[ 52.509951][ T26] audit: type=1800 audit(1573141277.373:26): pid=7875 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 52.543706][ T26] audit: type=1800 audit(1573141277.373:27): pid=7875 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 52.565888][ T26] audit: type=1800 audit(1573141277.373:28): pid=7875 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 53.449820][ T26] audit: type=1800 audit(1573141278.343:29): pid=7875 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. 2019/11/07 15:41:26 fuzzer started 2019/11/07 15:41:28 dialing manager at 10.128.0.105:38105 2019/11/07 15:41:28 syscalls: 2553 2019/11/07 15:41:28 code coverage: enabled 2019/11/07 15:41:28 comparison tracing: enabled 2019/11/07 15:41:28 extra coverage: extra coverage is not supported by the kernel 2019/11/07 15:41:28 setuid sandbox: enabled 2019/11/07 15:41:28 namespace sandbox: enabled 2019/11/07 15:41:28 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/07 15:41:28 fault injection: enabled 2019/11/07 15:41:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/07 15:41:28 net packet injection: enabled 2019/11/07 15:41:28 net device setup: enabled 2019/11/07 15:41:28 concurrency sanitizer: enabled 2019/11/07 15:41:28 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 66.229230][ T8048] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/07 15:41:31 adding functions to KCSAN blacklist: 'tomoyo_supervisor' 'generic_permission' 'ktime_get_real_seconds' 'generic_fillattr' 'taskstats_exit' 'ep_poll' 'tcp_add_backlog' 'run_timer_softirq' 'blk_mq_run_hw_queue' 'ext4_nonda_switch' 'find_next_bit' 'common_perm_cond' 'poll_schedule_timeout' '__hrtimer_run_queues' 'ext4_free_inode' 'pipe_poll' 15:41:38 executing program 0: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000006800030800000000a9030000000000000000000008000100575aff9fefebf9ae20f36b6744254ffe2e4173a0380144abbbb4bc94819c7fdd68561939066d757a3cc10ed9abb13edfc987bdd028d9a5605d1b73d76ea549e2012287087c9acc53ec20b742f7", @ANYRES32=0x0], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x218fe53f1794f59, 0x0) [ 73.977028][ T8050] IPVS: ftp: loaded support on port[0] = 21 15:41:38 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) [ 74.076712][ T8050] chnl_net:caif_netlink_parms(): no params data found [ 74.133115][ T8050] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.140372][ T8050] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.148418][ T8050] device bridge_slave_0 entered promiscuous mode [ 74.156326][ T8050] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.164947][ T8050] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.172929][ T8050] device bridge_slave_1 entered promiscuous mode [ 74.201486][ T8050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.212074][ T8050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 15:41:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x11}]}, 0x30}}, 0x0) [ 74.243334][ T8050] team0: Port device team_slave_0 added [ 74.253298][ T8050] team0: Port device team_slave_1 added [ 74.264879][ T8053] IPVS: ftp: loaded support on port[0] = 21 [ 74.342478][ T8050] device hsr_slave_0 entered promiscuous mode [ 74.390222][ T8050] device hsr_slave_1 entered promiscuous mode [ 74.477827][ T8055] IPVS: ftp: loaded support on port[0] = 21 [ 74.554417][ T8050] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.561601][ T8050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.569026][ T8050] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.576157][ T8050] bridge0: port 1(bridge_slave_0) entered forwarding state 15:41:39 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0xfffffdaf, &(0x7f0000000180)={&(0x7f0000000340)=@newae={0x5c, 0x1e, 0x701, 0x0, 0x0, {{}, @in6=@dev}, [@replay_esn_val={0x1c}]}, 0x5c}, 0x8}, 0x0) [ 74.823590][ T8053] chnl_net:caif_netlink_parms(): no params data found [ 74.881455][ T8050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.955312][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.990742][ T25] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.010697][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.051983][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 75.123124][ T8050] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.181795][ T8053] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.189020][ T8053] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.220868][ T8053] device bridge_slave_0 entered promiscuous mode [ 75.241066][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.261001][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.290959][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.298063][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.341385][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.371248][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.401213][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.408356][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.451606][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.509347][ T8085] IPVS: ftp: loaded support on port[0] = 21 [ 75.515507][ T8053] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.523173][ T8053] bridge0: port 2(bridge_slave_1) entered disabled state 15:41:40 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) [ 75.563688][ T8053] device bridge_slave_1 entered promiscuous mode [ 75.592215][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.611351][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.640707][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.670958][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.702316][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.742379][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.782227][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.802241][ T8055] chnl_net:caif_netlink_parms(): no params data found [ 75.825920][ T8050] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.862144][ T8050] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.889385][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.911100][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.919749][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.991536][ T8053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.048339][ T8088] IPVS: ftp: loaded support on port[0] = 21 [ 76.063194][ T8050] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.094194][ T8053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.159253][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.168338][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.217219][ T8053] team0: Port device team_slave_0 added [ 76.226042][ T8053] team0: Port device team_slave_1 added 15:41:41 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) [ 76.332483][ T8053] device hsr_slave_0 entered promiscuous mode [ 76.360499][ T8053] device hsr_slave_1 entered promiscuous mode [ 76.399989][ T8053] debugfs: Directory 'hsr0' with parent '/' already present! [ 76.407703][ T8055] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.417197][ T8055] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.426325][ T8055] device bridge_slave_0 entered promiscuous mode [ 76.477280][ T8102] IPVS: ftp: loaded support on port[0] = 21 [ 76.505077][ T8055] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.512763][ T8055] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.522474][ T8055] device bridge_slave_1 entered promiscuous mode [ 76.712240][ T8055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.774942][ T8055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.828121][ T8053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.860969][ T8085] chnl_net:caif_netlink_parms(): no params data found 15:41:41 executing program 0: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000006800030800000000a9030000000000000000000008000100575aff9fefebf9ae20f36b6744254ffe2e4173a0380144abbbb4bc94819c7fdd68561939066d757a3cc10ed9abb13edfc987bdd028d9a5605d1b73d76ea549e2012287087c9acc53ec20b742f7", @ANYRES32=0x0], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x218fe53f1794f59, 0x0) [ 76.939502][ T8053] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.002670][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.020791][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.029407][ T8055] team0: Port device team_slave_0 added [ 77.060932][ T8088] chnl_net:caif_netlink_parms(): no params data found 15:41:42 executing program 0: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000006800030800000000a9030000000000000000000008000100575aff9fefebf9ae20f36b6744254ffe2e4173a0380144abbbb4bc94819c7fdd68561939066d757a3cc10ed9abb13edfc987bdd028d9a5605d1b73d76ea549e2012287087c9acc53ec20b742f7", @ANYRES32=0x0], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x218fe53f1794f59, 0x0) [ 77.104303][ T8055] team0: Port device team_slave_1 added [ 77.212428][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.230596][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.283660][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.290774][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.331100][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.393660][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.408076][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.429571][ T2855] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.436721][ T2855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.467537][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.532379][ T8055] device hsr_slave_0 entered promiscuous mode [ 77.560441][ T8055] device hsr_slave_1 entered promiscuous mode [ 77.603843][ T8055] debugfs: Directory 'hsr0' with parent '/' already present! [ 77.616568][ T8085] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.641387][ T8085] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.682222][ T8085] device bridge_slave_0 entered promiscuous mode [ 77.719968][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 15:41:42 executing program 0: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000006800030800000000a9030000000000000000000008000100575aff9fefebf9ae20f36b6744254ffe2e4173a0380144abbbb4bc94819c7fdd68561939066d757a3cc10ed9abb13edfc987bdd028d9a5605d1b73d76ea549e2012287087c9acc53ec20b742f7", @ANYRES32=0x0], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x218fe53f1794f59, 0x0) [ 77.729064][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.771765][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.810793][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.846563][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.871062][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.889356][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.913983][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.943650][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.982084][ T8102] chnl_net:caif_netlink_parms(): no params data found [ 78.018041][ T8085] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.026293][ T8085] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.045973][ T8085] device bridge_slave_1 entered promiscuous mode [ 78.081903][ T8053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.094249][ T8088] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.110068][ T8088] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.128430][ T8088] device bridge_slave_0 entered promiscuous mode [ 78.163206][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 15:41:43 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) [ 78.236244][ T8088] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.254661][ T8088] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.307888][ T8088] device bridge_slave_1 entered promiscuous mode [ 78.359079][ T8053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.405979][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.435773][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.498881][ T8085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.568262][ T8102] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.583342][ T8102] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.628557][ T8102] device bridge_slave_0 entered promiscuous mode [ 78.665597][ T8085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.703112][ T8088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.735315][ T8102] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.747327][ T8102] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.791284][ T8102] device bridge_slave_1 entered promiscuous mode [ 78.858882][ T8085] team0: Port device team_slave_0 added [ 78.905468][ T8088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.937573][ T8085] team0: Port device team_slave_1 added [ 78.991762][ T8102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.029654][ T8055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.057530][ T8102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.067739][ C0] hrtimer: interrupt took 45232 ns 15:41:44 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) [ 79.151334][ T8088] team0: Port device team_slave_0 added [ 79.164863][ T8055] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.201800][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.223075][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.250519][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 79.250544][ T26] audit: type=1804 audit(1573141304.143:31): pid=8165 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir594088680/syzkaller.hsJ5xa/4/file0" dev="sda1" ino=16519 res=1 [ 79.265850][ T8102] team0: Port device team_slave_0 added [ 79.325041][ T8088] team0: Port device team_slave_1 added 15:41:44 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 15:41:44 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) [ 79.382649][ T8085] device hsr_slave_0 entered promiscuous mode [ 79.414230][ T8085] device hsr_slave_1 entered promiscuous mode [ 79.461676][ T26] audit: type=1804 audit(1573141304.143:32): pid=8168 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir594088680/syzkaller.hsJ5xa/4/file0" dev="sda1" ino=16519 res=1 [ 79.579943][ T8085] debugfs: Directory 'hsr0' with parent '/' already present! [ 79.592609][ T8102] team0: Port device team_slave_1 added [ 79.599642][ T26] audit: type=1804 audit(1573141304.143:33): pid=8184 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir594088680/syzkaller.hsJ5xa/4/file0" dev="sda1" ino=16519 res=1 15:41:44 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) [ 79.666669][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.692098][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.737444][ T8139] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.744635][ T8139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.848756][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 79.874928][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.917329][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.961572][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.968661][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.031915][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.078482][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.125452][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.172282][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.226704][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.276726][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.317814][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.358826][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.359280][ T26] audit: type=1804 audit(1573141305.253:34): pid=8200 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir594088680/syzkaller.hsJ5xa/5/file0" dev="sda1" ino=16527 res=1 [ 80.442561][ T8088] device hsr_slave_0 entered promiscuous mode [ 80.490659][ T8088] device hsr_slave_1 entered promiscuous mode [ 80.529977][ T8088] debugfs: Directory 'hsr0' with parent '/' already present! [ 80.561235][ T8055] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.644522][ T8055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.728465][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.794115][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.821130][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.012360][ T8102] device hsr_slave_0 entered promiscuous mode [ 81.039819][ T8102] device hsr_slave_1 entered promiscuous mode [ 81.110106][ T8102] debugfs: Directory 'hsr0' with parent '/' already present! [ 81.140885][ T8055] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.206855][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 81.230513][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 81.328983][ T8085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.401839][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.460065][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.561748][ T8085] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.594988][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.650497][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.730226][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.737294][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.849031][ T8088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.941808][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 81.990164][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.999057][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.070262][ T8139] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.077482][ T8139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.210630][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.284357][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.426706][ T8088] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.481152][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.520573][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.588967][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.638678][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.713874][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.766949][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.834224][ T8146] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.938614][ T8278] netlink: 'syz-executor.2': attribute type 17 has an invalid length. [ 83.134991][ T8278] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 83.306135][ T8278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.360937][ T8278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.500367][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 83.509028][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.592562][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.650544][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.720324][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.727555][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.824280][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.880698][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.953961][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.961507][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.055016][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.134511][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.211362][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.271043][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.324734][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.400807][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.472044][ T8279] netlink: 'syz-executor.2': attribute type 17 has an invalid length. [ 84.497069][ T8279] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 84.583550][ T8279] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.624216][ T8279] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.765027][ T8085] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.800064][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.808035][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.871166][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.924922][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 15:41:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x11}]}, 0x30}}, 0x0) [ 84.976636][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.016261][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.067539][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.130977][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.142553][ T8102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.180975][ T8088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.236418][ T8085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.260355][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.267886][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.300636][ T8298] netlink: 'syz-executor.2': attribute type 17 has an invalid length. [ 85.410367][ T8298] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 85.489848][ T8298] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.499061][ T8298] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.632463][ T8102] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.643235][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.651954][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.659833][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.680547][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.691381][ T8088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.751670][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.761525][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.776861][ T8139] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.784224][ T8139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.792350][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.801247][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.809581][ T8139] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.816660][ T8139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.824450][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.833590][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.842603][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.851548][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.860337][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 85.868898][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.877629][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.886198][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.897406][ T8102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.908613][ T8102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.917049][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.925803][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.934771][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.943769][ T8139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.967870][ T8102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.009541][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 86.020954][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 15:41:51 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0xfffffdaf, &(0x7f0000000180)={&(0x7f0000000340)=@newae={0x5c, 0x1e, 0x701, 0x0, 0x0, {{}, @in6=@dev}, [@replay_esn_val={0x1c}]}, 0x5c}, 0x8}, 0x0) 15:41:51 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) 15:41:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:51 executing program 1: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:51 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x11}]}, 0x30}}, 0x0) 15:41:51 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0xfffffdaf, &(0x7f0000000180)={&(0x7f0000000340)=@newae={0x5c, 0x1e, 0x701, 0x0, 0x0, {{}, @in6=@dev}, [@replay_esn_val={0x1c}]}, 0x5c}, 0x8}, 0x0) 15:41:51 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) [ 86.405968][ T8344] netlink: 'syz-executor.2': attribute type 17 has an invalid length. [ 86.508888][ T26] audit: type=1804 audit(1573141311.403:35): pid=8346 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir594088680/syzkaller.hsJ5xa/6/file0" dev="sda1" ino=16553 res=1 15:41:51 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0xfffffdaf, &(0x7f0000000180)={&(0x7f0000000340)=@newae={0x5c, 0x1e, 0x701, 0x0, 0x0, {{}, @in6=@dev}, [@replay_esn_val={0x1c}]}, 0x5c}, 0x8}, 0x0) 15:41:51 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) [ 86.552910][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 86.646086][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 86.661889][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 15:41:51 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:51 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x11}]}, 0x30}}, 0x0) 15:41:51 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) [ 87.041663][ T8381] netlink: 'syz-executor.2': attribute type 17 has an invalid length. 