95b0baecb33f817b821798ae896810e018d6ddd9ada64becbb364e40b9159e38aa7111545387328c9df772540a9257335be3ffc7254c30a2dbaed47b09c0fad4fe79cf24740974a1439e48892301e0719942b4500d2db55264bcec73269ecd53a050dacb3db90a064bcccd3730a4c94d0441b0746677cb7eea45a2e2ec4aa7e4524e6ca288a2258d4c4cccc4c1f5ae7700a163d2ac55293090ee3ccec110615e3e7ce45830abafb0ed6542ed8636116c7585072b7fa9ab3d6cee532f72b2f64d6ce87d74d8cc7082276c9c622ca09f955acc10668ae8218793d453f2553b5cafc79e26f2e0d03dcfea8485b37f303f645d8eddbf080dd694301609eb5b795892de7053d8d13b034fa96d470ccc588c9b9b44e47a97a7171485b065e8bba415e0ccda1a5e58ef452737007edd31ea472dc354953ea027a64a9161fb882507e4ae05d0ef62627d30638214e50379ef99d3933a8c2d2f8767bb4e2851e049d0de2bd3d0b68840d4928cbc705aabd164a55b24e7af45294cc3c5f9307b59b5d99e140681e1e71f1dd374a2236d9433ede4d79a7b832198a2a5a6400d0ab7b3f732250e9dead0802fc02b2e2e7e7e308ae1538dedb6b828cd1e5bc25cf1846cfd7dcbcfee32e64d58676cf22a6f253d0c050e8018ca3cc2570ea10d60fee6f0b6de974bb38744e4702e63c34e7d601d7c2c23e6d8bcfc8780bc9f47febb03ed0500708c1a2c2cb3ddc6a6ceeb8c0f963e0b19b3c38e448f4b464cfa616d7cf44826a7ef087c536b9ff76b7911cee677203efcd3749a5b0f2613c6d63bfb9284af562e41b8110ae96a5961117aed1a5f6092fff814f35f6d9304ec1f80d2eb91fdca2e834e273f6db003ead3e6d6db4859b0f602b0a9642e8bc14dc20bb114c1709c4fcd353c02cc5bd861bc6c8485eb0c0df9f7054906344fbfae23779f76552ec1e25069a0f82a0d44e94488962db89468cc67c3eef7fe358125e81ba2a41cfddd82a367b8f37233d3692890932229354a810d7f62985d19d752b1940c5c6fe5f0585decbb52dfe7e45aeeda24c0dc9e2edf38af86339a0da1bf52001d3e717fdb6ba0ca30eda83730a90489ec4239ff7175f59446acd55e1a3295211afec28d8c78013038671100cd6eb996c4991d93dd8174006e073b8c278a3fcd032421d4cf069af9677b2b4df6fe4b5bef7bc3c314b3bd1e781918c0fe8a781b654994b8f2716f4cedc59a70e3ad5a678c9e431d99667268c9bfe784c4889a38cf91805e3a7dd01c0f025374b3f84d41e8e2fe089e60a36373dc2973a66ac2b7f4aa8ccfba13cae768ab8364b242c3097a1865ee01551ddc97cf8092c892129569e0fd96c03c9c1e4b2ecc91c23d9642c77309c259016953ace23f35f8cd99a3e949fbc84a5002ee6781b6308e7a751e29404954bc8bd4e00d53f5858d2568f891d8b70fc33c7c238007625b39d0edd07e4ec853d26858568358bac693f306f60e583fb6ca4164287a94053dcb0c5c0546580bc89c0c90cb6dfabe1fa1dbceb87db44ffb2a2935fb4552786af0ebd9bc2e21a04ef7b6de57f6eefbe8ed3efd075edd80c434a1ceea4a2cf6df66cd75042bfc879fd1a634fe917d10e1bddd0fc7e481e76ac5886eefbb345edeef3e9a691e46b2bf5a0ef26a771f29673b893449d46c925437df19b56e5d4683d5b7e4b0d1540b1fcfb328be46d53f8851d2c295f40c16301c84a3441c047f837c9b79e871b13aae8cc2ed46837ab98dde8548485688e3a6112736a555793d1896b53a1e29d45609c241564bf49bd175dfb1f114947e6e0b360cf574d93760396fd2aeff25496c1fdb2bff6b1a7e3ce38021eb90759a4ba6d576d01149f68c8e30bb839a19378e8a38d7c0c7c1d8addd8f7ca16961b63dfc21f9f94b1d4de1a37a8fb5f37859527dda62d8bb2fdf60192942ebf6fb9fa17bb997810f449f252c92f2c8e94998dcf13929351496208b1111fcee8f03ed8a1418d3d76c66a27dde4f7774d3610114c5eb3988ddf7f7c186692f0b9e8d401b82c5f40759e5a36c1f6586e524c49730a608f4fe91ce861d450d4ed34afa650cfe903eff1583e1462235ac3a4f343829af968fed6c030488440c16d3487af10f752c5cdffc48d6ee6c862cc6312a55908106b58aaa827fede382596c2ec9b5a4111d8c29bff6780084b7a3bb6c2df96c6f6054e98c4359ca28cc816817e023df2d5c77494b99e710fe211664b3037e5ca5a73ec97cf3892b855cca5e6de315ffd8da3bc5284977083b57049bcaaaab0af987f5da069f13d26fc9e28846cb2f6916ba578558c2913a9ae917126944c4f273e412ee0468ff65b81f98e9d642884fa6329e51afa89c5d561e6e0134e70eb62620a89f446625c11eb91e2ff187b1fd3eee2035cd2f6f61b17142eb39c02e8e1239a44cfe47e18c5a5d628d4301445b6448d6df49bdc56583128253fe478205dea4c43d919294c3040045731ed01ca2ef38057fa9a162e27882a680f28f2cb06a831ec7561b713d2af6ba759b9ebdaac7611f6af907c802c29b670a3e82d4d473c4454b6f94350052577a38b078432989f403980690c3dc46c44569d9c91ad26cef49beccc55374ee84695fbb3be7256eccdee41ff631a1c23a96e88742391ec11a3186bac31bede8ed49192f4918b641067c69b33eff4c414178e2ae8f384f4441bac2a0d7ff75bbbcd5a78704906ac7eab52438fbf48d9673a332020dd112877ef36512885679ecd3bfd863eb250ad72019f4bd9148c93bae6e11a74bda2fd8a1c7dc64ad90898af45d39e7d961aa48aabab4909d6d0d1e4c254cd6dcdd36958e7deb766948d67780001256ecd2961db27b31a4331073127b7518d51fe4e18e28c0e276a062e84ca78e450e33aaaf765f8b77acfa8890a3b0dbdf3a32ce64b2bc5fb13980240e10116eb204a48fd265b2c45bcf51db5836fe91ca6de8a1f3c019e2709c0a1907e95d988ee3cad98ffec9ce4506a3b3c0fa1a4a9b8911cc692c235789679fe314241ca7c4b13de64a3c4e44f07d32c49fa48ba8b54629b6881695f008ac0c092819c2a98fc2d26f65abbc8b055c87e7fe96d22188ab0661351206b43217c1267ae960d21016170daaedc2441bae8a9092d1f16e8a820ef61e92ccfa2093d064b8921e36b5ddd7b4f0e92f271f9ef6e72a72a106c67dacccd58f5b98bf1c8f03262db735fc8e5f2b846934e02d9312c69ff4e58135fa65a2f8b7c651bf98caf52e2c31ab66a0861c23cfaf5e8e12e601145a8f93c8053cc2bde81bab89bf8d87e2ee053e1fe17f8e33ac899ba96efee6a82093646cfa86aa6e762af055ee6314e0597b72b09a898b912bc5988b12ffed918a90dd8a1e107b43121c90256178e1ddb6b590e53947bb94ca4b8e50912fa2a6b08c27e64786125a0f8199b385b33316f71fc4582d89533f7c1a2ef69970e94fed5f2c8359dda4dc54f57a58caaffcd5820031dcc4922bcf02f0ebd3284863e9b47f485a525036cec41e49fedfc977797f1b0a9ed39bc537250f35ad5f931da5fa0a01e5451527f932a3f2c7f79d6ca2e748498eca0d1694bf447fd1ba111d999ad1ea37096072b3035c9af3b5ea8cb372b4bee4201f6f7919d1ba0e51e19431dd9b4353b17ab5f4c5968bc33ba36f8c08b7c87aa266e70a68a2cf3b272c9ba52e145215fbbfb524c22a741112b7d55d2821a6bb59cc1dc720f25b9589fed6275bce9447d07f6b1abaeca80f2c75e8393819d5ebbdc9c0f1a39e943c20e908858e9195ca1808ab6e512afdc7d0b53eb2b71e3e2c8ad658770dd4dc6805610b691589e93241cf7d14595e8bca00b278d3ac85ee104d336da3a5233b81fc7e6ff6f0cc9bbbee91fb57f3597952720c5d88065c44fa98399a721d090fc631a3691c0428d050c88923dccd1517e2ba68bc3668a39ac3b7b57ad3b5bea94e4fde9c027408d1f4942c42289b73769792e18b06f96ce2004e170a5f764778487d467c5ea4e13f40f3173e024613f14edeb599264f1450202b666b9f24ecb62aba23cde22e0f7e45266e3b76660162ebcb2b52c85d6410e07427431e58a2570824d956ca43aa56a020fbc5d48e71b2f45f7e2c0359073434ceeca33ac9187abbf52d8942c9cbe2da287f87a80c4e2853caa7ccf78bccb07649a73b58f7ecd36cc5b65e5e461c8b39b33445cfa2fe29cacc1a4164e5873984bccc60a8d9f1ea9ecaee4302de5b26ac80b2d402aa25c6a381aa0a8215b20e142d428c80aa94aaf3b6bc947964b9603bc981fdda1bc9a0f7fb0cb153a4b8a9959526f4a15b91cfc8301773fd4bb41e03a5e59586c0fb451987479fdff6ca408642c7355084e5cf7ec0465712f5bffb79ae7f12dbb84e63117c00"/4212], 0x1074) r1 = accept4(0xffffffffffffff9c, &(0x7f00000002c0)=@nfc, &(0x7f0000000140)=0x80, 0x800) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x40000, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0xa4001, 0x0) r2 = creat(0x0, 0x98) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000)=0x200, 0x2) write$apparmor_exec(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="050000000000000065822f6365632301288de17cd359ffb3f7630a4c0a61b8999ca5cbc8d1ba62bdc36576821c6e58e25dd3409dce09768493cd10bc77281ec5f037f8ede266a24a7e5dd5774d33a68a00b39841cbf7852a891fa36ebc19c3a813363fc891c8e7ecca3f508c934eaada6d7c1d3cad883a305c5a7cd282f01858577f3921bcfefd30"], 0x1) r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x7, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000016c0)={0x150, r4, 0x200, 0x0, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x7c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8b29}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3e0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x26}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8ec8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x320}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffeffffffff}]}]}, 0x150}, 0x1, 0x0, 0x0, 0xc4}, 0x4) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 04:55:48 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) [ 199.941705] audit: type=1326 audit(1556168148.246:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7827 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000 04:55:48 executing program 1: r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000000)="240000005a000900ff03f4f9002104000a04f5110c000100020100020800028001000000", 0x24) [ 200.067263] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 200.080292] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 200.086692] loop3: p1 p2 p3 p4 04:55:48 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) 04:55:48 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x129f0817) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100), 0x4) [ 200.151775] nla_parse: 35 callbacks suppressed [ 200.151782] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 200.310740] ldm_validate_privheads(): Disk read failed. [ 200.316316] loop3: p1 p2 p3 p4 [ 200.345094] loop3: partition table partially beyond EOD, truncated [ 200.380800] loop3: p1 start 16 is beyond EOD, truncated [ 200.408842] audit: type=1326 audit(1556168148.706:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7798 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000 [ 200.438485] loop3: p2 start 101 is beyond EOD, truncated [ 200.461642] loop3: p3 start 201 is beyond EOD, truncated 04:55:48 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e20, @multicast1}, 0x10) syz_open_dev$sndpcmc(0x0, 0x0, 0x400) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008800, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000180)="4e9e1562147aab77cf5b1f5ac4bbddf3a1b17bfaae9d994913c869d8ee8f980aa5a5235655efc8422eedd5e7c53a51dffa6c4642e0e50f330037cb64b98eb991b2b33bcca6", 0x45, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x114}}], 0xaf7, 0x2, 0x0) [ 200.487427] loop3: p4 start 301 is beyond EOD, truncated 04:55:48 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:48 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) 04:55:49 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) [ 200.721202] ldm_validate_privheads(): Disk read failed. [ 200.726888] loop3: p1 p2 p3 p4 [ 200.741792] audit: type=1326 audit(1556168149.046:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7827 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45bbfa code=0xffff0000 04:55:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000003e00000000000000000000000000400000000000000000000000000000000000000000003800"/705], 0x2c1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f68d3f09646ebb175b64f48673bab39a740b280f8876953befe1c9eb8b1494786cdda1a87dbce11989c23041ee13071a5af0e17e267cc0bf8e310b695e5f3bf0f5e0a5ba3393a", 0xe4, 0x3, 0x0, 0x0) [ 200.746499] loop3: partition table partially beyond EOD, truncated [ 200.843804] loop3: p1 start 16 is beyond EOD, truncated [ 200.859441] loop3: p2 start 101 is beyond EOD, truncated [ 200.875701] loop3: p3 start 201 is beyond EOD, truncated [ 200.889642] loop3: p4 start 301 is beyond EOD, truncated 04:55:49 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:49 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) 04:55:49 executing program 0: 04:55:49 executing program 2: 04:55:49 executing program 4: 04:55:49 executing program 2: [ 201.550830] ldm_validate_privheads(): Disk read failed. [ 201.556984] loop3: p1 p2 p3 p4 [ 201.569486] loop3: partition table partially beyond EOD, truncated [ 201.584801] loop3: p1 start 16 is beyond EOD, truncated [ 201.597184] loop3: p2 start 101 is beyond EOD, truncated [ 201.609722] loop3: p3 start 201 is beyond EOD, truncated [ 201.621253] loop3: p4 start 301 is beyond EOD, truncated 04:55:51 executing program 1: 04:55:51 executing program 4: 04:55:51 executing program 0: 04:55:51 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:51 executing program 3: syz_read_part_table(0xe01f032b, 0x0, 0x0) 04:55:51 executing program 2: 04:55:51 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:51 executing program 1: 04:55:51 executing program 4: 04:55:51 executing program 0: 04:55:51 executing program 2: 04:55:51 executing