Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. [ 47.527523] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/19 11:29:46 fuzzer started [ 47.724431] audit: type=1400 audit(1555673386.512:36): avc: denied { map } for pid=7114 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 49.559917] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/19 11:29:49 dialing manager at 10.128.0.105:36703 2019/04/19 11:29:49 syscalls: 2434 2019/04/19 11:29:49 code coverage: enabled 2019/04/19 11:29:49 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/19 11:29:49 extra coverage: extra coverage is not supported by the kernel 2019/04/19 11:29:49 setuid sandbox: enabled 2019/04/19 11:29:49 namespace sandbox: enabled 2019/04/19 11:29:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/19 11:29:49 fault injection: enabled 2019/04/19 11:29:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/19 11:29:49 net packet injection: enabled 2019/04/19 11:29:49 net device setup: enabled [ 51.563966] random: crng init done 11:31:49 executing program 5: 11:31:50 executing program 0: 11:31:50 executing program 3: 11:31:50 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x103, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x9, @win={{0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0}}) 11:31:50 executing program 2: syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @local={0xac, 0x28}, @dev}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 11:31:50 executing program 4: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x10020006004, 0x1) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='udf\x00', 0x0, 0x0) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 171.184926] audit: type=1400 audit(1555673509.972:37): avc: denied { map } for pid=7114 comm="syz-fuzzer" path="/root/syzkaller-shm948450111" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 171.233272] audit: type=1400 audit(1555673510.002:38): avc: denied { map } for pid=7131 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13810 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 171.920243] IPVS: ftp: loaded support on port[0] = 21 [ 172.235917] chnl_net:caif_netlink_parms(): no params data found [ 172.245417] IPVS: ftp: loaded support on port[0] = 21 [ 172.303490] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.309951] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.317616] device bridge_slave_0 entered promiscuous mode [ 172.327086] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.333607] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.340734] device bridge_slave_1 entered promiscuous mode [ 172.364176] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.373648] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.391230] IPVS: ftp: loaded support on port[0] = 21 [ 172.412315] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 172.419477] team0: Port device team_slave_0 added [ 172.437419] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 172.445121] team0: Port device team_slave_1 added [ 172.473557] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 172.481006] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 172.528190] chnl_net:caif_netlink_parms(): no params data found [ 172.572134] device hsr_slave_0 entered promiscuous mode [ 172.650381] device hsr_slave_1 entered promiscuous mode [ 172.714640] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 172.726902] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 172.791233] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.797703] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.804612] device bridge_slave_0 entered promiscuous mode [ 172.810891] IPVS: ftp: loaded support on port[0] = 21 [ 172.818285] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.826045] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.833343] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.839779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.858737] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.866650] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.874167] device bridge_slave_1 entered promiscuous mode [ 172.901274] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.913801] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.938373] chnl_net:caif_netlink_parms(): no params data found [ 172.972938] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 172.980818] team0: Port device team_slave_0 added [ 172.988879] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 172.996794] team0: Port device team_slave_1 added [ 173.010968] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 173.031024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 173.065689] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.072184] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.079386] device bridge_slave_0 entered promiscuous mode [ 173.111185] IPVS: ftp: loaded support on port[0] = 21 [ 173.122537] device hsr_slave_0 entered promiscuous mode [ 173.170531] device hsr_slave_1 entered promiscuous mode [ 173.211597] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.217991] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.225510] device bridge_slave_1 entered promiscuous mode [ 173.249521] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 173.266462] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.274673] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 173.308728] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.316308] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.325811] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.344225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.383377] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 173.395303] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 173.402992] team0: Port device team_slave_0 added [ 173.435177] chnl_net:caif_netlink_parms(): no params data found [ 173.446048] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 173.453340] team0: Port device team_slave_1 added [ 173.459227] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 173.467185] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 173.488640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 173.502536] IPVS: ftp: loaded support on port[0] = 21 [ 173.513477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.521269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.545772] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 173.652401] device hsr_slave_0 entered promiscuous mode [ 173.690371] device hsr_slave_1 entered promiscuous mode [ 173.733623] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 173.751015] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 173.757237] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.788252] chnl_net:caif_netlink_parms(): no params data found [ 173.805085] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 173.821407] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.827902] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.835686] device bridge_slave_0 entered promiscuous mode [ 173.846032] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.854087] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.861467] device bridge_slave_1 entered promiscuous mode [ 173.874891] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.901645] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 173.909465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.917423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.925132] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.931525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.943201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.959333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 