15:41:52 executing program 1: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:52 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:52 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:52 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) [ 87.204372][ T8381] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 87.347077][ T8381] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.393636][ T8381] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 15:41:52 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:52 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:52 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:52 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:52 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:52 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) 15:41:52 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:52 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:53 executing program 1: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:53 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) [ 88.144800][ T26] audit: type=1804 audit(1573141313.043:36): pid=8405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir852569073/syzkaller.2erw3p/5/file0" dev="sda1" ino=16553 res=1 15:41:53 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:53 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:53 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) 15:41:53 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) 15:41:53 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x2, &(0x7f0000000080), 0x8) r4 = dup2(r1, r3) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) dup3(r4, r2, 0x0) 15:41:53 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:53 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) 15:41:53 executing program 5: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:53 executing program 3: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:54 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x3, {0x7, 0x8}}, 0x50) 15:41:54 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 15:41:54 executing program 4: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:54 executing program 0: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 15:41:54 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 15:41:54 executing program 0: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 15:41:54 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 15:41:54 executing program 0: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) [ 89.492781][ T26] audit: type=1804 audit(1573141314.393:37): pid=8489 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir623613486/syzkaller.m5Mq5y/7/file0" dev="sda1" ino=16559 res=1 [ 89.562366][ T26] audit: type=1804 audit(1573141314.443:38): pid=8492 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir871487894/syzkaller.ojMEHI/7/file0" dev="sda1" ino=16553 res=1 15:41:54 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:54 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 15:41:54 executing program 5: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:54 executing program 3: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:54 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:54 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) [ 89.933263][ T8537] EXT4-fs error (device loop0): ext4_fill_super:4489: inode #2: comm syz-executor.0: iget: root inode unallocated [ 89.986529][ T8537] EXT4-fs (loop0): get root inode failed [ 89.999442][ T26] audit: type=1804 audit(1573141314.893:39): pid=8505 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir274588089/syzkaller.J1xA7W/10/file0" dev="sda1" ino=16573 res=1 [ 90.054803][ T8537] EXT4-fs (loop0): mount failed 15:41:55 executing program 4: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:55 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:55 executing program 1: set_mempolicy(0x0, &(0x7f0000000040)=0x20000000000000, 0x100000007fff) syz_open_dev$sndtimer(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x200000, 0x0, 0x0, 0xb2) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 15:41:55 executing program 3: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:55 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:55 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 90.463995][ T8572] EXT4-fs error (device loop1): ext4_fill_super:4489: inode #2: comm syz-executor.1: iget: root inode unallocated [ 90.488669][ T8572] EXT4-fs (loop1): get root inode failed [ 90.499467][ T8572] EXT4-fs (loop1): mount failed [ 90.509004][ T8575] EXT4-fs error (device loop0): ext4_fill_super:4489: inode #2: comm syz-executor.0: iget: root inode unallocated [ 90.538741][ T8575] EXT4-fs (loop0): get root inode failed 15:41:55 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 90.562809][ T8575] EXT4-fs (loop0): mount failed [ 90.592685][ T26] audit: type=1804 audit(1573141315.493:40): pid=8540 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir871487894/syzkaller.ojMEHI/8/file0" dev="sda1" ino=16561 res=1 15:41:55 executing program 5: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:55 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 90.819749][ T8586] EXT4-fs error (device loop1): ext4_fill_super:4489: inode #2: comm syz-executor.1: iget: root inode unallocated [ 90.858492][ T8586] EXT4-fs (loop1): get root inode failed [ 90.872576][ T8586] EXT4-fs (loop1): mount failed 15:41:55 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 90.917938][ T8596] EXT4-fs error (device loop0): ext4_fill_super:4489: inode #2: comm syz-executor.0: iget: root inode unallocated [ 90.938786][ T8596] EXT4-fs (loop0): get root inode failed [ 90.944826][ T8596] EXT4-fs (loop0): mount failed [ 91.010026][ T26] audit: type=1804 audit(1573141315.903:41): pid=8565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir623613486/syzkaller.m5Mq5y/9/file0" dev="sda1" ino=16573 res=1 15:41:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:56 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) 15:41:56 executing program 4: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$getflags(r0, 0x401) 15:41:56 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 91.274512][ T8602] EXT4-fs error (device loop1): ext4_fill_super:4489: inode #2: comm syz-executor.1: iget: root inode unallocated [ 91.329029][ T8602] EXT4-fs (loop1): get root inode failed [ 91.433709][ T8602] EXT4-fs (loop1): mount failed 15:41:56 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) [ 91.454905][ T8608] EXT4-fs error (device loop2): ext4_fill_super:4489: inode #2: comm syz-executor.2: iget: root inode unallocated [ 91.482626][ T8608] EXT4-fs (loop2): get root inode failed [ 91.488577][ T8608] EXT4-fs (loop2): mount failed [ 91.536627][ T8615] EXT4-fs error (device loop0): ext4_fill_super:4489: inode #2: comm syz-executor.0: iget: root inode unallocated [ 91.582623][ T8615] EXT4-fs (loop0): get root inode failed [ 91.609218][ T8615] EXT4-fs (loop0): mount failed 15:41:56 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) 