program 3: syz_read_part_table(0xe01f032b, 0x0, 0x0) 04:55:51 executing program 1: 04:55:51 executing program 0: 04:55:51 executing program 4: 04:55:51 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:51 executing program 2: 04:55:51 executing program 1: 04:55:51 executing program 4: 04:55:51 executing program 3: syz_read_part_table(0xe01f032b, 0x0, 0x0) 04:55:51 executing program 0: 04:55:51 executing program 1: 04:55:51 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:51 executing program 2: 04:55:51 executing program 4: 04:55:51 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:51 executing program 0: 04:55:51 executing program 2: 04:55:51 executing program 1: 04:55:52 executing program 3: syz_read_part_table(0xe01f032b, 0x0, &(0x7f0000000200)) 04:55:52 executing program 2: 04:55:52 executing program 1: 04:55:52 executing program 0: 04:55:52 executing program 4: 04:55:52 executing program 2: 04:55:52 executing program 3: syz_read_part_table(0xe01f032b, 0x0, &(0x7f0000000200)) 04:55:52 executing program 2: 04:55:52 executing program 4: 04:55:52 executing program 1: 04:55:52 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:52 executing program 2: 04:55:52 executing program 0: 04:55:52 executing program 3: syz_read_part_table(0xe01f032b, 0x0, &(0x7f0000000200)) 04:55:52 executing program 2: 04:55:52 executing program 0: 04:55:52 executing program 2: 04:55:52 executing program 0: 04:55:52 executing program 1: 04:55:52 executing program 4: 04:55:52 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:52 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x1a0}]) 04:55:52 executing program 1: 04:55:53 executing program 2: 04:55:53 executing program 0: 04:55:53 executing program 4: 04:55:53 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:53 executing program 1: 04:55:53 executing program 2: 04:55:53 executing program 0: 04:55:53 executing program 4: 04:55:53 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:53 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x80005, 0x0) r1 = socket$unix(0x1, 0x1000000005, 0x0) bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8) listen(r1, 0x0) connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) r2 = dup2(r0, r1) sendto$inet6(r2, 0x0, 0xfffffffffffffd28, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000000), 0x2d4e6c0a512f87d, 0x0, 0x0) 04:55:53 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x1a0}]) 04:55:53 executing program 0: syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x4800) 04:55:53 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20, &(0x7f0000000340)=ANY=[]) 04:55:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c1207849bd070") r1 = socket(0x20000000000000a, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x12, &(0x7f0000dbb000), &(0x7f0000329000)=0x4) 04:55:53 executing program 5: rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:53 executing program 0: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:53 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x5, 0x7f, 0x80043ae, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x3c) r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000180)="b85181fd1abd573b428d389638595cd14a89794c42a250525600e16daf1cfb8ec6dc544ff6ab19aa9f6993d4da7fd3524d7ca61e941d0c4ab9fdb981d0861fd34b9e3511feedea6a1d3d965f25ee873ca6f1d99ba2a0d9f10578f5876bfdd8037b6a8d51545eb8a1f8e6749b0bea1d05e250bfa27c8ba63e86757c906f43419969d69cd355e704852dded1864e81b024cd32577e367b8c80ab7eade2cf2e66376b423e06e02b266a1a8237951144963e623d7871dd2b37db2a576d5cacd4a2c45835fea48bdc87cda0826d559fb7573f433a36778f9db846415087e96b6c3ca4a47036f7057471cfa92eb7c34d9e6569874872c42da6ad21c136", 0x42, 0xfffffffffffffffc) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x10000, 0x0) write$cgroup_int(r1, &(0x7f0000000280)=0x5, 0x12) connect$bt_sco(r1, &(0x7f00000000c0)={0x1f, {0x7f, 0x20, 0x1d5, 0x5, 0x6, 0x3}}, 0x8) keyctl$assume_authority(0x10, r0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x80, 0x0) 04:55:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x10008001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x276, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @perf_bp={&(0x7f0000001080)}, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2000003, 0x200) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x101200, 0x0) ioctl$SIOCRSSL2CALL(r1, 0x89e2, &(0x7f0000000180)=@null) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x8000}, 0x1c) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) dup2(0xffffffffffffffff, 0xffffffffffffffff) r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) getegid() ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) 04:55:53 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x1a0}]) 04:55:53 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x3, r0}) write$FUSE_BMAP(r0, 0x0, 0x10) ioctl$KDDELIO(r0, 0x4b35, 0x2) 04:55:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/btrfs-control\x00', 0x400, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[0x2, 0x3, 0x5, 0x101, 0x3, 0xd9, 0x80000001, 0x8000, 0x3, 0x369, 0x5, 0x3, 0x5, 0xfff, 0xc758, 0x8001], 0xf000, 0x8000}) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x800, 0x0) ioctl$SG_GET_ACCESS_COUNT(r4, 0x2289, &(0x7f0000000380)) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000140), &(0x7f0000000180)=0x4) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0xffffffffffffff33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x3, 0x0, 0x0, 0x2000, 0xff], 0x1f004}) setsockopt$inet_sctp6_SCTP_NODELAY(r4, 0x84, 0x3, &(0x7f00000001c0), 0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x6]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 205.420669] relay: one or more items not logged [item size (56) > sub-buffer size (9)] [ 205.521534] relay: one or more items not logged [item size (56) > sub-buffer size (9)] 04:55:55 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x80005, 0x0) r1 = socket$unix(0x1, 0x1000000005, 0x0) bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8) listen(r1, 0x0) connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) r2 = dup2(r0, r1) sendto$inet6(r2, 0x0, 0xfffffffffffffd28, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000000), 0x2d4e6c0a512f87d, 0x0, 0x0) 04:55:55 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x1a0}]) 04:55:55 executing program 4: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x1a0}]) 04:55:55 executing program 0: r0 = socket$inet(0x15, 0x0, 0x6) syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') recvfrom$inet(r0, 0x0, 0x0, 0x1, 0x0, 0x0) 04:55:55 executing program 2: getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r0, 0x7) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0xfffffffffffffffe, 0x84) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vsock\x00', 0x400, 0x0) ioctl$CAPI_INSTALLED(r2, 0x80024322) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x3, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0c01faff", @ANYRES16=r4, @ANYBLOB="120027bd7000fbdbdf250a0000003c000300080007004e2200000800010000000000080004000000000008000800fe0000000800080007000000080001000000000008000100000000004c00010008000b007369700008000b007369700008000b007369700008000200970000000c0006006c626c63000000000800080008000000080009001f0000000c000700040000003f0000002c000200080002004e230000080002004e200000080009000400000008000400ffffff7f08000800060000001800020014000100000000000000000000000000000000002400030008000500ac1e010108000800ff000000080003000100000008000800c30000000800060001010000"], 0x10c}, 0x1, 0x0, 0x0, 0x11}, 0x4000) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) close(r6) 04:55:55 executing program 5: rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet6_dccp_int(r2, 0x21, 0x3, &(0x7f0000000240), &(0x7f0000000280)=0x4) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x200, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000180)={{0x73, @remote, 0x4e20, 0x4, 'ovf\x00', 0x1, 0xffffffffffffff7d, 0x5a}, {@broadcast, 0x4e23, 0x2000, 0x3, 0x1, 0x6}}, 0x44) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {{}, 0x0, 0x4107, 0x0, {0x14, 0x18, {0x100, @bearer=@udp='udp:syz2\x00'}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40080) ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={0x1, @null, @bpq0='bpq0\x00', 0x1f, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xffffffff, 0x2, [@null, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="014cda09ae1a416afd23ef0f94c18e00000018902b815fda000000000000040200"/45]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000040)={0x8, 0x7fff}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 207.315533] Unknown ioctl -2147335390 [ 207.524368] Unknown ioctl -2147335390 04:55:55 executing program 0: r0 = timerfd_create(0x7, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x5}}, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20, 0xfffffffffffffffe, 0x1, {0x0, 0x6}}, 0x20) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000040)) timerfd_gettime(r0, &(0x7f0000003fe0)) 04:55:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f0000000280), 0x1, 0x0) flock(0xffffffffffffffff, 0x80000005) recvmmsg(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000004200)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x0, 0x0) getsockname$unix(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) getsockopt$inet6_dccp_buf(r1, 0x21, 0xce, &(0x7f0000000440)=""/228, &(0x7f0000000100)=0xe4) write$FUSE_ENTRY(r0, &(0x7f0000000380)={0x90, 0x0, 0x5, {0x0, 0x3, 0x5, 0x20, 0x0, 0x5b81, {0x4, 0x9, 0x0, 0x9, 0xb0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000}}}, 0x90) r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x1000000000004202, 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) semget$private(0x0, 0x3, 0x82) sendfile(r0, r2, 0x0, 0x7fffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f0000000140)=0x8800, 0x8800000) writev(0xffffffffffffffff, &(0x7f00000023c0), 0x1000000000000252) ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000000)={0x101ff, 0x0, &(0x7f0000ffc000/0x3000)=nil}) syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x0, 0x80000) 04:55:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f123c123f319bd070") r1 = socket$rxrpc(0x21, 0x2, 0x2) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000000)={0x1, @broadcast}) r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8600003}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x20005000}, 0x8800) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000100)=0x1) bind$rxrpc(r1, &(0x7f00000002c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) 04:55:55 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x1a0}]) 04:55:56 executing program 0: socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0)) getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040)) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) r2 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000040)) clock_gettime(0x0, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"]) syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}) mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000}) r4 = socket$inet6(0xa, 0x3, 0x13ab) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0xfffffffffffffefd) [ 208.024169] overlayfs: missing 'lowerdir' [ 208.076809] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size. [ 208.258000] overlayfs: missing 'lowerdir' [ 208.271470] overlayfs: failed to resolve './file1': -2 04:55:57 executing program 1: setresuid(0x0, 0xee01, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x6, 