173.971957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.979726] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.987430] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.993778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.001053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.010187] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.027585] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.049465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 174.083193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.093738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 174.100988] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.107349] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.114653] device bridge_slave_0 entered promiscuous mode [ 174.125547] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.132002] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.139276] device bridge_slave_1 entered promiscuous mode [ 174.145869] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 174.153309] team0: Port device team_slave_0 added [ 174.159711] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 174.167157] team0: Port device team_slave_1 added [ 174.172803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.181690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.189218] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.199915] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 174.222054] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.232633] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 174.240793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.248423] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.261386] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 174.270704] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.278618] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 174.289796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 174.303546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.311640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.319152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.326921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.352263] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 174.358304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.376059] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 174.385801] team0: Port device team_slave_0 added [ 174.433328] device hsr_slave_0 entered promiscuous mode [ 174.470345] device hsr_slave_1 entered promiscuous mode [ 174.510960] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 174.518860] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 174.529168] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 174.536559] team0: Port device team_slave_1 added [ 174.542251] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 174.591214] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 174.600257] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 174.612114] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.645193] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 174.661917] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 174.668137] chnl_net:caif_netlink_parms(): no params data found [ 174.732358] device hsr_slave_0 entered promiscuous mode [ 174.780423] device hsr_slave_1 entered promiscuous mode [ 174.821192] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 174.829559] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 174.845355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.854614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.871316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.878314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.886874] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 174.918634] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 174.939091] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 174.947726] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 174.954051] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.962523] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.968892] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.976306] device bridge_slave_0 entered promiscuous mode [ 174.984699] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 175.002822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.010462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.017737] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.024668] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.032560] device bridge_slave_1 entered promiscuous mode [ 175.052137] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.063633] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.084227] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.093460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.101596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.109865] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.116284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.124117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.132478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.140496] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.146873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.155808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.165706] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 175.172503] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.181874] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.192616] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.199675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.208447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 11:31:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x5000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_mount_image$vfat(&(0x7f00000001c0)='vfat\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={[], [{@uid_eq={'uid'}}]}) [ 175.216487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.224409] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.230794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.248180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.269858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 175.306663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.316979] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 175.324667] FAT-fs (loop5): bogus number of reserved sectors [ 175.327061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 175.343520] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.351648] team0: Port device team_slave_0 added [ 175.354263] FAT-fs (loop5): Can't find a valid FAT filesystem [ 175.358224] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.370304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.377984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.385931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.393617] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.400103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.409241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.426281] FAT-fs (loop5): bogus number of reserved sectors [ 175.429876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 175.432920] FAT-fs (loop5): Can't find a valid FAT filesystem [ 175.439887] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.454083] team0: Port device team_slave_1 added [ 175.460419] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 175.466584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.474620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.483326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.491542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.498483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.506191] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.515438] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 11:31:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000000)={0x2b, 0x3, 0x0, {0x0, 0xa, 0x0, '/dev/cuse\x00'}}, 0x2b) [ 175.527845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.547466] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 175.563444] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 