15:41:56 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) 15:41:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:56 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:56 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) 15:41:56 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) 15:41:56 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) [ 92.125754][ T8645] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 15:41:57 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) [ 92.198021][ T26] audit: type=1804 audit(1573141317.093:42): pid=8622 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir274588089/syzkaller.J1xA7W/12/file0" dev="sda1" ino=16590 res=1 [ 92.226944][ T8645] EXT4-fs error (device loop1): ext4_ext_check_inode:498: inode #2: comm syz-executor.1: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 92.266635][ T8644] EXT4-fs error (device loop2): ext4_fill_super:4489: inode #2: comm syz-executor.2: iget: root inode unallocated [ 92.300619][ T8645] EXT4-fs (loop1): get root inode failed 15:41:57 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) 15:41:57 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) [ 92.320270][ T8644] EXT4-fs (loop2): get root inode failed [ 92.326054][ T8644] EXT4-fs (loop2): mount failed [ 92.355530][ T8645] EXT4-fs (loop1): mount failed 15:41:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) 15:41:57 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) 15:41:57 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000140)='./file0\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:57 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) 15:41:57 executing program 5: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:57 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) 15:41:57 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) [ 92.996261][ T8685] EXT4-fs error (device loop2): ext4_fill_super:4489: inode #2: comm syz-executor.2: iget: root inode unallocated [ 93.017119][ T8685] EXT4-fs (loop2): get root inode failed [ 93.035594][ T8685] EXT4-fs (loop2): mount failed 15:41:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) [ 93.172887][ T8701] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 93.189977][ T8700] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock 15:41:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) [ 93.262910][ T8701] EXT4-fs error (device loop1): ext4_ext_check_inode:498: inode #2: comm syz-executor.1: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 93.294349][ T8700] EXT4-fs error (device loop5): ext4_ext_check_inode:498: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 93.341007][ T8700] EXT4-fs (loop5): get root inode failed [ 93.381370][ T8700] EXT4-fs (loop5): mount failed [ 93.399169][ T8701] EXT4-fs (loop1): get root inode failed 15:41:58 executing program 0: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 93.436665][ T8701] EXT4-fs (loop1): mount failed 15:41:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) 15:41:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) 15:41:58 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) 15:41:58 executing program 5: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) [ 93.880008][ T8731] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 93.936515][ T8731] EXT4-fs error (device loop0): ext4_ext_check_inode:498: inode #2: comm syz-executor.0: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) 15:41:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) [ 94.076758][ T8731] EXT4-fs (loop0): get root inode failed [ 94.107488][ T8731] EXT4-fs (loop0): mount failed 15:41:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) [ 94.315122][ T8758] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 94.335433][ T8756] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 94.419072][ T8756] EXT4-fs error (device loop1): ext4_ext_check_inode:498: inode #2: comm syz-executor.1: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 94.447888][ T8758] EXT4-fs error (device loop5): ext4_ext_check_inode:498: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 94.513781][ T8756] EXT4-fs (loop1): get root inode failed [ 94.548643][ T8756] EXT4-fs (loop1): mount failed 15:41:59 executing program 0: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) mmap(&(0x7f000014e000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/49, 0x20c000, 0x800}, 0x18) [ 94.564913][ T8758] EXT4-fs (loop5): get root inode failed [ 94.594246][ T8758] EXT4-fs (loop5): mount failed 15:41:59 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x1000000000000a, &(0x7f000098cffc)=0x4, 0x4) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 15:41:59 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:41:59 executing program 3: syz_open_dev$dmmidi(0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000001440)={0x0, 0x0, @pic={0xf7ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x95}}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in6=@dev}, {@in6=@empty, 0x0, 0x33}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xdc}, [@replay_esn_val={0x20, 0x17, {0x1, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0]}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x158}}, 0x0) gettid() mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x12, 0xffffffffffffffff, 0x0) [ 94.949562][ T8786] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock 15:41:59 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x1000000000000a, &(0x7f000098cffc)=0x4, 0x4) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 15:41:59 executing program 5: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 95.032270][ T8786] EXT4-fs error (device loop0): ext4_ext_check_inode:498: inode #2: comm syz-executor.0: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) 15:41:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) [ 95.079168][ T8786] EXT4-fs (loop0): get root inode failed [ 95.085540][ T8786] EXT4-fs (loop0): mount failed [ 95.323140][ T8799] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 95.387559][ T8799] EXT4-fs error (device loop1): ext4_ext_check_inode:498: inode #2: comm syz-executor.1: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 95.484842][ T8815] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 95.490025][ T8799] EXT4-fs (loop1): get root inode failed 15:42:00 executing