0xcd}) keyctl$clear(0x7, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) socket$can_raw(0x1d, 0x3, 0x1) 04:55:57 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x7fff) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000d0cffb)="e6558f1a", 0x4) r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000080)={0x0, 0x688, 0x0, 0x5b9c18e7}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000100)={r2, @in6={{0xa, 0x4e24, 0x80, @rand_addr="875d112fe34ac162a3df36c75df76a4d", 0x4}}}, 0x84) 04:55:57 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x1a0}]) 04:55:57 executing program 5: rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:57 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x845, 0x0) poll(&(0x7f0000000000)=[{r0, 0x2}, {r0}, {r0, 0x28}, {r0, 0x9008}, {r0}], 0x5, 0x3) 04:55:57 executing program 0: socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0)) getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040)) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) r2 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000040)) clock_gettime(0x0, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"]) syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}) mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000}) r4 = socket$inet6(0xa, 0x3, 0x13ab) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0xfffffffffffffefd) 04:55:57 executing program 2: r0 = socket$inet(0x2, 0x100000000805, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, 0x0, &(0x7f0000000080)) fsetxattr$security_smack_entry(r0, &(0x7f00000000c0)='security.SMACK64EXEC\x00', &(0x7f0000000100)='cgroup\x00', 0x7, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x4, 0x400000) ioctl$KDGKBLED(r1, 0x4b64, &(0x7f0000000040)) 04:55:57 executing program 4: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000480)='X{', 0x2, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000380)="7fd43f71da0164555cbe213ece9c83fed49e24d51bf2f636294b40863e585acac8d10a9e20b2574fd85b07dbe46d0d5edd7c5a7dd457d1008888a29b88399ae8f3105aeb7dc5571727dd18027ad3e18b391df921c211132084d8ceaa5870d73772bb3d7e95681e4cb8f9ca357def4519b2bc0552638d6a9395ab0088726cfd0bea061e3856c1f5310e4d40e6cb", 0xfffffffffffffff9, 0xfffffffffffffffd) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f00000004c0)={0x0, 0xfb, 0xd0, 0x2, 0x80, "959d050f824503fb8756a40ae15ab48e", "c17d6e9a4bd7d3b6e76601a3f276f1f66f0c90e9c873fafaeb9c9285f87b890e084c063035f0feaa911ea60c840846049c9b7f409ebf68f09964921fe645b7fb1bd3c5f8e1b88dbfb7996f3cdc33c455f43436ed0ed4ed50aefdfbdac4e3ca306a5ba439cedb2bde4a39b3b762db8a001830fa5ffddec3a28938fab36c8d950f36461dc923b3405a7b0729711321ae35f53aaf06806f6f41eddfcf023370f5f7a144f6773b98a356243492764c27e0329f8b9a821c42439bfe4e7e"}, 0xd0, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r1}, 0x0, 0x0, 0x0) 04:55:57 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='sgroup.procr\x00\xdb\xde+\xde\xab\x923\xd0\xce\xcaX\x1fT\xc6\xed\xf4\xa4\x19z\xd1i\xf5\xdb\xccM\xee\x18\rb\x17\xb8G\x936\xaaoL\x1d\x84\xb8\xb7\x1buLx\xf1\x90\n\b\xacX?\r\xba\xf2', 0x2, 0x0) r2 = socket$kcm(0x29, 0x5, 0x0) sendfile(r2, r1, 0x0, 0x63) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x10080, 0x0) syz_open_dev$midi(&(0x7f00000001c0)='/dev/midi#\x00', 0x59f, 0x80) r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20ncci\x00', 0x420200, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f00000000c0)=0xfffffffffffffeb9) prctl$PR_SVE_GET_VL(0x33, 0x17faf) read(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f0000000200)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) utime(0x0, 0x0) chdir(&(0x7f0000000280)='./file0/../file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) getrusage(0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000700)=ANY=[], 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000240)) socket$inet_smc(0x2b, 0x1, 0x0) 04:55:57 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e515320000000002008801260010000000640000000001", 0x30, 0x1a0}]) 04:55:57 executing program 4: syz_mount_image$xfs(&(0x7f0000000080)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@logbufs={'logbufs', 0x3d, 0x6}}]}) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) membarrier(0x5, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000240)={{{@in=@empty, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000340)=0xe8) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x1000, &(0x7f0000000380)={'trans=unix,', {[{@uname={'uname', 0x3d, 'xfs\x00'}}, {@version_9p2000='version=9p2000'}, {@loose='loose'}, {@access_uid={'access', 0x3d, r0}}, {@access_client='access=client'}, {@msize={'msize'}}, {@version_L='version=9p2000.L'}, {@access_client='access=client'}], [{@obj_user={'obj_user', 0x3d, '},\x9d['}}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@dont_hash='dont_hash'}, {@obj_type={'obj_type'}}, {@audit='audit'}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@uid_lt={'uid<', r1}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}]}}) 04:55:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0xfffffffffffffffd, 0x31, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x7ff, 0x10000) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000080)=0x3) r2 = socket$packet(0x11, 0x3, 0x300) accept4$nfc_llcp(r1, 0x0, &(0x7f0000000100), 0x0) setsockopt$packet_fanout(r2, 0x107, 0xe, &(0x7f0000000000), 0x4) [ 209.048728] overlayfs: missing 'lowerdir' 04:55:57 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) bind$netrom(r0, &(0x7f0000000080)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @null]}, 0x48) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000700)={'ip6tnl0\x00', @ifru_addrs=@in={0x2, 0x4e20}}) [ 209.132978] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size. 04:55:57 executing program 4: r0 = socket$inet6(0xa, 0x80001, 0x0) r1 = socket$inet6(0xa, 0x6, 0x7fffffff) dup2(r0, r1) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000440)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}]}, 0x190) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000a83000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) 04:55:57 executing program 2: r0 = syz_open_dev$sndmidi(&(0x7f0000000100)='/dev/snd/midiC#D#\x00', 0x7, 0x4000) ioctl(r0, 0xffffffff00000000, &(0x7f0000000140)="0adc1f123c123f319bd070") r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000180)) sendfile(r1, r1, 0x0, 0x401) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=0x0, &(0x7f0000000080)=0x4) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000001280)=r2, 0xffffffffffffff2f) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r2, 0x9}, 0x8) unshare(0x20000000) kexec_load(0x3, 0x2, &(0x7f0000001240)=[{&(0x7f00000001c0)="ab16d04a1193815da198c92fa0464f26f98bdd1328d09984982c2c8d0a66c1cc3b11d342f3f4798622e7335e88fbb8b266fe7eead0305cb245a287c94714bde8ab673c14b2", 0x45, 0xfff}, {&(0x7f0000000240)="e25a9e80ce481f29017a5883bc22d7e364bee54d2359890f5be69f75c3d1ac158c259a19d05a6f3c83b605670a0ec87265c3bb1ef62eb51e11173e424578659aefdd0c8c62c8a268862ab8a2ea533960e2cb641a641ef46c82347dcbe4d9f1fd65d7a5caf0f47631a4ca1b6e73808ea087f50cad4e58c92dca69ecd8d2fc97d77cf7292753a65e765ec325e256c939eebe9023a873e2054668c9439385ba63e18c38a415987c7e15117e90ffe1216f090ec4f980885c2e216e1b64f01d1b413c5a0ccd034fcc23e863b5e4b528aa5ed5ddc5fef8bd4c5b0a805681cb35836118b73d837b6d06542a36849434bb0113582b5c10dfa6d40666a4416e1569611faf13fa742677e6714e02d725328f55285a84c02bce05ab11e048f6e37ce8f226ca10f536a7a77694c4828f29abd3438e9162471336b23774348e552660910974f089013b02b3f87c20b1721833ec0d4c16c93bbe2a2dc1d06f8deb7e2c8e9bb7c70b49f6c519a33f1edada495deb0216c8cd3eaf54c7489b686daa48347bc98b52bc780235f055a01958a0a21b55523f3aafd1a9cd2f761954e2464df71d619759706e5834d09cdbcf8adfe5f932a10763a6d523c82bc4f96a077858b012c4840cab12dc55e1aa6de099f988129a188e3a25aca558d4d483d3ef320fce6759bfcb951b060144c7c0e797b443c4c5f0f3eea84bcbfb6505a226f550700abfb2c7866ad11380ebc3a6f4e5d57d2d5a1477eff9248ef583197f3a7ea31e745889e0066dad91c5529dd83d6d535da4492403fa0d04eab02dca5dc7220a8ae15d39410c7c337870e9f7dafcfdd66ae4493d70b0043c59155014a66a21a85b545069cf2e7168bc8c734cead1e9e56e3a4f667f1b86f096191ea3b39b04794f0d2e9718a2ed67587fae36841f1e73115342443cf0157896f964a673b13196e2e794bbec2f18bc5e0b96d1dfa07e9be8374b56c17924d588bd52c5095e0407aac9d2239e6c3b4c9f13bda1f69d3523e6cc31a0650c02b7bf2baeaad8384986d25a0f31ef0b324fd4f8fe324be19715156698a0477d5bb9c479e4490d29b1db48c97e28d180274d616378e41ab3a5854f512b2fbcd64b64519cdc19e515104ac69b499c51d1fcc728ddc1a701e2f06258471eb65fbecb6ba54e11ada85894ef1e9228aa3cbb38907f58b682f4944cb73f46e371916d688c131e44f05e7e3d6becd34668ec83ab7862d1fcc163a84246daebaa79c353ee9d36c138842c33c7cc61572d76318f11bd973e8fb367352a2e252250bc297bea019e0ab7236a137445d3a35cb634c6f2517a49f1e0c7252449c9cef4e0d1b66ad7e78bcc66416d8bfcc877d3021eccc21b9aa26192e3e3384d6495cce9ec6cabeaa0665c580a63487e576196bcf3218405edb0804ec430d8eba227ac4f6c9fdddb1d036f17872e27e40c32c72ffab7ecb4ed9416bf19970896d57a6a868b77554a158d28724e222bfd356216b03c67e827ba33464af97f0f985d60b3d8d7777ea11ffcb2447af1150030bfa0de81f4dad26de916d2953f0dd8b3e3821c99e506038ce55d58a8eae5bcc2fef8abf7fc3f7c0dfee2ebe54354bb9847e7be58e6a8396de6ea7bfce14b60ba33748a7f30008062885f10c29a872570aa7b31703e94fb6ec509ed7a8a40b50f835c92c9a5ae62728702921f67eade2a1ce0cc6638024c67cb5e974ae8ce809e1937c30f431e26635ad7b7382a53fa3717dd521da5bd5934b845142ee75d885a932de48bdad4036a4f9de17829d65ad199a5d2ac089a1afe5156f4fff5c6bad236e2997e845b3be7b4d54eb805ca0f1c578989a81f8c747140591f1d1d9fb360a89e09f2c7c3f55ed22f1f10844511c966037bbc3f1fa75368de1e824305e1f36c91a2e309c653991e2ffe2511062b66c860e75bddad9e4b513323fb461b55a1320c539dc032686704c9780c4d6f350eed2eb48142609018e918c701f58e1a56e2e3399054aed1172f8eeb5eec43a4a8d9e9d4494a9ca6ce74360769568aa5b79855b8eca8cf13542447fd81c7427ffbf3f4eeff3231c180b67860115dd3d6b17085cd5011b0651d648cc1408c2ea86b4892fa17fee055e89cdf04eb00f6b551648d0ee22f625598c46bad4a591583aaab4f565f75db720e217308f4ed6eaafe2d4fd9989f5a1564f0311d1a233f8f89c716b44fe85b42c7b41b16bb43029287ef5aa8566b3a2717d3d33c02566b03492c918a769eb1645cba2b398258029c736022f69d41440c57d4b6a34f5a2ea709a0bbfe41c0e4e4570836b62c4df6135e2ef85a9f47929b3261114cbb04ddf0d00cb998caf20b48f58f77189a384ba597249d6a1c696a1bc45f331246108deb7a09babbb00ff5cdcdca7408dc74ec746348b76bc9231d0a8fe546cc47762e3e8939b5ee9df2ac5cf9b17defe76784047ef49eecea3eae3fc063a15da465186c1d992fddb4f94b1e4c07df89a28cede9dbe0d3122b187e42de48aca29f7225675fcc95fe4d762bd01aa1b1e6388a0f2507073d18fb0ed74dfa10b39370dfcb98c6dffab6119aebc1e0c3887c06e8a3dea9c08a25f76e0fbf9d9f6b53410f3d39aa6441784d13c56fdf5ce7012460dec59676101c644aa21bb4f99ba36259b3d4361832cfff375c435eaec9b699151401deeb3939829dfccb982c57eebcf65d126ae7b7a07a2cbc04db8b812f6a5ab83d986f16ac5f8ee8691b24ae879cdf4a150b9b9f5aa93b11be83a37eb6554cf180570cab9ec477628fecfdc89a1ae39f533cc330124977c1685cc308421362ccd071958d52afd05b1361c2298a3d579c92f1aca91f2f4bcfc729d82ba352327f6e4e01d2bf3162ca624ddaf33d75e53095c2c5b41d5dc8be4cb7145015f82a18dc00b58482a71d8a7ff5619f33ad7a0a0a19fcf53c4a2dd058047371c4f043b57d094bac4bc8c10009256d84c80934900f273cbba123d7c4f85b7ca4575337c48e9e387323a7b0685d334a0a325a3ae38970e6cc709240bdb03d28019091d003b10285f1ca6f594cc13390cce3d9d8a59dc8f4a08922dee0c37fb3431331be89e401c58f0d0cb553d3d7afc78386d55e016929f98c4a11f34423465d31df9f7cbd752e913c9bee4769923a46cd1084f4fa21130aed5fa95bb99822b4f5e710f6fd82351ecf5adb12f3ca6d0fc447f0539cdd2a2e5845ba1850a2d8dbc4c289fc34b68f16c589996693265dea72b3e01efa7809bd82ce2730982cc1e2d0b2625993de79317e407ad24e31fde1978c2768a116b5a32274547a83317351879b327f88ffb7e8df7bf96c90bca6d0162a09afd3173829614413df4c1005f62655f61e6ceffa4ee7b9a11aa240081e43c9799f245b3437c19