175.573790] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 175.581703] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.589422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.598935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.607923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:31:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000000)={0x2b, 0x3, 0x0, {0x0, 0xa, 0x0, '/dev/cuse\x00'}}, 0x2b) [ 175.622241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 175.633437] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.645000] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 175.656429] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.666692] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 11:31:54 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x1, 0x9, 0x6d, 0x2, 0x0, 0x0}, 0x27) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") bpf$MAP_CREATE(0x2, &(0x7f0000000100)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) [ 175.678017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.692498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.705765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.713880] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.721765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.729453] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.737488] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.743865] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.753026] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 175.760861] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.767980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.775193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.782863] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.805663] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.816809] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 175.825615] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 175.832051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.839053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.850290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.857847] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.864261] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.871669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.879315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.932256] device hsr_slave_0 entered promiscuous mode [ 175.970425] device hsr_slave_1 entered promiscuous mode 11:31:54 executing program 5: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c00000003060d01ff0488fffdffff57ffccad000c000100060d00007d5500010c00020000002201f6f00061"], 0x2c}}, 0x0) exit_group(0x0) [ 176.021394] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 176.027899] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 176.038282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 176.052693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 176.068443] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 176.077933] audit: type=1400 audit(1555673514.862:39): avc: denied { create } for pid=7191 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 176.108761] audit: type=1400 audit(1555673514.872:40): avc: denied { write } for pid=7191 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 176.137491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.144489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.151944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.159539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 11:31:54 executing program 5: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c00000003060d01ff0488fffdffff57ffccad000c000100060d00007d5500010c00020000002201f6f00061"], 0x2c}}, 0x0) exit_group(0x0) [ 176.167151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.174767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.182937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.199383] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 176.210245] 8021q: adding VLAN 0 to HW filter on device team0 11:31:55 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000080)=[{0x0, 0x0, 0x0}], 0x1, 0x0) [ 176.216680] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 176.227460] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 176.237376] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 176.245093] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.266124] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 176.276986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.293611] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.309725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.318848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.334333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.342530] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.348881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.358334] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.376648] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 176.399692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 176.412906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.421063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.428499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.436791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.444658] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.451042] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.458520] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.469235] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 176.482141] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 176.491076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.506599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.515068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.523276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.533834] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 176.543881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 176.552522] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 176.561458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.569555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.577380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.593006] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.602898] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 176.612636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.621206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.629113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.637392] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.646960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.665528] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 176.676576] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 176.685890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.686636] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.702969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.714027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.726729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.742340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.751061] print_req_error: I/O error, dev loop9, sector 64 [ 176.759567] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.760505] print_req_error: I/O error, dev loop9, sector 256 [ 176.772008] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 176.776231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 176.781563] print_req_error: I/O error, dev loop9, sector 512 [ 176.781608] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512 [ 176.781621] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 176.781627] UDF-fs: Scanning with blocksize 512 failed [ 176.782342] print_req_error: I/O error, dev loop9, sector 64 [ 176.782542] print_req_error: I/O error, dev loop9, sector 512 [ 176.782576] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 176.782715] print_req_error: I/O error, dev loop9, sector 1024 [ 176.782748] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512 [ 176.782756] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 176.782762] UDF-fs: Scanning with blocksize 1024 failed [ 176.783100] print_req_error: I/O error, dev loop9, sector 64 [ 176.783265] print_req_error: I/O error, dev loop9, sector 1024 [ 176.783298] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 176.783424] print_req_error: I/O error, dev loop9, sector 2048 [ 176.816279] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 176.818023] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512 [ 176.840640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.880842] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 176.922296] UDF-fs: Scanning with blocksize 2048 failed [ 176.928025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.930712] print_req_error: I/O error, dev loop9, sector 64 [ 176.936205] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.941214] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 176.955216] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 176.963967] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512 [ 176.968180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.973047] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 176.986663] UDF-fs: Scanning with blocksize 4096 failed [ 176.990684] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.996419] UDF-fs: warning (device loop9): udf_fill_super: No partition found (1) [ 177.013370] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 177.015415] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 177.039023] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 177.046487] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512 [ 177.060943] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 177.068348] UDF-fs: Scanning with blocksize 512 failed [ 177.068971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.081936] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 177.083994] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 177.095232] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512 [ 177.098437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.117261] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 177.120705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.135087] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 177.139738] UDF-fs: Scanning with blocksize 1024 failed [ 177.142128] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.157902] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 177.165654] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.173853] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512 [ 177.173863] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 177.173868] UDF-fs: Scanning with blocksize 2048 failed [ 177.174268] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 177.189971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.198965] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=512, location=512 [ 177.218207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.230809] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 177.237831] UDF-fs: Scanning with blocksize 4096 failed [ 177.241141] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.243334] UDF-fs: warning (device loop9): udf_fill_super: No partition found (1) [ 177.249548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.267858] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.296729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.319671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.328268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.336125] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.342553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.352574] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 177.361329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.372555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 177.379737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.390525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 177.400817] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 177.408705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.417716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.425637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.433522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.441939] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 11:31:56 executing program 0: memfd_create(&(0x7f00000001c0)='v\x93\x8b\xc3\x00s\x82lV\xf6\x91\fEQ\xae\xbc\xe1\xc1\xa9\x8c\xe4\xf6G\xc6\x7f\xe1X4\xd5\x9c\'\x02\x17\xb0\xb4A?\xc9ZO57\xb7*\xa9\x97!\xec\x034\\\xc7v2\t\x02\xad\xf0GZ\xb8\x94S\x99/\x9cK\xe5\xde\xfa\xb4\xcd\xe6\xe0Q]\x19\x15\b\x95\x9a\x7f?\x03\x9f\xc1\xa8\xcf\x81\x8fb4-6\x01\xaaJ\xae\x88[ve\xf1\xfdp\xfcd[\x85\x8f8!u\xc4\xd3\x91\xbb\x14(\xaby\xf5jG<\xa6\xf0\x00\xfeK\x17\xfb \xbb\xf1\xb8\xaa\xf0mB\xb8\xe5|>bJ\xe7U\xc6\x81\x87\x9d\x10\xd6\xdbW\x94a\xdb\xde\x03\xdb\xb8\x1e\xc6U\xf7\x06\xad\x89X%}~\x7f\xb9\xdf\xa5\xd07tr\xc9\x86\xa4Ka\x9e\xbc\xcbh\xcd\xd0\xb7nD\x1d\aNZk\xc1o`\x1bv\x04|\x81K\x188\b\x15\xfav}\xadMc\xd2\xbc\xa4R\x00'/240, 0x3) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) utimensat(0xffffffffffffffff, 0x0, &(0x7f0000000100)={{0x0, 0x2710}, {0x77359400}}, 0x100) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 177.451219] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 177.468066] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 177.484312] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 177.499322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 177.499326] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 177.525636] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 177.543772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.556098] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.564562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.572418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.580400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.595476] *** Guest State *** [ 177.599002] CR0: actual=0x000000008005003f, shadow=0x000000008005001f, gh_mask=fffffffffffffff7 [ 177.609491] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 177.618693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.628703] CR4: actual=0x0000000000002068, shadow=0x0000000000000028, gh_mask=ffffffffffffe871 [ 177.638299] CR3 = 0x0000000000000000 [ 177.642414] PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 [ 177.663860] PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 [ 177.670671] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 177.676865] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 177.690035] hrtimer: interrupt took 32389 ns [ 177.705306] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 177.712506] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 177.722898] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 177.732033] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 177.740633] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 177.748713] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 177.758688] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 177.771056] GDTR: limit=0x00000000, base=0x0000000000000000 [ 177.779488] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 177.790190] IDTR: limit=0x00000000, base=0x0000000000000000 [ 177.798547] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 177.807711] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 177.814891] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 177.822772] Interruptibility = 00000000 ActivityState = 00000000 [ 177.829054] *** Host State *** [ 177.835022] RIP = 0xffffffff8117479a RSP = 0xffff888062a3f998 [ 177.843387] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 177.849849] FSBase=00007fdbae2b7700 GSBase=ffff8880aee00000 TRBase=fffffe0000034000 [ 177.858184] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 