program 0: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="a400000000000000000000000000000000000000c2a43994c7184f60c9e3329e1ef9b5b8e26a128aadc06fa27c8dbfac6a8e1449699eeac46ed9037cb837768d7041bca0beaae115094aa8d2f31b5c296f725f0bcb7f8c73842a699d7ab01bdf595ac80cc5b62505f9029190cd2fddc8e32ee8498a3e5104998d2007c84f715a336b743784435444d18bc9fc2857e683f58f8e8ce6e5d7e21e3088a59604b8d3ba171846"], 0xa4}}, 0x0) pipe(&(0x7f00000004c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 15:42:00 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x1000000000000a, &(0x7f000098cffc)=0x4, 0x4) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) [ 95.519724][ T8815] EXT4-fs error (device loop5): ext4_ext_check_inode:498: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 95.551913][ T8799] EXT4-fs (loop1): mount failed [ 95.560305][ T8815] EXT4-fs (loop5): get root inode failed [ 95.583376][ T8815] EXT4-fs (loop5): mount failed [ 95.844632][ T8839] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 95.880545][ T8839] EXT4-fs error (device loop0): ext4_ext_check_inode:498: inode #2: comm syz-executor.0: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) 15:42:00 executing program 3: syz_open_dev$dmmidi(0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000001440)={0x0, 0x0, @pic={0xf7ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x95}}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in6=@dev}, {@in6=@empty, 0x0, 0x33}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xdc}, [@replay_esn_val={0x20, 0x17, {0x1, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0]}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x158}}, 0x0) gettid() mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x12, 0xffffffffffffffff, 0x0) 15:42:00 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x1000000000000a, &(0x7f000098cffc)=0x4, 0x4) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 15:42:00 executing program 5: syz_open_dev$dmmidi(0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000001440)={0x0, 0x0, @pic={0xf7ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x95}}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in6=@dev}, {@in6=@empty, 0x0, 0x33}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xdc}, [@replay_esn_val={0x20, 0x17, {0x1, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0]}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x158}}, 0x0) gettid() mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x12, 0xffffffffffffffff, 0x0) [ 95.931864][ T8839] EXT4-fs (loop0): get root inode failed [ 95.937762][ T8839] EXT4-fs (loop0): mount failed 15:42:00 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) 15:42:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) 15:42:01 executing program 5: syz_open_dev$dmmidi(0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000001440)={0x0, 0x0, @pic={0xf7ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x95}}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in6=@dev}, {@in6=@empty, 0x0, 0x33}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xdc}, [@replay_esn_val={0x20, 0x17, {0x1, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0]}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x158}}, 0x0) gettid() mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x12, 0xffffffffffffffff, 0x0) 15:42:01 executing program 3: syz_open_dev$dmmidi(0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000001440)={0x0, 0x0, @pic={0xf7ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x95}}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in6=@dev}, {@in6=@empty, 0x0, 0x33}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xdc}, [@replay_esn_val={0x20, 0x17, {0x1, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0]}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x158}}, 0x0) gettid() mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x12, 0xffffffffffffffff, 0x0) 15:42:01 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x1000000000000a, &(0x7f000098cffc)=0x4, 0x4) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 15:42:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='stat\x00') r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r1, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) pread64(r2, 0x0, 0xffffff71, 0x2000000100100006) socket$inet_udplite(0x2, 0x2, 0x88) r3 = geteuid() keyctl$chown(0x4, 0x0, r3, 0x0) r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000480)={{0x6134e6ad, 0x0, r4, 0x0, 0x0, 0x0, 0x80000001}, 0xff, 0x80000000}) keyctl$chown(0x4, 0x0, 0x0, 0x0) getegid() geteuid() getegid() getgid() r5 = geteuid() keyctl$chown(0x4, 0x0, r5, 0x0) getresgid(&(0x7f0000000140), 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000039ff8)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(0xffffffffffffffff, r6) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x40000, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, 0x0, 0x0) lstat(0x0, &(0x7f00000009c0)) 15:42:01 executing program 3: syz_open_dev$dmmidi(0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000001440)={0x0, 0x0, @pic={0xf7ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x95}}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in6=@dev}, {@in6=@empty, 0x0, 0x33}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xdc}, [@replay_esn_val={0x20, 0x17, {0x1, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0]}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x158}}, 0x0) gettid() mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x12, 0xffffffffffffffff, 0x0) 15:42:01 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x1000000000000a, &(0x7f000098cffc)=0x4, 0x4) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 15:42:01 executing program 5: syz_open_dev$dmmidi(0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000001440)={0x0, 0x0, @pic={0xf7ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x95}}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in6=@dev}, {@in6=@empty, 0x0, 0x33}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xdc}, [@replay_esn_val={0x20, 0x17, {0x1, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0]}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x158}}, 0x0) gettid() mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x12, 0xffffffffffffffff, 0x0) 