ad28083fee53042bd695feb90aefec87f6a8eb8c1f1bc716f5c69ca90fc3c02655a1b2c84bc0cd2cb7db74e5e531a97f7329e7d62eb0685226ff83348433ddd21d1243230bfb0ebe4649bf4777a465ed7ec2ca83dbfeabf8b9374b2d5a8fe9173f831a6175bf0dfe32586d2e65a4d8d8a5b75f3e6f01070ec442361e539d598fc16dfee7e4b9d7a1fff2eeb0bf4d68de62d233374515f77a40c9e08cf55e9c0009a57ea36a51340bfa461760624a782fa30b71c95f55bfdb451b696570e8c7bf502e22e113a40f4fa58f8d936a30753f3d067db465afd8fde37c57134a8d7172b4ac09669e7492249a978fed5eaf75bc30f762d2604436b0c868ce032a417abb078eed2b7901e176de1559fd9e0b6dede245276e49d19debdc77479e786eb49f64fc3932b32b5acb525da73163d4804c46663419a088515075c8cde8b1af53d6fbc2afafa06435abde6fd976bbc67e48d892e577d3af10b25c8ee0cda44ebd99f949d6ad13f507b908e447638c6736debbfb96536e33ecab888c24ec786e36f6c6b1ff5a72a04422f752824267547e14d4feab79d46cf244f7d0098150581219eda71477ad2833f1720ca1437619285ae4803e9247d7223c4b39f82891111062b55e9503e49ea420daa4e38cb76dde65607f5ad9c21ff87e54df5d50364fb4c0d0b200ab4211fc018db6c7b004b6d60b191dee6f3535afc0367a3f008926dc682f3a7a2ee09d5f5ce66196a5a6322582582c620cf9828aa3fd6836c547d022b3358a783e93625b4113c507430d065664263df7f39fb48dfb565f8f1ac3f9e8d18a4b27447902fda0c25c97cd9d902afdf8a5e6b03194a0dd35c0b59cba37d01b70e0d2d3cae7cae7585b37fbad90d6a442e4c5e5b8db1bfd8fa59d57374c9d8c806ec3d2142b60a476fd621a2e11edba20be881e0aeaf26b127a97168635268b372821a764d32b388eb7277135c64580ecb83af0765920ed38bd29fbc35f3057ddfee1b45155d55484a8686dcd69f9c62a049d0404fbad687310c3471a10ed9fd36f574f83a9b1e86133901cadaf2e27a303f955b1399c3ccb7e33bd1ea0b6efb087b148b069419a165ddaa14b01467f63a0f3d984a06894784fd7179e6de175a08b1d75b108d220337afba105cd0f5fb9a34eedee6c503ebd6ae841c08e791b003f94867831e91892e64cedca49a619c8ed1d8798afc3b609906fb20f185b227ce5c16fc2130b8ef29fbe43981825b250a84f1cb558c3976eafe9a05a52303b907c17791113a66e5b36e6f12bb798e3f2b488746a658be67d34d623c971f8e97cc05e38824086c0dafbf152ed048dff1e2c9ff546759577c77f74cbcfe3604edab3554ee57e0239d17010a662fa3dec5364424ff84df15de0b994d0dc0460c078196f0fa4591ea4cb05532a9b8835c29e7ed93bbc85eeb9b87ac4e064bfb91bdeb78ba68df53b1e397cb1b9d636fbab6fff2a092fe2959cd41e766bc26b740bce08a4d87828d143495bcc9e756cc351f50b54ef85a977270f80db21f0ba9dd011ca4e810fda6dede5752afd08a6999228eeaec9cc18021f82c1e6c60496a1d554331c0e24e80caa27a03605f4349ab35edee2caf24cb708e729650613badb5b4cd8d6d28f00a9e76c65e2f6a6b0b66679986fa73d9f1efcbdea41aaeb0489132f1a08f17758164e3304f263b3e47fe18f63808fcd331dcc819088ab8abd2ffedfe0f06add116cfdd2ff6b226c9697a32390a90e29f17b91ef6ec757f2f086be5b2746667b58f2685b52d3c2f2b9ce817f003779ea96c4211f522be96fb2037cfab0163e1ed7ce7d60dffbfab6ba4095c409a7f1ffaee263cb63688519169ec99a51a38b5ef5472a354c7c43d5bc219e105b0cb9c4159144540ca2e6af630c96c15c5ae8893781e85a9f9d78c11ee230e41b100fca9c07396c2932399dbf864a29ea375f230db2186d6d7331c75b061576480c90ae9d7c74f9fec7c463d5ba4b3e6c5493c3c47cfa73d2ca6ad3231a84fe8bb6c53edf4f574254b7b3752fcbc6961e2ee7e916b7a1e2fac80be4812e41f04ca191913b1e1fdea2c7017c1f06ecc750c342a2d8b2006c4fd410c3a07f70a71f0db5c3a0b8db9dbcafb574acd2381f3b19ba21c05fc6c8c66ff30f8be47972d39ba0dbf73f6fad21769d44eba33b51dd48c9ba7167af1d10a508fdedb121998ab56cb3a44f85fcd5abbbee16f91b4929589d7001e8c3e3ec19cb7f46f2f22deca1abc9405327d3da2d4858367ca9b77f6aa112e2ba5c49b7373e7ee535ab059a88077e77f14a532f8002388a3ab0e86fb1adf505aa40a61dd31870895af64943f35741c89a9636e3d9359d4b66c42e2b2074c98fd0c5d0b68d3d313737bf46934bea4d3aeb7c7b5f04bb1560f33c4f3d0cb69faccd34dc6d41b05a0eb1f4a53", 0x1000, 0x80000000, 0x2}], 0x140000) 04:55:57 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:57 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/version\x00Z\xa2\xac\x00\x00\xb8\xb5\xa2\x8a)\xae\xcb\xf8C8ZQ%\x03\x98\xce\x12\xd9\x84\xf5*\x14\x9e\xaf\x98f\xf3\xc38(\xfes\xd4\xf3\x19R\x8b\xbd\x89\xfc\xef\xb6%\xad\xacF\xdfu\"\xeb\xb2<\x98\xadi\xbd\xc8%\t\xdfoCy\x17\x02\x00\x00\x00\xca\x02\x98\x89\x05\xb6r\xc3\xa2\r\x10\xf8\x90\xb9\xf5w$4\v8N\xcaa6\xea\xe4\xfdJ\x01^\a0v\xb8\xf1\xcd\xe4^\xea\x0f\x0f\f<\xa6N\xbd\xd0\xce\xfc\r\x9e\x8e\xa9\x1d\v\xbb\xa5\x00'/160, 0x2, 0x0) write$FUSE_STATFS(r0, &(0x7f0000000000)={0x60, 0xfffffffffffffff5, 0x7, {{0x4, 0x401, 0x0, 0x1, 0x8, 0x4f, 0x9, 0x8}}}, 0x60) pread64(r0, 0x0, 0x0, 0x800003) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000180)="c06632eedd773bc12ee21acafcddb24d7913d6b1462553ca97540dcae42bbdd0052594da471a759504ac14d8a977ad7d1cc4a924e2ca1a98608b603bc6830f7f5f021b378222a7e6d1e6fbaaecf1c04541f83afc74bc8f3227a170a7b0c9aa2146ce16fd6dc956fd0a99c6418101fff9439dd344663c9925c467464cc8c8e37544df4f52956e16067c3751d2c392e4d468093bb3316e91eaf47fd1c8638d8f1bb7a1933827fd7164179061fff6eafeccf770bbd9ffb075f039c1d668343ef4b163bfa589f0036b11c41c708fc1509412e5f46075b5bc2c3859dfc2e3832f32949fbed2d06430e197ca90e50b977de50028f4d33c03509b35a6ca1b1d53ca", &(0x7f0000000280)=""/108}, 0x18) 04:55:57 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x1ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@rand_addr="623ad882c0d98a0d7ed2fa6843dd3c22", 0x0, 0x0, 0x0, 0x4}, 0x20) ptrace$setopts(0x4206, r2, 0x0, 0x0) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) tkill(r2, 0x1) 04:55:57 executing program 0: socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0)) getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040)) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) r2 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000040)) clock_gettime(0x0, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"]) syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}) mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000}) r4 = socket$inet6(0xa, 0x3, 0x13ab) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0xfffffffffffffefd) 04:55:57 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e515320000000002008801260010000000640000000001", 0x30, 0x1a0}]) 04:55:57 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0xc, &(0x7f0000bfcffc), &(0x7f0000000240)=0xffffffffffffff3a) 04:55:58 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) poll(&(0x7f0000002880)=[{r0}], 0x200000000000002b, 0xc4) r1 = socket$packet(0x11, 0x2, 0x300) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r2 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x5, 0x2000301000) openat$cgroup_procs(r2, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) socketpair(0x15, 0x80007, 0x9, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, &(0x7f0000000080)=0x28787e4f, 0x4) 04:55:58 executing program 4: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000040)="240000001a0025f0001b000400edfc0e1c0b0020e80000001009ffeb0800010000000100", 0x24) r1 = syz_genetlink_get_family_id$ipvs(0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x1, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000180)={{0x0, 0x1000, 0x0, 0x0, 0x40, 0x7, 0x2, 0x4, 0x20, 0xfdc, 0x6, 0x6}, {0x2, 0x100000, 0xd, 0x36, 0x1, 0x0, 0xffffffff, 0x8, 0x6, 0x8, 0x0, 0xa2b}, {0x0, 0x10d004, 0x0, 0x8, 0xe8f5, 0x700000000000, 0x7, 0xc967, 0x7b5e, 0x92f8, 0x1, 0x2}, {0x6006, 0x103001, 0x4, 0xbc3, 0x6, 0x5, 0x7, 0x5, 0x4, 0x5, 0x401, 0x4}, {0x10d000, 0x5004, 0x1f, 0x6, 0x9, 0x4, 0x200, 0x7fffffff, 0x5, 0x30000000, 0xc4, 0x6}, {0x10f000, 0x6000, 0xf, 0x1, 0x0, 0x141bfcb5, 0x1, 0x80000000, 0x1, 0xff, 0x9, 0x803}, {0xf000, 0x7002, 0x8, 0x8f20, 0x800, 0x200, 0x80, 0x0, 0x1e, 0x0, 0x8, 0x80}, {0x7000, 0x1, 0xf, 0x6, 0x4, 0x4, 0x4, 0x673, 0x0, 0x49, 0x5, 0xf2}, {0x6000, 0x1000}, {0x10000, 0x10000}, 0x20000000, 0x0, 0xf005, 0x200000, 0x6, 0x1900, 0x0, [0x9, 0x7, 0x0, 0xffffffff]}) sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r1, 0x303, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffffffd}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3f}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x8000) [ 209.711621] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 209.731247] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable 04:55:58 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e515320000000002008801260010000000640000000001", 0x30, 0x1a0}]) 04:55:58 executing program 4: unshare(0x24020400) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f00000000c0)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000100)={0x0, r1}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f0000000040)={0x8001}, 0x4) statx(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x800, &(0x7f0000000180)) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, r3) [ 209.845411] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8302 comm=syz-executor.4 04:55:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") clone(0x3102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x8) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) connect$packet(r2, &(0x7f00000001c0)={0x11, 0xf7, r3, 0x1, 0x3f, 0x6, @dev={[], 0x19}}, 0x14) tkill(r1, 0x2a) ptrace$poke(0x4, r1, &(0x7f0000000200), 0x0) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$cont(0x20, r1, 0x1, 0x6) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x1, 0x3, 0x65}) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/btrfs-control\x00', 0x20000000000004fe, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 04:55:58 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900", 0x48, 0x1a0}]) [ 210.002962] overlayfs: missing 'lowerdir' [ 210.015684] overlayfs: failed to resolve './file1': -2 [ 210.169220] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size. 04:55:58 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:55:58 executing program 4: r0 = memfd_create(&(0x7f000088f000)='b\n\x00', 0x4) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x9c, r1, 0xd00, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x32}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2a}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x4}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4040}, 0x4000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x5011, r0, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x4, 0x81) getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) ftruncate(r0, 0x0) [ 210.592615] audit: type=1400 audit(1556168158.896:54): avc: denied { map } for pid=8332 comm="syz-executor.4" path=2F6D656D66643A620A202864656C6574656429 dev="hugetlbfs" ino=30179 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 04:56:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}, @icmp=@address_reply}}}}, 0x0) r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x4, 0x503080) ioctl$TIOCSCTTY(r2, 0x540e, 0x7ff) recvmmsg(r1, &(0x7f0000005e40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffc1}}], 0x1, 0x0, 0x0) ioctl$SIOCGSTAMPNS(r1, 0x8906, 0x0) 04:56:01 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900", 0x48, 0x1a0}]) 04:56:01 executing program 0: socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0)) getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040)) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) r2 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000040)) clock_gettime(0x0, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"]) syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}) mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000}) r4 = socket$inet6(0xa, 0x3, 0x13ab) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0xfffffffffffffefd) 04:56:01 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x80002, 0x0) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000200)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@mcast2}}, &(0x7f0000000100)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000000400)=0xe8) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000540)={{{@in=@dev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@dev}}, &(0x7f0000000640)=0xe8) getgroups(0x1, &(0x7f0000000680)=[0xee01]) setxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f00000006c0)={{}, {0x1, 