177.864369] CR0=0000000080050033 CR3=0000000096fc1000 CR4=00000000001426f0 [ 177.872153] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff86201910 [ 177.878960] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 177.886266] *** Control State *** [ 177.889798] PinBased=0000003f CPUBased=b6986dfa SecondaryExec=000000c2 [ 177.897436] EntryControls=0000d1ff ExitControls=002fefff [ 177.903412] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 177.912490] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 177.919237] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 177.927474] reason=80000021 qualification=0000000000000000 [ 177.935348] IDTVectoring: info=00000000 errcode=00000000 [ 177.941598] TSC Offset = 0xffffff9db6436fb8 [ 177.958474] EPT pointer = 0x000000008ed5801e [ 178.009913] *** Guest State *** [ 178.015847] CR0: actual=0x000000008005003f, shadow=0x000000008005001f, gh_mask=fffffffffffffff7 [ 178.025068] CR4: actual=0x0000000000002068, shadow=0x0000000000000028, gh_mask=ffffffffffffe871 [ 178.036075] CR3 = 0x0000000000000000 [ 178.040317] PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 [ 178.046937] PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 [ 178.054448] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 178.060836] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 178.066812] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 178.073732] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.083972] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.092021] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.099987] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.108046] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.116971] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.125673] GDTR: limit=0x00000000, base=0x0000000000000000 [ 178.133968] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.142418] IDTR: limit=0x00000000, base=0x0000000000000000 [ 178.150927] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.158926] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 178.167046] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 178.174610] Interruptibility = 00000000 ActivityState = 00000000 [ 178.181639] *** Host State *** [ 178.184861] RIP = 0xffffffff8117479a RSP = 0xffff888062597998 [ 178.190977] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 178.197390] FSBase=00007fdbae296700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 178.205688] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 178.211720] CR0=0000000080050033 CR3=0000000096fc1000 CR4=00000000001426f0 [ 178.218746] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff86201910 [ 178.225488] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 178.231613] *** Control State *** [ 178.235070] PinBased=0000003f CPUBased=b6986dfa SecondaryExec=000000c2 [ 178.242707] EntryControls=0000d1ff ExitControls=002fefff [ 178.248178] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 178.255475] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 178.262217] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 178.268808] reason=80000021 qualification=0000000000000000 [ 178.275564] IDTVectoring: info=00000000 errcode=00000000 [ 178.281094] TSC Offset = 0xffffff9d7821b99e [ 178.285415] EPT pointer = 0x0000000073b5c01e 11:31:57 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x6) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x6) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0xffffffffffffff1b, 0x12, 0x100000000004000, {0x8, 0x0, 0x8000000, 0x0, 0x803e0000}}, 0xfffffefd) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000000c0)) epoll_create1(0x7ffff) bpf$MAP_CREATE(0x0, &(0x7f0000011fd4)={0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x1}, 0x3c) 11:31:57 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) r1 = dup(r0) write$uinput_user_dev(r1, &(0x7f0000000d00)={'syz0\x00', {}, 0x50}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000380)='/dev/input/event#\x00', 0x3, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket(0x0, 0x0, 0x0) getgid() close(r2) 11:31:57 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x2, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") accept4(0xffffffffffffffff, &(0x7f00000027c0)=@alg, &(0x7f0000002840)=0x80, 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000300)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='9', 0x1}], 0x1, 0x881806) lremovexattr(0x0, 0x0) read(r1, &(0x7f0000000000)=""/30, 0xfffffe4c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) 11:31:57 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f00000011c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}}}, 0x90) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 11:31:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 11:31:57 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x7) clone(0x1bfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setpriority(0x2, 0x0, 0x0) 11:31:57 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 178.941473] input: syz0 as /devices/virtual/input/input5 11:31:57 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531007c778e0b"]) chdir(&(0x7f0000000380)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:31:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_emit_ethernet(0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="d5af449a0f3ba60232"], 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f000004d000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000003c000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000040000/0x2000)=nil, &(0x7f000004b000/0x4000)=nil, &(0x7f000003c000/0x2000)=nil, &(0x7f000004e000/0x3000)=nil, &(0x7f0000000300)="53f991d2622923bb61ac69bd069fccedb1d187178e497f01b8928afda59812aad36de1bc081b1f97a9156cea436bc64f56cbdd74901350a99e5e168e373dd2a901dd40f6d0fd8129afc8f12d784baf19aab917b8aa95cbb58eb153fbb53041955afa80d327c9ff4fe758a919a090fa8c3893337d4a9eddfe47f9bd380934914a2a00e7d888498e77037f6c8c35ea0851935f116f7b5486418a86a5268a0b6c26f480a97fcf784094c5037f6cb4c595522e96a3fd3d141516257b0118907543092b481d9c180d455f318698ad6d7744dc710d28b9503f48e8f63278d5468979f4bea52d963e7a8cc1cb7e83e2f5a87c19c121da241cec6b9c7fc3b8438f9fe27df3bbac342e7fde9362b2c28398dae1322b1069b2ae7c3f8177b7dea322460d55f0479e75c11cdaca2f3f10e29461939709c0407386a76730d0a0f6514973b50c93b490ddc96e83af91c411c49c3faa8ec64747ef1ca9572e5f523ef1f79675f1f2ed574411e83b25dd0dcc75cac5e154aca485521b4d325c97daf453c54e1e6a6fb1d158a9b05e4376366d04b2e6b0642dbc1b7ceeeb97a17c7f11a5bdad7eec8ecabfe03ebb6eb86e72a938bc98fe9afaa94de477d4584ab208f6747a39eac450e6bcf76c4ad54214e35f1ea009a0dbc17126072fb6f260637f288ad5aa0af81603c4cebaa7a672803436101e37f5084d7c4afc87f7025580fb27883a3e498c32b940d1ddfd86c5c6cf425f02f974ea078b091e6716733dacf3e63bbc76877be761fe95d9a86d0628bfbd4ba5e90dbfdbeeeede77b5bfb838f22b3d91722f3afc8c6b09ea931866d6dbd8afed61bec03c1ece12ddd3e69162a8eff86e8ad8fd885819aa194064b9dbc9104491c38327c37a05e68d90e9f4b8680a720edd70b4c18d608d6d3ae4db7104c537bf8c9d74354c25616bf959fca28dc4a441848fb2416db3eb797015466a6eac89f06cc729a5a5836a750a71fc6ac16d5e69fe2e59947a7c74ae76233fa25b21960575c52357846307954a491c3bd21c68523154cbdba94aae51bd2ef6dfcf0b5d74defc9d5828723f2341e830f8255bc01b8a5de988f7fb1975c78cc8580067db4ed0917823d5b77ee6f313ac41c8e8d2d445029f332428212bac76a4c444a154b20152f989101a4fd421906338a19503d51eddcc6508852d5804778b36bbd520e60d8bf05bd6b087f6552f982a8f1f684fcfdeb17ce852fd91bc674944252c87d350bd030ef10ac82758c1db71ba6c328b9e19746f61f0c602675b1934c94a9fd4a2757a740201e635d56bb57b68550eaa74983028c62aefd0eea9eac1b35161e4ec1356fa895dd095d19f7598a85fa320665eb916fde99452b12f4e09363738244a52dbfd1acd98c2e0d3bb1a97afe7e423df35d428dc0db7f38ebf53a9d6cf4f03968187f7253899e85fab76f075c90bf3ca8a681808b0fb91f956a2a15e18591a245793d5db72eecd123ed04f74e2153994e25fdfcc23c8bb362890a0e689dc7420c411592c58d81e0cda23eccf77febcf969fc4dded5f77b9311986fb1b33bcb262b48af050d245b59f7865d44105f309abda99ca88e857d1af6686dee2