15:42:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='stat\x00') r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r1, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) pread64(r2, 0x0, 0xffffff71, 0x2000000100100006) socket$inet_udplite(0x2, 0x2, 0x88) r3 = geteuid() keyctl$chown(0x4, 0x0, r3, 0x0) r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000480)={{0x6134e6ad, 0x0, r4, 0x0, 0x0, 0x0, 0x80000001}, 0xff, 0x80000000}) keyctl$chown(0x4, 0x0, 0x0, 0x0) getegid() geteuid() getegid() getgid() r5 = geteuid() keyctl$chown(0x4, 0x0, r5, 0x0) getresgid(&(0x7f0000000140), 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000039ff8)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(0xffffffffffffffff, r6) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x40000, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, 0x0, 0x0) lstat(0x0, &(0x7f00000009c0)) 15:42:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='stat\x00') r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r1, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) pread64(r2, 0x0, 0xffffff71, 0x2000000100100006) socket$inet_udplite(0x2, 0x2, 0x88) r3 = geteuid() keyctl$chown(0x4, 0x0, r3, 0x0) r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000480)={{0x6134e6ad, 0x0, r4, 0x0, 0x0, 0x0, 0x80000001}, 0xff, 0x80000000}) keyctl$chown(0x4, 0x0, 0x0, 0x0) getegid() geteuid() getegid() getgid() r5 = geteuid() keyctl$chown(0x4, 0x0, r5, 0x0) getresgid(&(0x7f0000000140), 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000039ff8)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(0xffffffffffffffff, r6) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x40000, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, 0x0, 0x0) lstat(0x0, &(0x7f00000009c0)) 15:42:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='stat\x00') r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r1, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) pread64(r2, 0x0, 0xffffff71, 0x2000000100100006) socket$inet_udplite(0x2, 0x2, 0x88) r3 = geteuid() keyctl$chown(0x4, 0x0, r3, 0x0) r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000480)={{0x6134e6ad, 0x0, r4, 0x0, 0x0, 0x0, 0x80000001}, 0xff, 0x80000000}) keyctl$chown(0x4, 0x0, 0x0, 0x0) getegid() geteuid() getegid() getgid() r5 = geteuid() keyctl$chown(0x4, 0x0, r5, 0x0) getresgid(&(0x7f0000000140), 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000039ff8)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(0xffffffffffffffff, r6) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x40000, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, 0x0, 0x0) lstat(0x0, &(0x7f00000009c0)) 15:42:01 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) [ 97.308679][ T8904] ================================================================== [ 97.316850][ T8904] BUG: KCSAN: data-race in __skb_try_recv_from_queue / unix_dgram_sendmsg [ 97.325347][ T8904] [ 97.327772][ T8904] write to 0xffff8881036b8ce0 of 4 bytes by task 8905 on cpu 0: [ 97.335422][ T8904] __skb_try_recv_from_queue+0x387/0x460 [ 97.341598][ T8904] __skb_try_recv_datagram+0xfa/0x2c0 [ 97.346991][ T8904] unix_dgram_recvmsg+0xfd/0xba0 [ 97.351950][ T8904] sock_recvmsg_nosec+0x5c/0x70 [ 97.356814][ T8904] ___sys_recvmsg+0x1a0/0x3e0 [ 97.361496][ T8904] do_recvmmsg+0x19a/0x5c0 [ 97.365921][ T8904] __sys_recvmmsg+0x1ef/0x200 [ 97.370790][ T8904] __x64_sys_recvmmsg+0x89/0xb0 [ 97.375663][ T8904] do_syscall_64+0xcc/0x370 [ 97.380299][ T8904] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 97.386238][ T8904] [ 97.388589][ T8904] read to 0xffff8881036b8ce0 of 4 bytes by task 8904 on cpu 1: [ 97.396504][ T8904] unix_dgram_sendmsg+0x9ef/0xc80 [ 97.401543][ T8904] sock_sendmsg+0x9f/0xc0 [ 97.405878][ T8904] ___sys_sendmsg+0x2b7/0x5d0 [ 97.410670][ T8904] __sys_sendmmsg+0x123/0x350 [ 97.415381][ T8904] __x64_sys_sendmmsg+0x64/0x80 [ 97.420253][ T8904] do_syscall_64+0xcc/0x370 [ 97.424776][ T8904] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 97.430670][ T8904] [ 97.433007][ T8904] Reported by Kernel Concurrency Sanitizer on: [ 97.439200][ T8904] CPU: 1 PID: 8904 Comm: syz-executor.1 Not tainted 5.4.0-rc6+ #0 [ 97.447131][ T8904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.457193][ T8904] ================================================================== [ 97.465475][ T8904] Kernel panic - not syncing: panic_on_warn set ... [ 97.472325][ T8904] CPU: 1 PID: 8904 Comm: syz-executor.1 Not tainted 5.4.0-rc6+ #0 [ 97.480128][ T8904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.490334][ T8904] Call Trace: [ 97.493619][ T8904] dump_stack+0xf5/0x159 [ 97.497848][ T8904] panic+0x210/0x640 [ 97.501834][ T8904] ? vprintk_func+0x8d/0x140 [ 97.506429][ T8904] kcsan_report.cold+0xc/0xe [ 97.511023][ T8904] kcsan_setup_watchpoint+0x3fe/0x410 [ 97.516604][ T8904] __tsan_read4+0x145/0x1f0 [ 97.521140][ T8904] unix_dgram_sendmsg+0x9ef/0xc80 [ 97.526295][ T8904] ? unix_stream_recvmsg+0xe0/0xe0 [ 97.531520][ T8904] sock_sendmsg+0x9f/0xc0 [ 97.535857][ T8904] ___sys_sendmsg+0x2b7/0x5d0 [ 97.540533][ T8904] ? __rcu_read_unlock+0x66/0x3c0 [ 97.545570][ T8904] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 97.551467][ T8904] ? __fget+0xb8/0x1d0 [ 97.555530][ T8904] ? __fget_light+0xaf/0x190 [ 97.560129][ T8904] __sys_sendmmsg+0x123/0x350 [ 97.564801][ T8904] ? __read_once_size+0x5a/0xe0 [ 97.569655][ T8904] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 97.575371][ T8904] ? _copy_to_user+0x84/0xb0 [ 97.579954][ T8904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.586181][ T8904] ? put_timespec64+0x94/0xc0 [ 97.590847][ T8904] __x64_sys_sendmmsg+0x64/0x80 [ 97.595686][ T8904] do_syscall_64+0xcc/0x370 [ 97.600194][ T8904] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 97.606094][ T8904] RIP: 0033:0x45a219 [ 97.609992][ T8904] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.629608][ T8904] RSP: 002b:00007f5f95d7cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 97.638146][ T8904] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219 [ 97.646108][ T8904] RDX: 0000000000000318 RSI: 00000000200bd000 RDI: 0000000000000005 [ 97.654065][ T8904] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 97.662024][ T8904] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5f95d7d6d4 [ 97.670070][ T8904] R13: 00000000004c8003 R14: 00000000004de470 R15: 00000000ffffffff [ 97.679911][ T8904] Kernel Offset: disabled [ 97.684345][ T8904] Rebooting in 86400 seconds..