0x5}, [{0x2, 0x0, r2}, {0x2, 0x2, r3}, {0x2, 0x3, r4}, {0x2, 0x3, r5}], {0x4, 0x4}, [{0x8, 0x3, r6}], {0x10, 0x1}, {0x20, 0x3}}, 0x4c, 0x2) sendmmsg(r0, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x50, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0) 04:56:01 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:56:01 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900", 0x48, 0x1a0}]) 04:56:01 executing program 2: clone(0x2103001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7fff, 0x80) ioctl$CAPI_SET_FLAGS(r0, 0x80044324, &(0x7f0000000040)=0x1) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781500000000f6000008000000070000006043110000000090bd60000e9d597a000000000700000000385a58e40200"], 0x3e) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x9, 0x8, &(0x7f0000000080)=0x8}) [ 212.863485] overlayfs: missing 'lowerdir' [ 212.873756] overlayfs: failed to resolve './file1': -2 [ 212.886818] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size. 04:56:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000240)) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000180)={[{0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) [ 212.911914] SELinux: failed to load policy 04:56:01 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000000c0)={0x0, 0x0, 0x103, 0xffffffffffffffff, {0x3, 0x3, 0x7e, 0x5}}) readv(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1) fcntl$setstatus(r0, 0x4, 0x4400) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@hopopts={0x3f, 0x0, [], [@pad1]}, 0x10) pwritev(r0, &(0x7f0000000280), 0x300, 0x0) 04:56:01 executing program 4: bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x100, 0x0) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000340)=0x1, &(0x7f0000000380)=0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000400)={0x1, 0x0, @ioapic={0xf004, 0x0, 0x9, 0x101, 0x0, [{0xfffffffffffffc00, 0x6, 0x5, [], 0x10001}, {0x0, 0x1ff, 0x8, [], 0x5}, {0x0, 0x4, 0xfffffffffffff2e3, [], 0x80}, {0x5, 0x2, 0x5, [], 0x8000}, {0x4, 0x81, 0x4, [], 0x7}, {0xffffffff, 0x548cb9fc, 0x7fff, [], 0x45}, {0x1, 0x0, 0x1, [], 0x3309a8f3}, {0x6, 0x6, 0x9, [], 0xffff}, {0x0, 0xfffffffffffffffb, 0x7, [], 0x8000}, {0xfffffffffffffff7, 0x9, 0xffffffffffff8000, [], 0x1f}, {0x20, 0x8001, 0x101, [], 0x7}, {0x0, 0x4, 0x0, [], 0x8}, {0x9, 0x0, 0x8, [], 0x3}, {0x6, 0x7f, 0x183, [], 0x7}, {0x1, 0x6, 0x100, [], 0x9}, {0xfffffffffffffffe, 0x62, 0x1}, {0xfff, 0x1, 0x8, [], 0x8001}, {0x1, 0x1, 0x5, [], 0x100}, {0x1, 0x0, 0x1, [], 0x477}, {0x3, 0x9ab5, 0x3, [], 0x10000}, {0x400, 0x81, 0x1, [], 0x7ff}, {0xffffffffffffffe1, 0x20, 0x0, [], 0x6}, {0xf56f, 0x0, 0x3f, [], 0x8}, {0x2b, 0x3}]}}) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2000000000002) r1 = syz_open_procfs(0x0, &(0x7f0000000540)='mountinfo\x00') openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x0, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0e85667, &(0x7f0000000200)={0xc0000000, 0x1, "aabeeef54b1e39d23cb25fa987119dba58afd924881e6b3f70438b24f1865bee", 0x8, 0x0, 0x2d, 0x7fffffff, 0x5, 0x100000000, 0x0, 0x80, [0xeaa2, 0x0, 0x955, 0x5]}) ioctl$KVM_SET_FPU(r1, 0x41a0ae8d, &(0x7f0000000040)={[], 0x2, 0xd1, 0x100000000, 0x0, 0x1, 0x3000, 0x10000, [], 0x5d}) 04:56:01 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x8000, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x50000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'eql\x00', 0x2}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x48002, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f00000000c0)={0x0, 0xb2dc, 0x0, 0x1}) ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000080)=0x9) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x8923, &(0x7f0000000180)={'eql\x00', @ifru_flags=0x3301}) [ 213.036214] mmap: syz-executor.4 (8383) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. 04:56:01 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900000064000000000432004220", 0x54, 0x1a0}]) 04:56:01 executing program 0: socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0)) getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040)) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) r2 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000040)) clock_gettime(0x0, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"]) syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}) mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000}) socket$inet6(0xa, 0x3, 0x13ab) 04:56:01 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000000c0)={0x0, 0x0, 0x103, 0xffffffffffffffff, {0x3, 0x3, 0x7e, 0x5}}) readv(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1) fcntl$setstatus(r0, 0x4, 0x4400) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@hopopts={0x3f, 0x0, [], [@pad1]}, 0x10) pwritev(r0, &(0x7f0000000280), 0x300, 0x0) [ 213.169935] : renamed from eql 04:56:01 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900000064000000000432004220", 0x54, 0x1a0}]) 04:56:01 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000000c0)={0x0, 0x0, 0x103, 0xffffffffffffffff, {0x3, 0x3, 0x7e, 0x5}}) readv(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1) fcntl$setstatus(r0, 0x4, 0x4400) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@hopopts={0x3f, 0x0, [], [@pad1]}, 0x10) pwritev(r0, &(0x7f0000000280), 0x300, 0x0) 04:56:01 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:56:01 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r0 = gettid() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000040)=r0) r2 = socket$inet(0x10, 0x2000000000000003, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="2e0000009d76ffe2000000249da07352cbae1a0000000000", @ANYRES32=0x0, @ANYRES16=r2], 0x1e) r3 = syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0x5, 0x40000) getsockopt$SO_COOKIE(r3, 0x1, 0x39, &(0x7f0000000300), &(0x7f0000000340)=0x8) write$P9_RUNLINKAT(r3, &(0x7f0000000240)={0x7, 0x4d, 0x1}, 0x7) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x80000, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000003c0)={0x3, [0x20, 0x5, 0x9]}, &(0x7f0000000400)=0xa) setsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f00000002c0)=0xa, 0x4) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000140)=0x2) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00\x00\x00\x00\x00r\xed\x02\x00', @ifru_flags=0x2}) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) write$P9_RLOCK(r5, &(0x7f00000000c0)={0x8, 0x35, 0x2, 0x1}, 0x8) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000001c0)={'batadv0\x00', {0x2, 0x4e20, @multicast1}}) syz_open_dev$sndseq(&(0x7f0000000380)='/dev/snd/seq\x00', 0x0, 0x200000) 04:56:01 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c900000064000000000432004220", 0x54, 0x1a0}]) 04:56:01 executing program 1: mknod$loop(&(0x7f0000001440)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d764161ee6b626e0adc3dcb1c7c5ed0836e8fad4bcbee9c107719f7653ade2e71fd436686a5ddc955821773a0bcf6e259d50d9f78864da5c51f68b9858a06a50779bad0d9", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r1 = open$dir(&(0x7f0000000040)='.\x00', 0x0, 0x0) name_to_handle_at(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)={0xfffffffffffffde8}, 0x0, 0x1000) 04:56:01 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:56:01 executing program 4: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e10f2287620300f32303030303f303537000000000000000000"], 0x1, 0x0) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe) keyctl$update(0x2, r0, 0x0, 0x0) 04:56:01 executing program 1: mkdir(&(0x7f000002b000)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x80000) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000100)=0x0) mq_notify(r1, &(0x7f0000000140)={0x0, 0x9, 0x1, @tid=r2}) syslog(0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000700)='./file0\x00', 0x0, 0x20000, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendfile(r0, r3, 0x0, 0x800000080000002) 04:56:01 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x9cca, 0x80) r0 = syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0xff, 0x10000) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4$rose(r0, &(0x7f00000001c0)=@short={0xb, @dev, @remote, 0x1, @null}, &(0x7f0000000200)=0x1c, 0x80000) clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = socket$inet(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) write$rfkill(r2, &(0x7f0000000100)={0x3, 0x1, 0x2, 0x1}, 0x8) syz_open_dev$radio(&(0x7f0000000340)='/dev/radio#\x00', 0x0, 0x2) [ 213.610668] overlayfs: missing 'lowerdir' [ 213.629135] overlayfs: failed to resolve './file1': -2 [ 213.700633] encrypted_key: master key parameter '020000?057' is invalid [ 213.738371] audit: type=1400 audit(1556168162.036:55): avc: denied { sys_admin } for pid=8442 comm="syz-executor.2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 213.775291] encrypted_key: master key parameter '020000?057' is invalid [ 213.788532] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size. 04:56:02 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000", 0x5a, 0x1a0}]) 04:56:02 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:56:02 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x98) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000240)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x4e20, 0x0, @local}}}, 0x38) 04:56:02 executing program 4: syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000080)=[{&(0x7f00000002c0)="cefaad1bb83c000000dc35c961021610a93fceb8d3f4900b073fb6564411efb238d333bc888706e315e2d44307c5c80d32f0240f0c82398c6702caa430234a223424eab01b4f537ff1889c69ae8b39631e88a829126fccd36237866f77c52cd3a9d39c58e7d8135c0f4f5f2bafb88baf95d7f64a31169a70df37fd36c5f06d2aeac897874ca3104b46fd91d23e0cb91fb4b46b9bc0e91fb85d42e3f33b7209761be9e2b3f43d5132cd92cc6880aee3329e0b442b03637bc4a6ffd61a55745b06978c28eed9f22d64034dd0dfb2fa02d3f7030b2b0904cd7cf0f3dbf4b73fb92900535bf0b82f1c9384554fcdf3bd63d0683da7cfbad67ada52c90a29abc6a326f9a894c9ce558ab251abb0293bb082a2ca813e00560ef321072272b7084906bdd36e404898da9ee1487e77b901f558ea12897ebf4dd078594251f78e7445ba9e4b2fd7e56d1e1bfa025b5aaf661fc358c1af964335681167f0ff6dc915f07ca47d61aeb8108f7a12c3900442834fc409e0f9fec162693b9bee5fb6974dc69146e97e39f413b45a71e761aa45240be5efea756e0b09137f652f8409b2c8cf393a0e8dd0c7f7c74c1fcf3a75a0d875d8a2ca72e0ad52d55d8fa56a144aa9c21515a4fbfdc9561d8d162762bb83dd7d36fc7b4a1290bd0a64317b9de3597496ef4cbd8339b02f3ef8953592ef281ba853abbb094b919d9d6c585a0bc57e3d4e4d09ebd2ec5bcf6c752ecc", 0x209}], 0x0, 0x24) r0 = open(&(0x7f0000000000)='./file0\x00', 0x400, 0x4) ioctl$NBD_DO_IT(r0, 0xab03) 04:56:02 executing program 0: socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0)) getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040)) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) r2 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000040)) clock_gettime(0x0, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"]) syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}) mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000}) socket$inet6(0xa, 0x3, 0x13ab) 04:56:02 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x9cca, 0x80) r0 = syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0xff, 0x10000) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002300)}, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4$rose(r0, &(0x7f00000001c0)=@short={0xb, @dev, @remote, 0x1, @null}, &(0x7f0000000200)=0x1c, 0x80000) clone(0x3000000b8160102, 0x0, 