161c3bae53d8507ba1304fa133d2a60e9fd5acba5650d87e371945ee99b2e05111b995df4635d40687cc220930c5f07db1103dc7106e00ceb7a4e3b4290541843706934d54ff6d907c3b6800b93b0abbfebbcea9bae14337610fa8b7b3ea8ecf067a48e21341ce476253ca5e8b714a8451695ff14685ea73ad2a7bb45bfdfce6e7382971581fa8a470610f0304c184d1853deb6d7ee3be29fa9af2ec919227a6636d21c702feb827eba6c8e64181000c8168874b9d20f4a89e9110db599f1e57958db5dec66c3e7626e12d871faac0839ba3040fc6d5b087d150715ecaa2f4a4355fa5a52916e8d0116dfab8b36f330cd3e99b5ae2243c87ad5b123b2f7ee3993e1f1a8be93601a8f8298295bbf5040c2666463ed0a65a732668aa8be57de7f12ea4f5354b57f5c5c0401f8978b3032db2ff965c2fde98a996cf34d564fe180ede99df33748b7680240aae665d1afbc68124f1ab0bea1f36ac42a00c431c0377f0fa9c0f98db9dd5aced1d5fc35aadb788f8019fd8224e3e7de8056d9b101b37ce88b0f73166a45dd0f3e5c37ad15ee79e30cb3c0dcabea5a36b0fbb1e49e7a32056735b0604b0b78714924c77179c69bcd948c336e1980d52feabb979a4f492412696372d39fa70c6abccd284c49d8ca9d3710311542d09e55fcd12c1ad07b573c50b1c8f39294a16575b28bdd1ff856372085c26a991f889310364d2c950b8ae862f14884fdb6b648e7f0f3016cd14fcd75d4079d5f84e34bb8c1b9fba6d91c378728744736bd7f517364ccab26557dcfe4b84fa2935553d7971390063de46da65624ad7103f6aff4c6ebd4b494f2e01d845b9dd4f046ed805ba04ed2bfd11e2ccd355836c55b076fbe3d3def91a934d9db4e2606159c4eef2dbb712b3abbf612ec757d5ac38c5faafe146238b8ddc57fc4fc16532255bf2b4b80ed8bc6585ee218e102b7b5b3ad11b7bc8e618f5d66eeef03e4c594c21c72fcc462705e6a2e405bb6c04f5390a512d5d272ac42955fb9117dccd07bda7ab325028c071bb74c4d344d912c9f8ad6af462c1d4468e9cf36f228a003d5323e50943ecbae58862f295390b5aeed18d9f421744e5e2c5d22125c1cc358cf87a0c8569c89e5e7e5292a2a623aca85c1f2f5232abb6504e0944d778396d04fb3d386665f0efbf66aab78293649bd2f956b3382234984370a22065c0547f13a7dcb601879e3c3ee28d3d1c642eefeef80c885a9b6609f138137838fba3fbddef8c291187d951b6ea494832c3003a66372a150e7c446a25d16ebf077af7266e55cf852f8556444b9a6c76273fc44cebb25956912b1519d482e6badfdc9a0a4aa2078d8117bed4f990f6d0fafe8919da2ee91ee48f9f90d4bd7f9af595839e5333a6e2668ae837460bf7deac98594361659e9b9105dafa2f6949b5900f52a3d16fac186aaf710bcbf9aee376ba389ec0f4ea387755baf4575f353c4b687ffce2ec248c3afb90e9ea751708b75cef06300dbf15d967ee9d2beb282603a5c787d9a2317eec750458ce15b1ce5ff3f772964f1194939f23d2ef44da1cbfeeca1e3ddb7287c69d04fde90c1f385f8a48944a8f1c6b3500c7b4f943df549a5cde04e83d2cb804763b207792fb8bfab0402767b5e4936f6e429bc71ec73783c7cd296fbb749396377cb8386cbbd41152521765d9451bf3dcc0af93699c44bbd11d03514a8a5f00a6084116e675a38e255006500b28f36154f6b7ef8cde8495dd6efa639f0ddbea9b92534c842e9e625d6b3fc7192e56d3acae73c51253f42e6dfd8b78bd584353afde976fa5577b33b03ace0f1c40b78423959a0192589dd3a4f681dae2bc0a04cd7cb0eafa333af7a77d7525ed4d41d9621665134060a8109419f6b3d7b8f175f2286048a0affb7aecc88180871d35e1be594ad76b0910f0ea0424c5ba342ad8705a095b42376f55bb39b8efbb6ac4af1b82f7c3cb2d34fa1bbfd58cc48ba1c50daf16235bd671fabe098651076c8eeaa02c9b6e70e7d2f4342d552294fe5b09505df1f261c659daf853a022b67eacc5cadfc028ea8d219465c175cf329f56a38208ff821096a8a8dac10c0b6dc2e4fa76b009792a6eaeaf32213de5dc244a7b4ab6ad9238c511579607c5219db41c483f05c834ab4326195983d98586ae5ddc39f0ea0e31988b23e2bae94dd213f96e68c9b32a46503747ddba75700699c1df43089f2af873439c6ccec0b0c3f19089945e417e5a8538d07b35c0a8dcdfa3ccc1a96c610b2f0d4079e78b5c52734a0750fc47c99266400acd80a9f12c9f87d562ca1544864e7fdb3978c519afe2ab708374a158908e72d7c5b81ca50437a5c030057d6cdac3e491e911ffd34bea5509b39adb015b71ea27b235e338928658f3eef8faa1204f47c6fba6b3a4343981ea2d333d46dc8e7638a506917b954e4549dac8c8cc4822ecabdd0a0bf4dbadc4676b3702435165210586efa9392815d75b25a7279c64b6596eff5988f3ca7f83a8cde67dcc696058d924bf777096214a43c4e74e24e07f64786b70e9a2caa2923aacd98453aa76546c40f61c23d821249f76a9d0999ff9ee6ca7d40a80990a0b26c5fae81c098d0920fb67326fbe9fec2c1bf7aad59cf8e7863bbafcd9d723b3507b456e8eb50f4d7b3df56048b495c6f9d5e85bfd110d99f0458b8fb631d413ab7afcdbb79d242224d1cb53b7c5b9e778fd445f9b9bcb761a454ade09e2561107e69518cddd82e488bbefd5c78c4d60572213e38bb146fcc6f043b66a45c868074d39d055ba413021cb207c7dd86f020244368e8f7e4be431725df64ce669ed50dcc28c83f98d2cf86ba296d0807d72d206816a5e19d36fef0f0d30a0a5b7008787b115988447ba9d8c448c2df21578e3f6bfe8ef92c34b413cc4e23dff42f70523951038b20213da39e1301c32214624439c5b94ea431f3f2d4cf179f6bd2bab4f8012faf83ea9108de5b9e6a4e38545dd639d20e11ad4af38b088c023dae81b31e42c5628c302410a05308388250fed4165539017402330362743325cae042fb39912a25d585567aabafb964003a356a40a27c42ae0b09ee3a27c17b966338bc74eb2ba20d49bf15005e3bad98622d2a142f623ecdad35e60373c383ad644b14379ed75e1f151ba579a34e309cdadcad1627e66942a2c79aa904a2c5083ef957", 0xd36}, 0x68) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000003b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 179.108327] snd_dummy snd_dummy.0: control 112:0:0:Î:0 is already present [ 179.125420] audit: type=1400 audit(1555673517.912:41): avc: denied { associate } for pid=7292 comm="syz-executor.1" name="memory.events" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 11:31:58 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 179.248775] audit: type=1804 audit(1555673518.032:42): pid=7296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir892520368/syzkaller.NkSnZp/2/file0/memory.events" dev="sda1" ino=16555 res=1 11:31:58 executing program 2: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x4, 0x0, 0x0, 0x0, 0x146}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) [ 179.317755] input: syz0 as /devices/virtual/input/input6 [ 179.332763] snd_dummy snd_dummy.0: control 112:0:0:Î:0 is already present 11:31:58 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) [ 179.457823] audit: type=1804 audit(1555673518.242:43): pid=7323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir892520368/syzkaller.NkSnZp/2/file0/memory.events" dev="sda1" ino=16555 res=1 [ 179.466753] snd_dummy snd_dummy.0: control 112:0:0:Î:0 is already present 11:31:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$netlink(r0, 0x10e, 0xa, &(0x7f0000000040)=""/8, &(0x7f0000706ffc)=0x8) 11:31:58 executing program 5: socket$kcm(0x11, 0x2, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000000240)={&(0x7f0000000000)=@in={0x2, 0x4e22, @remote}, 0x80, 0x0}, 0x0) 11:31:58 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000080)={@broadcast, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x70}, @dev}, @icmp=@parameter_prob={0x5, 0x2, 0x0, 0x0, 0x0, 0x6, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, 0x0) 11:31:58 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 11:31:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = msgget$private(0x0, 0xffffffffffffffff) msgctl$IPC_RMID(r1, 0x0) msgctl$IPC_RMID(r1, 0x0) 11:31:58 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x40086310}], 0x0, 0x0, 0x0}) 11:31:58 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000140), 0xc) write$binfmt_aout(r0, &(0x7f0000000180), 0x20) 11:31:58 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(cast6))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x2) ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") recvmmsg(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000e80)=""/4096, 0x1000}], 0x1, 0x0, 0x87}}], 0x400000000000062, 0x0, 0x0) 11:31:58 executing program 1: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) [ 179.731726] snd_dummy snd_dummy.0: control 112:0:0:Î:0 is already present [ 179.769766] binder: 7342:7344 BC_DEAD_BINDER_DONE 0000000000000000 not found 11:31:58 executing program 0: creat(&(0x7f0000000300)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, 0x0) [ 179.823592] binder: 7342:7349 BC_DEAD_BINDER_DONE 0000000000000000 not found 11:32:01 executing program 4: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f00000011c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}}}, 0x90) 11:32:01 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x2710}) prctl$PR_GET_DUMPABLE(0x3) read(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000240)={0x0, 0x1, 0x6}, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000005000), 0x2}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)) 11:32:01 executing program 1: socket$unix(0x1, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)="4c0000001400197f09004b0101048c590188ffffcf3d34740600d4ff5bffff00e7e5ed7d00000000c8550000000000002758d60034650c0326356cdb47f6aaaa956086cbfe0db35200af4486", 0x4c}], 0x1) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 11:32:01 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x1) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x0, 0x0, 0x0, 0x8}, 0x0) 11:32:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000006100)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0xfffffffffffffcca, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x40000000042, 0x105}, 0x14}}, 0x0) 11:32:01 executing program 0: r0 = socket(0x0, 0x80002, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0x1000}, 0x1c2, 0x0) r2 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$read(0xb, r2, &(0x7f0000000240)=""/112, 0xffffffffffffffdc) r3 = memfd_create(&(0x7f0000000280)='\n\x84I\xb8\xac\xa5\xfe\x06s\xb8a\xaa\xbam\xbe\")\xdav\x82\x16\xdd\xc1*%IM\xf8\xe0\x9c\xado\xd9F\x9a\fV\xf9\xf0\x03\x80\xf5\xf7G+\x8a\xa5a\x8c\xcc\x0e+\xf2Q\xab%\xf3\x02\x95M\x02\xf9E.