0x0, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/248) r1 = socket$inet(0x10, 0x3, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', @ifru_flags}) write$rfkill(r2, &(0x7f0000000100)={0x3, 0x1, 0x2, 0x1}, 0x8) syz_open_dev$radio(&(0x7f0000000340)='/dev/radio#\x00', 0x0, 0x2) 04:56:02 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) [ 213.981910] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 213.999753] BFS-fs: bfs_fill_super(): Last block not available: 6593261 04:56:02 executing program 2: socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0)) getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040)) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) r2 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000040)) clock_gettime(0x0, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"]) syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}) mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000}) socket$inet6(0xa, 0x3, 0x13ab) 04:56:02 executing program 3: syz_read_part_table(0xe01f032b, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="009000f80704000000004c00000000000000000000000000e0e51532000000000200880126001000000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000", 0x5a, 0x1a0}]) 04:56:02 executing program 4: socketpair$unix(0x1, 0xfffffffffffffffb, 0x0, &(0x7f00000000c0)) getresgid(&(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x7ff, 0x10040) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000b00)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f0000000040)) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) r2 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x401, &(0x7f0000001400)=""/4096) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000040)) clock_gettime(0x0, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) syz_mount_image$btrfs(0x0, &(0x7f00000002c0)='./file1/file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="eaa22aa0e8a7134d36131999bacfecc0e2e6e6e8d1a9debc82ab5e54b3a5fcdb336a5fdd42447b33467e8a82b05edcc15e3365886ec69602ef68cfb9f6186f26337a8b481e37d955b96aa84fb80157a2da40a50ce965a77cf32b6d041db3f83835f723878578ef71cee4671987bc5e5c7f2ee03dbfacd780ea34082cc07e2ca1fffc254679bd05472ad6db8b2c564f0838468ca287da64bb48120671958f6995b15f21ce90a2e69b0b26ea5c5efbe49b8e0361ffc66717ac5d47160ccc9b2bec48"]) syz_mount_image$ntfs(&(0x7f00000003c0)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000200)={@bcast, @default, @null, 0x7, 0x8ab, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]}) mount$overlay(0x400006, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x74000000, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf9fdffff00000000}) socket$inet6(0xa, 0x3, 0x13ab) 04:56:02 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:56:02 executing program 1: r0 = socket$inet6(0xa, 0x10400000000001, 0xffffffffffffffff) close(r0) r1 = socket$netlink(0x10, 0x3, 0x400000000000a) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$setstatus(r1, 0x4, 0x2000) ftruncate(r2, 0x200004) sendfile(r0, r2, 0x0, 0x80003f000002) 04:56:02 executing program 5: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x4000000000000016, &(0x7f00000004c0)) ptrace(0x4206, r0) rt_tgsigqueueinfo(r0, r0, 0x12, &(0x7f0000001180)={0x0, 0x0, 0xffffbfffffffc58a}) wait4(0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x6100000a, 0x0) 04:56:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$swradio(&(0x7f0000000180)='/dev/swradio#\x00', 0x0, 0x2) ioctl$KDSKBLED(r1, 0x4b65, 0x2) r2 = getpgid(0x0) perf_event_open(&(0x7f0000000300)={0x7, 0x70, 0x100000001, 0x6, 0xe37, 0x3, 0x0, 0x3, 0x4, 0xc, 0x9000000000, 0xffffffff, 0x7, 0x5, 0x5, 0xfffffffffffffff8, 0x5, 0x1, 0x200, 0x4, 0x0, 0x401, 0xd335, 0x9, 0x0, 0x10000, 0x2f, 0x9f, 0x1, 0xda05, 0x386b, 0x9, 0x2, 0x2, 0xfc, 0x3, 0x80, 0x2ce, 0x0, 0x8001, 0x4, @perf_config_ext={0x7, 0xffffffffffffff7f}, 0x1000, 0x8, 0x6, 0x5, 0x6, 0x6, 0x1f}, r2, 0x6, r1, 0x2) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000240)={0x0, 0x10}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r3, 0x0, 0x30}, 0xc) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x0, 0x0) connect$unix(r4, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e23}, 0x6e) mkdir(&(0x7f00000012c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffdfffff, @perf_config_ext={0xffffffffffffffff}, 0xa00000000, 0x0, 0x40000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSISO7816(r4, 0xc0285443, &(0x7f00000001c0)={0x4, 0x4, 0x800, 0x800, 0x4}) ioctl$SIOCAX25NOUID(r1, 0x89e3, &(0x7f0000000200)=0x1) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) [ 214.256298] overlayfs: missing 'lowerdir' [ 214.275011] audit: type=1400 audit(1556168162.576:56): avc: denied { create } for pid=8504 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [ 214.291397] overlayfs: failed to resolve './file1': -2 [ 214.339113] overlayfs: missing 'lowerdir' [ 214.347095] overlayfs: failed to resolve './file1': -2 04:56:02 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, 0x0) open(0x0, 0x400, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) mkdir(&(0x7f0000001c40)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) unshare(0x34040006) ftruncate(r1, 0x39) dup2(r0, r1) msgget(0xffffffffffffffff, 0x0) [ 214.425473] overlayfs: missing 'lowerdir' [ 214.436653] overlayfs: failed to resolve './file1': -2 [ 427.991325] INFO: task syz-executor.5:7069 blocked for more than 140 seconds. [ 427.998728] Not tainted 4.14.113 #3 [ 428.003418] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.011465] syz-executor.5 D24992 7069 1 0x00000004 [ 428.017233] Call Trace: [ 428.019823] __schedule+0x7be/0x1cf0 [ 428.023645] ? __mutex_lock+0x737/0x1470 [ 428.027745] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.032903] schedule+0x92/0x1c0 [ 428.036365] schedule_preempt_disabled+0x13/0x20 [ 428.041432] __mutex_lock+0x73c/0x1470 [ 428.045335] ? trace_hardirqs_on+0x10/0x10 [ 428.049724] ? lo_release+0x84/0x1b0 [ 428.053534] ? save_trace+0x280/0x290 [ 428.057342] ? mutex_trylock+0x1c0/0x1c0 [ 428.061485] ? __blkdev_put+0x397/0x7f0 [ 428.066223] ? find_held_lock+0x35/0x130 [ 428.070475] ? __blkdev_put+0x397/0x7f0 [ 428.074463] ? loop_clr_fd+0xae0/0xae0 [ 428.078350] mutex_lock_nested+0x16/0x20 [ 428.082513] ? mutex_lock_nested+0x16/0x20 [ 428.086775] lo_release+0x84/0x1b0 [ 428.090396] ? loop_clr_fd+0xae0/0xae0 [ 428.094353] __blkdev_put+0x436/0x7f0 [ 428.098160] ? bd_set_size+0xb0/0xb0 [ 428.102025] ? wait_for_completion+0x420/0x420 [ 428.106694] blkdev_put+0x88/0x510 [ 428.110329] ? fcntl_setlk+0xb90/0xb90 [ 428.114241] ? blkdev_put+0x510/0x510 [ 428.118093] blkdev_close+0x8b/0xb0 [ 428.121946] __fput+0x277/0x7a0 [ 428.125811] ____fput+0x16/0x20 [ 428.129101] task_work_run+0x119/0x190 [ 428.133103] exit_to_usermode_loop+0x1da/0x220 [ 428.137717] do_syscall_64+0x4a9/0x630 [ 428.142424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.147309] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.152616] RIP: 0033:0x412b30 [ 428.155897] RSP: 002b:00007ffcb4c50128 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 428.163686] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000412b30 [ 428.171035] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003 [ 428.178368] RBP: 0000000000000092 R08: 0000000000000000 R09: 000000000000000a [ 428.185731] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 428.193059] R13: 00007ffcb4c50160 R14: 00000000000344ab R15: 00007ffcb4c50170 [ 428.200471] INFO: task syz-executor.1:7073 blocked for more than 140 seconds. [ 428.207750] Not tainted 4.14.113 #3 [ 428.211964] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.219957] syz-executor.1 D24992 7073 1 0x00000004 [ 428.225801] Call Trace: [ 428.228403] __schedule+0x7be/0x1cf0 [ 428.232280] ? __mutex_lock+0x737/0x1470 [ 428.236352] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.241462] schedule+0x92/0x1c0 [ 428.244934] schedule_preempt_disabled+0x13/0x20 [ 428.249694] __mutex_lock+0x73c/0x1470 [ 428.253666] ? __mutex_unlock_slowpath+0x71/0x800 [ 428.258622] ? __blkdev_get+0x145/0x1120 [ 428.262783] ? mutex_trylock+0x1c0/0x1c0 [ 428.267019] ? exact_match+0xd/0x20 [ 428.270702] ? kobj_lookup+0x319/0x410 [ 428.274597] ? blkdev_ioctl+0x1880/0x1880 [ 428.278744] mutex_lock_nested+0x16/0x20 [ 428.282869] ? mutex_lock_nested+0x16/0x20 [ 428.287108] __blkdev_get+0x145/0x1120 [ 428.291082] ? __blkdev_put+0x7f0/0x7f0 [ 428.295072] ? bd_acquire+0x178/0x2c0 [ 428.298866] ? find_held_lock+0x35/0x130 [ 428.303027] blkdev_get+0xa8/0x8e0 [ 428.306597] ? bd_may_claim+0xd0/0xd0 [ 428.310497] ? _raw_spin_unlock+0x2d/0x50 [ 428.314661] blkdev_open+0x1d1/0x260 [ 428.318372] ? security_file_open+0x8f/0x1a0 [ 428.322873] do_dentry_open+0x73e/0xeb0 [ 428.326876] ? bd_acquire+0x2c0/0x2c0 [ 428.330759] vfs_open+0x105/0x230 [ 428.334227] path_openat+0x8bd/0x3f70 [ 428.338028] ? trace_hardirqs_on+0x10/0x10 [ 428.342352] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 428.347096] ? find_held_lock+0x35/0x130 [ 428.351280] ? __alloc_fd+0x1d4/0x4a0 [ 428.355718] do_filp_open+0x18e/0x250 [ 428.359624] ? may_open_dev+0xe0/0xe0 [ 428.363506] ? _raw_spin_unlock+0x2d/0x50 [ 428.367700] ? __alloc_fd+0x1d4/0x4a0 [ 428.371574] do_sys_open+0x2c5/0x430 [ 428.375297] ? filp_open+0x70/0x70 [ 428.378823] SyS_open+0x2d/0x40 [ 428.382193] ? do_sys_open+0x430/0x430 [ 428.386088] do_syscall_64+0x1eb/0x630 [ 428.389965] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.394966] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.400214] RIP: 0033:0x412d10 [ 428.403399] RSP: 002b:00007ffc292eb888 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 428.411182] RAX: ffffffffffffffda RBX: 0000000000034593 RCX: 0000000000412d10 [ 428.418525] RDX: 00007ffc292eb91a RSI: 0000000000000002 RDI: 00007ffc292eb910 [ 428.425898] RBP: 000000000000009e R08: 0000000000000000 R09: 000000000000000a [ 428.433234] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 428.440579] R13: 00007ffc292eb8c0 R14: 0000000000034571 R15: 00007ffc292eb8d0 [ 428.448024] INFO: task syz-executor.0:8494 blocked for more than 140 seconds. [ 428.455553] Not tainted 4.14.113 #3 [ 428.459699] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.467750] syz-executor.0 D29344 8494 7068 0x00000004 [ 428.473507] Call Trace: [ 428.476100] __schedule+0x7be/0x1cf0 [ 428.479797] ? __mutex_lock+0x737/0x1470 [ 428.484050] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.489136] schedule+0x92/0x1c0 [ 428.492559] schedule_preempt_disabled+0x13/0x20 [ 428.497313] __mutex_lock+0x73c/0x1470 [ 428.501259] ? blkdev_put+0x2b/0x510 [ 428.504979] ? loop_probe+0x160/0x160 [ 428.508764] ? mutex_trylock+0x1c0/0x1c0 [ 428.512962] ? blkdev_ioctl+0x10e/0x1880 [ 428.517026] ? fsnotify+0x933/0x11e0 [ 428.520805] ? blkdev_put+0x510/0x510 [ 428.524611] mutex_lock_nested+0x16/0x20 [ 428.528650] ? mutex_lock_nested+0x16/0x20 [ 428.532945] blkdev_put+0x2b/0x510 [ 428.536548] ? fcntl_setlk+0xb90/0xb90 [ 428.540490] ? blkdev_put+0x510/0x510 [ 428.544297] blkdev_close+0x8b/0xb0 [ 428.547991] __fput+0x277/0x7a0 [ 428.551378] ____fput+0x16/0x20 [ 428.554667] task_work_run+0x119/0x190 [ 428.558547] exit_to_usermode_loop+0x1da/0x220 [ 428.563247] do_syscall_64+0x4a9/0x630 [ 428.567134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.572016] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.577305] RIP: 0033:0x412b51 [ 428.580528] RSP: 002b:00007f78c436ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 428.588235] RAX: 0000000000000000 RBX: 00007f78c436d6d4 RCX: 0000000000412b51 [ 428.595581] RDX: 0000000000000008 RSI: 0000000000004c00 RDI: 0000000000000009 [ 428.602876] RBP: 0000000000000009 R08: 0000000000000000 R09: 000000000000000a [ 428.610189] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000008 [ 428.617459] R13: 00000000004c7975 R14: 00000000004dd9b0 R15: 00000000ffffffff [ 428.624829] INFO: task syz-executor.2:8501 blocked for more than 140 seconds. [ 428.632179] Not tainted 4.14.113 #3 [ 428.636318] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.644480] syz-executor.2 D28304 8501 7072 0x00000004 [ 428.650148] Call Trace: [ 428.652725] __schedule+0x7be/0x1cf0 [ 428.656523] ? __mutex_lock+0x737/0x1470 [ 428.660636] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.665655] schedule+0x92/0x1c0 [ 428.669000] schedule_preempt_disabled+0x13/0x20 [ 428.673788] __mutex_lock+0x73c/0x1470 [ 428.677680] ? lo_ioctl+0x87/0x1c70 [ 428.681341] ? lock_downgrade+0x6d0/0x6e0 [ 428.685498] ? mutex_trylock+0x1c0/0x1c0 [ 428.689665] ? avc_has_extended_perms+0x8ec/0xe40 [ 428.694546] ? putname+0xdb/0x120 [ 428.698001] ? avc_ss_reset+0x110/0x110 [ 428.702151] ? kasan_slab_free+0x75/0xc0 [ 428.706262] mutex_lock_nested+0x16/0x20 [ 428.710396] ? mutex_lock_nested+0x16/0x20 [ 428.714688] lo_ioctl+0x87/0x1c70 [ 428.718127] ? loop_probe+0x160/0x160 [ 428.721968] blkdev_ioctl+0x983/0x1880 [ 428.725855] ? blkpg_ioctl+0x980/0x980 [ 428.729788] ? __might_sleep+0x93/0xb0 [ 428.733771] ? __fget+0x210/0x370 [ 428.737254] block_ioctl+0xde/0x120 [ 428.741081] ? blkdev_fallocate+0x3b0/0x3b0 [ 428.745407] do_vfs_ioctl+0x7b9/0x1070 [ 428.749277] ? selinux_file_mprotect+0x5d0/0x5d0 [ 428.754077] ? lock_downgrade+0x6e0/0x6e0 [ 428.758226] ? ioctl_preallocate+0x1c0/0x1c0 [ 428.762666] ? __fget+0x237/0x370 [ 428.766125] ? security_file_ioctl+0x8f/0xc0 [ 428.770592] SyS_ioctl+0x8f/0xc0 [ 428.773969] ? do_vfs_ioctl+0x1070/0x1070 [ 428.778117] do_syscall_64+0x1eb/0x630 [ 428.782038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.786934] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.792164] RIP: 0033:0x458c07 [ 428.795350] RSP: 002b:00007f5f7d267a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.803133] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458c07 [ 428.810427] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 428.817689] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 428.825002] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 428.832299] R13: 00000000004c7975 R14: 00000000004dd9b0 R15: 00000000ffffffff [ 428.839576] INFO: task syz-executor.3:8490 blocked for more than 140 seconds. [ 428.846905] Not tainted 4.14.113 #3 [ 428.851056] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.859015] syz-executor.3 D26960 8490 7071 0x00000004 [ 428.864694] Call Trace: [ 428.867272] __schedule+0x7be/0x1cf0 [ 428.871149] ? __mutex_lock+0x737/0x1470 [ 428.875210] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.880276] schedule+0x92/0x1c0 [ 428.883721] schedule_preempt_disabled+0x13/0x20 [ 428.888462] __mutex_lock+0x73c/0x1470 [ 428.892404] ? blkdev_reread_part+0x1f/0x40 [ 428.896724] ? mutex_trylock+0x1c0/0x1c0 [ 428.900844] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 428.905947] ? __wake_up_common_lock+0xe3/0x160 [ 428.910699] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 428.915814] mutex_lock_nested+0x16/0x20 [ 428.919873] ? mutex_lock_nested+0x16/0x20 [ 428.924193] blkdev_reread_part+0x1f/0x40 [ 428.928365] loop_reread_partitions+0x7c/0x90 [ 428.932913] loop_clr_fd+0x844/0xae0 [ 428.936632] lo_ioctl+0x8d0/0x1c70 [ 428.940319] ? __check_object_size+0x12a/0x2ab [ 428.944913] ? loop_probe+0x160/0x160 [ 428.948704] blkdev_ioctl+0x983/0x1880 [ 428.952660] ? blkpg_ioctl+0x980/0x980 [ 428.956551] ? lock_downgrade+0x6e0/0x6e0 [ 428.960760] ? __might_sleep+0x93/0xb0 [ 428.964645] ? __fget+0x210/0x370 [ 428.968094] block_ioctl+0xde/0x120 [ 428.971794] ? blkdev_fallocate+0x3b0/0x3b0 [ 428.976171] do_vfs_ioctl+0x7b9/0x1070 [ 428.980140] ? selinux_file_mprotect+0x5d0/0x5d0 [ 428.984894] ? lock_downgrade+0x6e0/0x6e0 [ 428.989027] ? ioctl_preallocate+0x1c0/0x1c0 [ 428.993508] ? __fget+0x237/0x370 [ 428.997090] ? security_file_ioctl+0x8f/0xc0 [ 429.001571] SyS_ioctl+0x8f/0xc0 [ 429.004985] ? do_vfs_ioctl+0x1070/0x1070 [ 429.009132] do_syscall_64+0x1eb/0x630 [ 429.013091] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.017980] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.023331] RIP: 0033:0x458c07 [ 429.026526] RSP: 002b:00007f975c5539f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 429.034354] RAX: ffffffffffffffda RBX: 00007f975c5546d4 RCX: 0000000000458c07 [ 429.041673] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000004 [ 429.048949] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000c [ 429.056288] R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000003 [ 429.063604] R13: 0000000000000000 R14: 0000000000000004 R15: 0000000000000004 [ 429.070963] INFO: task blkid:8495 blocked for more than 140 seconds. [ 429.077455] Not tainted 4.14.113 #3 [ 429.081645] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.089796] blkid D28512 8495 7032 0x00000004 [ 429.095514] Call Trace: [ 429.098110] __schedule+0x7be/0x1cf0 [ 429.101875] ? __mutex_lock+0x737/0x1470 [ 429.105934] ? pci_mmcfg_check_reserved+0x150/0x150 [ 429.111487] schedule+0x92/0x1c0 [ 429.114846] schedule_preempt_disabled+0x13/0x20 [ 429.119595] __mutex_lock+0x73c/0x1470 [ 429.123565] ? lo_release+0x1e/0x1b0 [ 429.127290] ? mutex_trylock+0x1c0/0x1c0 [ 429.131416] ? blkdev_put+0x7b/0x510 [ 429.135205] ? blkdev_put+0x7b/0x510 [ 429.138908] ? loop_clr_fd+0xae0/0xae0 [ 429.142938] mutex_lock_nested+0x16/0x20 [ 429.147003] ? mutex_lock_nested+0x16/0x20 [ 429.151301] lo_release+0x1e/0x1b0 [ 429.154850] ? loop_clr_fd+0xae0/0xae0 [ 429.158721] __blkdev_put+0x436/0x7f0 [ 429.162595] ? bd_set_size+0xb0/0xb0 [ 429.166382] ? wait_for_completion+0x420/0x420 [ 429.171026] blkdev_put+0x88/0x510 [ 429.174599] ? fcntl_setlk+0xb90/0xb90 [ 429.178470] ? blkdev_put+0x510/0x510 [ 429.182355] blkdev_close+0x8b/0xb0 [ 429.185986] __fput+0x277/0x7a0 [ 429.189260] ____fput+0x16/0x20 [ 429.192597] task_work_run+0x119/0x190 [ 429.196491] exit_to_usermode_loop+0x1da/0x220 [ 429.201143] do_syscall_64+0x4a9/0x630 [ 429.205032] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.210138] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.215335] RIP: 0033:0x7fbc7e9382b0 [ 429.219288] RSP: 002b:00007ffd055ad058 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 429.227108] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fbc7e9382b0 [ 429.234474] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 429.241786] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 429.249048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001796030 [ 429.256357] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000005 [ 429.263675] INFO: task syz-executor.4:8505 blocked for more than 140 seconds. [ 429.271288] Not tainted 4.14.113 #3 [ 429.275431] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.283422] syz-executor.4 D28256 8505 7070 0x00000004 [ 429.295251] Call Trace: [ 429.297835] __schedule+0x7be/0x1cf0 [ 429.301570] ? __mutex_lock+0x737/0x1470 [ 429.305628] ? pci_mmcfg_check_reserved+0x150/0x150 [ 429.310705] schedule+0x92/0x1c0 [ 429.314469] schedule_preempt_disabled+0x13/0x20 [ 429.319203] __mutex_lock+0x73c/0x1470 [ 429.323141] ? lo_ioctl+0x87/0x1c70 [ 429.326770] ? lock_downgrade+0x6d0/0x6e0 [ 429.330965] ? mutex_trylock+0x1c0/0x1c0 [ 429.335224] ? avc_has_extended_perms+0x8ec/0xe40 [ 429.340117] ? is_bpf_text_address+0xa6/0x120 [ 429.344614] ? kernel_text_address+0x73/0xf0 [ 429.349011] ? __unwind_start+0x1f6/0x3d0 [ 429.353214] ? avc_ss_reset+0x110/0x110 [ 429.357194] mutex_lock_nested+0x16/0x20 [ 429.361277] ? mutex_lock_nested+0x16/0x20 [ 429.365511] lo_ioctl+0x87/0x1c70 [ 429.369011] ? retint_kernel+0x2d/0x2d [ 429.372958] ? loop_probe+0x160/0x160 [ 429.376829] blkdev_ioctl+0x983/0x1880 [ 429.380749] ? blkpg_ioctl+0x980/0x980 [ 429.384701] ? check_preemption_disabled+0x3c/0x250 [ 429.389770] ? retint_kernel+0x2d/0x2d [ 429.393703] block_ioctl+0xde/0x120 [ 429.397330] ? blkdev_fallocate+0x3b0/0x3b0 [ 429.401676] do_vfs_ioctl+0x7b9/0x1070 [ 429.405572] ? selinux_file_mprotect+0x5d0/0x5d0 [ 429.410373] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 429.415140] ? ioctl_preallocate+0x1c0/0x1c0 [ 429.419532] ? check_preemption_disabled+0x3c/0x250 [ 429.424695] ? retint_kernel+0x2d/0x2d [ 429.428603] ? security_file_ioctl+0x8f/0xc0 [ 429.433233] SyS_ioctl+0x8f/0xc0 [ 429.436609] ? do_vfs_ioctl+0x1070/0x1070 [ 429.440813] do_syscall_64+0x1eb/0x630 [ 429.444704] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.449599] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.454869] RIP: 0033:0x458c07 [ 429.458126] RSP: 002b:00007fb9e23ada88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 429.465908] RAX: ffffffffffffffda RBX: 00007fb9e23adb40 RCX: 0000000000458c07 [ 429.473334] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000007 [ 429.480676] RBP: 0000000000000000 R08: 00007fb9e23adb40 R09: 00007fb9e23adae0 [ 429.488003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 429.495378] R13: 00000000004c7833 R14: 00000000004dd848 R15: 00000000ffffffff [ 429.503399] INFO: task syz-executor.4:8512 blocked for more than 140 seconds. [ 429.510801] Not tainted 4.14.113 #3 [ 429.514957] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.523024] syz-executor.4 D29152 8512 7070 0x00000004 [ 429.528865] Call Trace: [ 429.531515] __schedule+0x7be/0x1cf0 [ 429.535233] ? __mutex_lock+0x737/0x1470 [ 429.539293] ? pci_mmcfg_check_reserved+0x150/0x150 [ 429.544421] schedule+0x92/0x1c0 [ 429.547863] schedule_preempt_disabled+0x13/0x20 [ 429.552761] __mutex_lock+0x73c/0x1470 [ 429.556699] ? lo_open+0x1d/0xb0 [ 429.560134] ? refcount_inc_not_zero+0x50/0xe0 [ 429.564736] ? mutex_trylock+0x1c0/0x1c0 [ 429.568866] ? exact_match+0xd/0x20 [ 429.572593] ? kobj_lookup+0x319/0x410 [ 429.576486] ? loop_unregister_transfer+0x90/0x90 [ 429.581390] mutex_lock_nested+0x16/0x20 [ 429.585458] ? mutex_lock_nested+0x16/0x20 [ 429.589681] lo_open+0x1d/0xb0 [ 429.593029] __blkdev_get+0xab1/0x1120 [ 429.596917] ? __blkdev_put+0x7f0/0x7f0 [ 429.600957] ? bd_acquire+0x178/0x2c0 [ 429.604775] ? find_held_lock+0x35/0x130 [ 429.608836] blkdev_get+0xa8/0x8e0 [ 429.612463] ? bd_may_claim+0xd0/0xd0 [ 429.616277] ? _raw_spin_unlock+0x2d/0x50 [ 429.620483] blkdev_open+0x1d1/0x260 [ 429.624214] ? security_file_open+0x8f/0x1a0 [ 429.628655] do_dentry_open+0x73e/0xeb0 [ 429.632697] ? bd_acquire+0x2c0/0x2c0 [ 429.636511] vfs_open+0x105/0x230 [ 429.640146] path_openat+0x8bd/0x3f70 [ 429.643961] ? trace_hardirqs_on+0x10/0x10 [ 429.648255] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 429.653109] ? find_held_lock+0x35/0x130 [ 429.657175] ? __alloc_fd+0x1d4/0x4a0 [ 429.661023] do_filp_open+0x18e/0x250 [ 429.664823] ? may_open_dev+0xe0/0xe0 [ 429.668735] ? _raw_spin_unlock+0x2d/0x50 [ 429.673161] ? __alloc_fd+0x1d4/0x4a0 [ 429.676977] do_sys_open+0x2c5/0x430 [ 429.680740] ? filp_open+0x70/0x70 [ 429.684288] ? do_sys_ftruncate.constprop.0+0x370/0x490 [ 429.689661] SyS_open+0x2d/0x40 [ 429.693041] ? do_sys_open+0x430/0x430 [ 429.696982] do_syscall_64+0x1eb/0x630 [ 429.701036] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.705966] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.711239] RIP: 0033:0x412d31 [ 429.714425] RSP: 002b:00007fb9e238ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 429.722225] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412d31 [ 429.729565] RDX: 00007fb9e238cb0a RSI: 0000000000000002 RDI: 00007fb9e238cb00 [ 429.737024] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 