\xa1I)\xe2\x1c\xf7\xca\xd1\xaf\xf8\xd2\xe9j2', 0x0) write$binfmt_script(r3, 0x0, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x5, 0xffffffffffffffff) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmmsg$alg(r0, &(0x7f0000001940), 0x492492492492329, 0x0) 11:32:01 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$vnet(0xffffffffffffffff, 0x0, 0x0) listen(r0, 0xffffffff) r1 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0xa0040, 0x0) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000280)=0x6f) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000200)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) 11:32:01 executing program 2: r0 = memfd_create(&(0x7f00000001c0)='v\x93\x8b\xc3\x00s\x82lV\xf6\x91\fEQ\xae\xbc\xe1\xc1\xa9\x8c\xe4\xf6G\xc6\x7f\xe1X4\xd5\x9c\'\x02\x17\xb0\xb4A?\xc9ZO57\xb7*\xa9\x97!\xec\x034\\\xc7v2\t\x02\xad\xf0GZ\xb8\x94S\x99/\x9cK\xe5\xde\xfa\xb4\xcd\xe6\xe0Q]\x19\x15\b\x95\x9a\x7f?\x03\x9f\xc1\xa8\xcf\x81\x8fb4-6\x01\xaaJ\xae\x88[ve\xf1\xfdp\xfcd[\x85\x8f8!u\xc4\xd3\x91\xbb\x14(\xaby\xf5jG<\xa6\xf0\x00\xfeK\x17\xfb \xbb\xf1\xb8\xaa\xf0mB\xb8\xe5|>bJ\xe7U\xc6\x81\x87\x9d\x10\xd6\xdbW\x94a\xdb\xde\x03\xdb\xb8\x1e\xc6U\xf7\x06\xad\x89X%}~\x7f\xb9\xdf\xa5\xd07tr\xc9\x86\xa4Ka\x9e\xbc\xcbh\xcd\xd0\xb7nD\x1d\aNZk\xc1o`\x1bv\x04|\x81K\x188\b\x15\xfav}\xadMc\xd2\xbc\xa4R\x00'/240, 0x3) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) utimensat(0xffffffffffffffff, 0x0, &(0x7f0000000100)={{0x0, 0x2710}, {0x77359400}}, 0x100) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x40}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x200000, 0x0) fchmodat(r4, &(0x7f0000000180)='./file0\x00', 0x20) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x0, 0x11, r2, 0x0) 11:32:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) [ 182.415823] encrypted_key: key user:syz not found 11:32:01 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:01 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531007c778e0b"]) chdir(&(0x7f0000000380)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:01 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x48f, &(0x7f0000000000)={0x6, @multicast1, 0x0, 0x0, 'dh\x00'}, 0x2c) 11:32:01 executing program 5: 11:32:01 executing program 0: 11:32:01 executing program 5: [ 182.644851] *** Guest State *** [ 182.654039] CR0: actual=0x000000008005003f, shadow=0x000000008005001f, gh_mask=fffffffffffffff7 [ 182.664698] audit: type=1804 audit(1555673521.442:44): pid=7423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir892520368/syzkaller.NkSnZp/6/file0/memory.events" dev="sda1" ino=16581 res=1 11:32:01 executing program 0: [ 182.716643] CR4: actual=0x0000000000002068, shadow=0x0000000000000028, gh_mask=ffffffffffffe871 [ 182.730754] CR3 = 0x0000000000000000 11:32:01 executing program 4: [ 182.743427] audit: type=1804 audit(1555673521.522:45): pid=7437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir597411413/syzkaller.rBJTou/5/file0/memory.events" dev="sda1" ino=16561 res=1 11:32:01 executing program 0: [ 182.787844] PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 [ 182.818075] PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 11:32:01 executing program 5: [ 182.840730] overlayfs: filesystem on './file0' not supported as upperdir [ 182.868297] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 182.886889] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 182.921092] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 182.956301] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 182.977871] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 182.988833] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 182.999408] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 183.013813] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 183.022333] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 183.030635] GDTR: limit=0x00000000, base=0x0000000000000000 [ 183.038741] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 183.063257] IDTR: limit=0x00000000, base=0x0000000000000000 [ 183.082515] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 183.099371] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 183.108750] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 183.119533] Interruptibility = 00000000 ActivityState = 00000000 [ 183.131339] *** Host State *** [ 183.134719] RIP = 0xffffffff8117479a RSP = 0xffff888061847998 [ 183.144747] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 183.152916] FSBase=00007fdc10d85700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 183.164094] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 183.171825] CR0=0000000080050033 CR3=00000000926f5000 CR4=00000000001426e0 [ 183.174919] overlayfs: './file0' not a directory [ 183.178965] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff86201910 [ 183.193591] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 183.200407] *** Control State *** [ 183.204038] PinBased=0000003f CPUBased=b6986dfa SecondaryExec=000000c2 [ 183.211984] EntryControls=0000d1ff ExitControls=002fefff [ 183.217520] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 183.224631] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 11:32:02 executing program 2: 11:32:02 executing program 0: 11:32:02 executing program 4: 11:32:02 executing program 5: 11:32:02 executing program 1: 11:32:02 executing program 3: [ 183.231533] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 183.238917] reason=80000021 qualification=0000000000000000 [ 183.245776] IDTVectoring: info=00000000 errcode=00000000 [ 183.251983] TSC Offset = 0xffffff9b064babe6 [ 183.256485] EPT pointer = 0x00000000a4fe601e 11:32:02 executing program 2: 11:32:02 executing program 4: 11:32:02 executing program 1: 11:32:02 executing program 0: 11:32:02 executing program 5: 11:32:02 executing program 3: 11:32:02 executing program 4: 11:32:02 executing program 1: 11:32:02 executing program 2: 11:32:02 executing program 0: 11:32:02 executing program 5: 11:32:02 executing program 3: 11:32:02 executing program 2: 11:32:02 executing program 1: 11:32:02 executing program 4: 11:32:02 executing program 5: 11:32:02 executing program 3: 11:32:02 executing program 0: 11:32:02 executing program 2: 11:32:02 executing program 1: 11:32:02 executing program 3: 11:32:02 executing program 4: 11:32:02 executing program 5: 11:32:02 executing program 0: 11:32:02 executing program 1: 11:32:02 executing program 2: 11:32:02 executing program 3: 11:32:02 executing program 4: 11:32:02 executing program 5: 11:32:02 executing program 1: 11:32:02 executing program 0: 11:32:02 executing program 2: 11:32:02 executing program 4: 11:32:02 executing program 3: 11:32:02 executing program 1: 11:32:02 executing program 5: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) sched_setscheduler(0x0, 