429.744346] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000008 [ 429.751683] R13: 00000000004c7975 R14: 00000000004dd9b0 R15: 00000000ffffffff [ 429.758986] INFO: task blkid:8502 blocked for more than 140 seconds. [ 429.765544] Not tainted 4.14.113 #3 [ 429.769784] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.777844] blkid D28496 8502 7195 0x00000004 [ 429.783572] Call Trace: [ 429.786264] __schedule+0x7be/0x1cf0 [ 429.789966] ? __mutex_lock+0x737/0x1470 [ 429.794118] ? pci_mmcfg_check_reserved+0x150/0x150 [ 429.799152] schedule+0x92/0x1c0 [ 429.802579] schedule_preempt_disabled+0x13/0x20 [ 429.807355] __mutex_lock+0x73c/0x1470 [ 429.811315] ? lo_ioctl+0x87/0x1c70 [ 429.814950] ? lock_downgrade+0x6d0/0x6e0 [ 429.819095] ? mutex_trylock+0x1c0/0x1c0 [ 429.823282] ? avc_has_extended_perms+0x8ec/0xe40 [ 429.828250] ? __might_fault+0x110/0x1d0 [ 429.832432] ? avc_ss_reset+0x110/0x110 [ 429.836434] mutex_lock_nested+0x16/0x20 [ 429.840581] ? mutex_lock_nested+0x16/0x20 [ 429.844834] lo_ioctl+0x87/0x1c70 [ 429.848286] ? loop_probe+0x160/0x160 [ 429.852158] blkdev_ioctl+0x983/0x1880 [ 429.856049] ? blkpg_ioctl+0x980/0x980 [ 429.859950] ? __might_sleep+0x93/0xb0 [ 429.863951] ? save_trace+0x290/0x290 [ 429.867791] block_ioctl+0xde/0x120 [ 429.871516] ? blkdev_fallocate+0x3b0/0x3b0 [ 429.875869] do_vfs_ioctl+0x7b9/0x1070 [ 429.879789] ? selinux_file_mprotect+0x5d0/0x5d0 [ 429.884630] ? ioctl_preallocate+0x1c0/0x1c0 [ 429.889048] ? lock_downgrade+0x6e0/0x6e0 [ 429.893281] ? security_file_ioctl+0x83/0xc0 [ 429.897696] ? security_file_ioctl+0x8f/0xc0 [ 429.902190] SyS_ioctl+0x8f/0xc0 [ 429.905558] ? do_vfs_ioctl+0x1070/0x1070 [ 429.909699] do_syscall_64+0x1eb/0x630 [ 429.913645] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.918502] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.923750] RIP: 0033:0x7fc8a67bc347 [ 429.927460] RSP: 002b:00007ffea3e2b5d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 429.935298] RAX: ffffffffffffffda RBX: 0000000002312030 RCX: 00007fc8a67bc347 [ 429.942612] RDX: 0000000000000000 RSI: 0000000000005331 RDI: 0000000000000003 [ 429.949888] RBP: 0000000000000003 R08: 00007fc8a6a6c5a0 R09: 0000000000000008 [ 429.957344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 429.964666] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000005 [ 429.972021] INFO: task blkid:8507 blocked for more than 140 seconds. [ 429.978515] Not tainted 4.14.113 #3 [ 429.982705] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.990723] blkid D28512 8507 7278 0x00000004 [ 429.996367] Call Trace: [ 429.998952] __schedule+0x7be/0x1cf0 [ 430.002747] ? __mutex_lock+0x737/0x1470 [ 430.006855] ? pci_mmcfg_check_reserved+0x150/0x150 [ 430.011929] schedule+0x92/0x1c0 [ 430.015398] schedule_preempt_disabled+0x13/0x20 [ 430.020221] __mutex_lock+0x73c/0x1470 [ 430.024133] ? trace_hardirqs_on+0x10/0x10 [ 430.028367] ? lo_release+0x1e/0x1b0 [ 430.032165] ? save_trace+0x280/0x290 [ 430.035964] ? mutex_trylock+0x1c0/0x1c0 [ 430.040109] ? __blkdev_put+0x397/0x7f0 [ 430.044101] ? find_held_lock+0x35/0x130 [ 430.048159] ? __blkdev_put+0x397/0x7f0 [ 430.052221] ? loop_clr_fd+0xae0/0xae0 [ 430.056122] mutex_lock_nested+0x16/0x20 [ 430.060278] ? mutex_lock_nested+0x16/0x20 [ 430.064563] lo_release+0x1e/0x1b0 [ 430.068097] ? loop_clr_fd+0xae0/0xae0 [ 430.072161] __blkdev_put+0x436/0x7f0 [ 430.075966] ? bd_set_size+0xb0/0xb0 [ 430.079666] ? wait_for_completion+0x420/0x420 [ 430.084321] blkdev_put+0x88/0x510 [ 430.087866] ? fcntl_setlk+0xb90/0xb90 [ 430.091890] ? blkdev_put+0x510/0x510 [ 430.095699] blkdev_close+0x8b/0xb0 [ 430.099324] __fput+0x277/0x7a0 [ 430.102689] ____fput+0x16/0x20 [ 430.105974] task_work_run+0x119/0x190 [ 430.109853] exit_to_usermode_loop+0x1da/0x220 [ 430.114527] do_syscall_64+0x4a9/0x630 [ 430.118508] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 430.123482] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 430.128721] RIP: 0033:0x7efd8c8882b0 [ 430.132482] RSP: 002b:00007ffe51131498 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 430.140251] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007efd8c8882b0 [ 430.147543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 430.155035] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 430.162370] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000155d030 [ 430.169729] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000005 [ 430.177172] [ 430.177172] Showing all locks held in the system: [ 430.183614] 1 lock held by khungtaskd/1007: [ 430.188061] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 430.197227] 2 locks held by getty/7024: [ 430.201334] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.210160] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.219572] 2 locks held by getty/7025: [ 430.223781] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.232541] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.241916] 2 locks held by getty/7026: [ 430.245887] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.254703] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.271377] 2 locks held by getty/7027: [ 430.275336] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.284101] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.293475] 2 locks held by getty/7028: [ 430.297435] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.306205] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.315611] 2 locks held by getty/7029: [ 430.319573] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.328334] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.337887] 2 locks held by getty/7030: [ 430.341939] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.350860] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.360287] 3 locks held by syz-executor.5/7069: [ 430.365138] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_put+0xa6/0x7f0 [ 430.373716] #1: (loop_index_mutex){+.+.}, at: [] lo_release+0x1e/0x1b0 [ 430.382247] #2: (loop_ctl_mutex#2){+.+.}, at: [] lo_release+0x84/0x1b0 [ 430.390768] 1 lock held by syz-executor.1/7073: [ 430.395506] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.404281] 1 lock held by syz-executor.0/8494: [ 430.408950] #0: (&bdev->bd_mutex){+.+.}, at: [] blkdev_put+0x2b/0x510 [ 430.417391] 1 lock held by syz-executor.2/8501: [ 430.422114] #0: (loop_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x87/0x1c70 [ 430.430546] 2 locks held by syz-executor.3/8490: [ 430.435309] #0: (loop_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x87/0x1c70 [ 430.443702] #1: (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1f/0x40 [ 430.452732] 2 locks held by blkid/8495: [ 430.456703] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_put+0xa6/0x7f0 [ 430.465299] #1: (loop_index_mutex){+.+.}, at: [] lo_release+0x1e/0x1b0 [ 430.473904] 1 lock held by syz-executor.4/8505: [ 430.478629] #0: (loop_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x87/0x1c70 [ 430.487044] 2 locks held by syz-executor.4/8512: [ 430.491995] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.500950] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x1d/0xb0 [ 430.509281] 1 lock held by blkid/8502: [ 430.513233] #0: (loop_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x87/0x1c70 [ 430.521712] 2 locks held by blkid/8507: [ 430.525732] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_put+0xa6/0x7f0 [ 430.534537] #1: (loop_index_mutex){+.+.}, at: [] lo_release+0x1e/0x1b0 [ 430.543103] 1 lock held by blkid/8515: [ 430.547055] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.556231] 2 locks held by blkid/8516: [ 430.560246] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.568946] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x1d/0xb0 [ 430.577109] 1 lock held by blkid/8517: [ 430.581105] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.589805] [ 430.591525] ============================================= [ 430.591525] [ 430.598602] NMI backtrace for cpu 1 [ 430.602315] CPU: 1 PID: 1007 Comm: khungtaskd Not tainted 4.14.113 #3 [ 430.608891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.618240] Call Trace: [ 430.620842] dump_stack+0x138/0x19c [ 430.624479] nmi_cpu_backtrace.cold+0x57/0x94 [ 430.628987] ? irq_force_complete_move.cold+0x7d/0x7d [ 430.634189] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 430.639462] arch_trigger_cpumask_backtrace+0x14/0x20 [ 430.644668] watchdog+0x5e7/0xb90 [ 430.648141] kthread+0x31c/0x430 [ 430.651511] ? hungtask_pm_notify+0x60/0x60 [ 430.655819] ? kthread_create_on_node+0xd0/0xd0 [ 430.660572] ret_from_fork+0x3a/0x50 [ 430.664449] Sending NMI from CPU 1 to CPUs 0: [ 430.669322] NMI backtrace for cpu 0 [ 430.669326] CPU: 0 PID: 2300 Comm: kworker/u4:5 Not tainted 4.14.113 #3 [ 430.669331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.669334] Workqueue: bat_events batadv_purge_orig [ 430.669339] task: ffff8880a1abe540 task.stack: ffff8880a1ad0000 [ 430.669342] RIP: 0010:__lock_acquire+0x203/0x45e0 [ 430.669345] RSP: 0018:ffff8880a1ad7a30 EFLAGS: 00000046 [ 430.669350] RAX: ffffffff88d33700 RBX: 0000000000000000 RCX: 0000000000000000 [ 430.669354] RDX: 1ffff1100cc5d000 RSI: 0000000000000000 RDI: ffff8880662e8000 [ 430.669357] RBP: ffff8880a1ad7bd8 R08: 0000000000000001 R09: 0000000000000000 [ 430.669361] R10: 0000000000000000 R11: ffff8880a1abe540 R12: ffff8880662e7ff8 [ 430.669364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 430.669368] FS: 0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 430.669371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 430.669375] CR2: 00007fcc6b7f3000 CR3: 00000000a5b13000 CR4: 00000000001406f0 [ 430.669378] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 430.669382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 430.669384] Call Trace: [ 430.669386] ? save_trace+0x290/0x290 [ 430.669389] ? lock_downgrade+0x6e0/0x6e0 [ 430.669392] ? trace_hardirqs_on+0x10/0x10 [ 430.669394] ? trace_hardirqs_on+0x10/0x10 [ 430.669397] ? save_trace+0x290/0x290 [ 430.669399] ? debug_object_deactivate+0x1cc/0x350 [ 430.669402] ? _batadv_purge_orig+0x9cc/0xf70 [ 430.669405] ? find_held_lock+0x35/0x130 [ 430.669407] lock_acquire+0x16f/0x430 [ 430.669410] ? _batadv_purge_orig+0x11e/0xf70 [ 430.669412] _raw_spin_lock_bh+0x33/0x50 [ 430.669415] ? _batadv_purge_orig+0x11e/0xf70 [ 430.669418] _batadv_purge_orig+0x11e/0xf70 [ 430.669421] ? check_preemption_disabled+0x3c/0x250 [ 430.669423] batadv_purge_orig+0x1b/0x70 [ 430.669426] process_one_work+0x868/0x1610 [ 430.669429] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 430.669431] worker_thread+0x5d9/0x1050 [ 430.669433] kthread+0x31c/0x430 [ 430.669436] ? process_one_work+0x1610/0x1610 [ 430.669439] ? kthread_create_on_node+0xd0/0xd0 [ 430.669441] ret_from_fork+0x3a/0x50 [ 430.669443] Code: ff ff ff 48 b8 00 00 00 00 00 fc ff df 41 89 f5 4b 8d 7c ec 08 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 63 2e 00 00 4b 8b 44 ec 08 <48> 85 c0 0f 84 15 ff ff ff f0 ff 80 38 01 00 00 49 8d b3 78 08 [ 430.670641] Kernel panic - not syncing: hung_task: blocked tasks [ 430.903579] CPU: 1 PID: 1007 Comm: khungtaskd Not tainted 4.14.113 #3 [ 430.910143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.919511] Call Trace: [ 430.922098] dump_stack+0x138/0x19c [ 430.925727] panic+0x1f2/0x438 [ 430.928905] ? add_taint.cold+0x16/0x16 [ 430.932861] ? ___preempt_schedule+0x16/0x18 [ 430.937258] watchdog+0x5f8/0xb90 [ 430.940703] kthread+0x31c/0x430 [ 430.944054] ? hungtask_pm_notify+0x60/0x60 [ 430.948363] ? kthread_create_on_node+0xd0/0xd0 [ 430.953020] ret_from_fork+0x3a/0x50 [ 430.957813] Kernel Offset: disabled [ 430.961445] Rebooting in 86400 seconds..