0x5, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1\x00|']) chdir(&(0x7f0000000380)='./file0\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0xa5, 0x4000) ioctl$KVM_GET_XCRS(r1, 0x8188aea6, &(0x7f00000001c0)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0x10000, 0x0, 0xafb9, 0x1, 0xdca}) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000008f00)={'dunl0\x00B\xb5\xab*\x00\x00\x00\xee\x00'}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @pic={0x0, 0xe27}}) syz_genetlink_get_family_id$fou(0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0xaaaaaaaaaaaac5c, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:32:02 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, [], {@ipv4={0x800, {{0x8, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x223, 0x223}, @local, {[@lsrr={0x83, 0x7, 0x5ef, [@multicast1]}, @ssrr={0x89, 0x3}]}}, @igmp={0x0, 0x0, 0x0, @broadcast}}}}}, 0x0) 11:32:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x800000000000013, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r2) 11:32:02 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x330b, 0x0) 11:32:02 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00') read(r0, 0x0, 0x0) [ 184.043200] audit: type=1804 audit(1555673522.832:46): pid=7524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir911031019/syzkaller.4heOon/21/file0/memory.events" dev="sda1" ino=16589 res=1 11:32:02 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='oom_score_adj\x00') lseek(r0, 0x1, 0x1) [ 184.105161] audit: type=1400 audit(1555673522.872:47): avc: denied { create } for pid=7525 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 11:32:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") close(0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='ip6gretap0\x00', 0x10) r1 = socket(0x400000000000010, 0x802, 0x0) write(r1, &(0x7f00000000c0)="24000000200099f0003be90000ed190e020008160000000000ba0080080002007f196be0", 0x24) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, [], {@ipv4={0x800, {{0x8, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x223, 0x223}, @local, {[@lsrr={0x83, 0x7, 0x5ef, [@multicast1]}, @ssrr={0x89, 0x3}]}}, @igmp={0x0, 0x0, 0x0, @broadcast}}}}}, 0x0) 11:32:02 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000140), 0xc) getsockname(r0, 0x0, &(0x7f0000000180)) [ 184.134349] audit: type=1400 audit(1555673522.872:48): avc: denied { write } for pid=7525 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 11:32:03 executing program 4: r0 = socket(0x80000000000000a, 0x3, 0xff) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x9, 0x8000000000032, 0xffffffffffffffff, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7261770000db0000000000000000000000000000000000000000000000000000020000001000"/72], 0x1) 11:32:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001df, 0x0) [ 184.251682] audit: type=1400 audit(1555673523.002:49): avc: denied { read } for pid=7525 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 11:32:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 11:32:03 executing program 5: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) sched_setscheduler(0x0, 0x5, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1\x00|']) chdir(&(0x7f0000000380)='./file0\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000006100)=[{{0x0, 0x0, &(0x7f0000002dc0)=[{&(0x7f0000001bc0)=""/245, 0xf5}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000002d80)=""/29, 0x1d}], 0x3}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0xfffffffffffffcca, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x40000000042, 0x105}, 0x14}}, 0x0) 11:32:03 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x10000261, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = syz_open_procfs(0x0, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000480), 0x10000000000003b8, 0x0) 11:32:03 executing program 2: syz_emit_ethernet(0xa6, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x2], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_emit_ethernet(0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="d5af449a0f3ba60232"], 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f000004d000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000003c000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000040000/0x2000)=nil, &(0x7f000004b000/0x4000)=nil, &(0x7f000003c000/0x2000)=nil, &(0x7f000004e000/0x3000)=nil, &(0x7f0000000300)="53f991d2622923bb61ac69bd069fccedb1d187178e497f01b8928afda59812aad36de1bc081b1f97a9156cea436bc64f56cbdd74901350a99e5e168e373dd2a901dd40f6d0fd8129afc8f12d784baf19aab917b8aa95cbb58eb153fbb53041955afa80d327c9ff4fe758a919a090fa8c3893337d4a9eddfe47f9bd380934914a2a00e7d888498e77037f6c8c35ea0851935f116f7b5486418a86a5268a0b6c26f480a97fcf784094c5037f6cb4c595522e96a3fd3d141516257b0118907543092b481d9c180d455f318698ad6d7744dc710d28b9503f48e8f63278d5468979f4bea52d963e7a8cc1cb7e83e2f5a87c19c121da241cec6b9c7fc3b8438f9fe27df3bbac342e7fde9362b2c28398dae1322b1069b2ae7c3f8177b7dea322460d55f0479e75c11cdaca2f3f10e29461939709c0407386a76730d0a0f6514973b50c93b490ddc96e83af91c411c49c3faa8ec64747ef1ca9572e5f523ef1f79675f1f2ed574411e83b25dd0dcc75cac5e154aca485521b4d325c97daf453c54e1e6a6fb1d158a9b05e4376366d04b2e6b0642dbc1b7ceeeb97a17c7f11a5bdad7eec8ecabfe03ebb6eb86e72a938bc98fe9afaa94de477d4584ab208f6747a39eac450e6bcf76c4ad54214e35f1ea009a0dbc17126072fb6f260637f288ad5aa0af81603c4cebaa7a672803436101e37f5084d7c4afc87f7025580fb27883a3e498c32b940d1ddfd86c5c6cf425f02f974ea078b091e6716733dacf3e63bbc76877be761fe95d9a86d0628bfbd4ba5e90dbfdbeeeede77b5bfb838f22b3d91722f3afc8c6b09ea931866d6dbd8afed61bec03c1ece12ddd3e69162a8eff86e8ad8fd885819aa194064b9dbc9104491c38327c37a05e68d90e9f4b8680a720edd70b4c18d608d6d3ae4db7104c537bf8c9d74354c25616bf959fca28dc4a441848fb2416db3eb797015466a6eac89f06cc729a5a5836a750a71fc6ac16d5e69fe2e59947a7c74ae76233fa25b21960575c52357846307954a491c3bd21c68523154cbdba94aae51bd2ef6dfcf0b5d74defc9d5828723f2341e830f8255bc01b8a5de988f7fb1975c78cc8580067db4ed0917823d5b77ee6f313ac41c8e8d2d445029f332428212bac76a4c444a154b20152f989101a4fd421906338a19503d51eddcc6508852d5804778b36bbd520e60d8bf05bd6b087f6552f982a8f1f684fcfdeb17ce852fd91bc674944252c87d350bd030ef10ac82758c1db71ba6c328b9e19746f61f0c602675b1934c94a9fd4a2757a740201e635d56bb57b68550eaa74983028c62aefd0eea9eac1b35161e4ec1356fa895dd095d19f7598a85fa320665eb916fde99452b12f4e09363738244a52dbfd1acd98c2e0d3bb1a97afe7e423df35d428dc0db7f38ebf53a9d6cf4f03968187f7253899e85fab76f075c90bf3ca8a681808b0fb91f956a2a15e18591a245793d5db72eecd123ed04f74e2153994e25fdfcc23c8bb362890a0e689dc7420c411592c58d81e0cda23eccf77febcf969fc4dded5f77b9311986fb1b33bcb262b48af050d245b59f7865d44105f309abda99ca88e857d1af6686dee2161c3bae53d8507ba1304fa133d2a60e9fd5acba5650d87e371945ee99b2e05111b995df4635d40687cc220930c5f07db1103dc7106e00ceb7a4e3b4290541843706934d54ff6d907c3b6800b93b0abbfebbcea9bae14337610fa8b7b3ea8ecf067a48e21341ce476253ca5e8b714a8451695ff14685ea73ad2a7bb45bfdfce6e7382971581fa8a470610f0304c184d1853deb6d7ee3be29fa9af2ec919227a6636d21c702feb827eba6c8e64181000c8168874b9d20f4a89e9110db599f1e57958db5dec66c3e7626e12d871faac0839ba3040fc6d5b087d150715ecaa2f4a4355fa5a52916e8d0116dfab8b36f330cd3e99b5ae2243c87ad5b123b2f7ee3993e1f1a8be93601a8f8298295bbf5040c2666463ed0a65a732668aa8be57de7f12ea4f5354b57f5c5c0401f8978b3032db2ff965c2fde98a996cf34d564fe180ede99df33748b7680240aae665d1afbc68124f1ab0bea1f36ac42a00c431c0377f0fa9c0f98db9dd5aced1d5fc35aadb788f8019fd8224e3e7de8056d9b101b37ce88b0f73166a45dd0f3e5c37ad15ee79e30cb3c0dcabea5a36b0fbb1e49e7a32056735b0604b0b78714924c77179c69bcd948c336e1980d52feabb979a4f492412696372d39fa70c6abccd284c49d8ca9d3710311542d09e55fcd12c1ad07b573c50b1c8f39294a16575b28bdd1ff856372085c26a991f889310364d2c950b8ae862f14884fdb6b648e7f0f3016cd14fcd75d4079d5f84e34bb8c1b9fba6d91c378728744736bd7f517364ccab26557dcfe4b84fa2935553d7971390063de46da65624ad7103f6aff4c6ebd4b494f2e01d845b9dd4f046ed805ba04ed2bfd11e2ccd355836c55b076fbe3d3def91a934d9db4e2606159c4eef2dbb712b3abbf612ec757d5ac38c5faafe146238b8ddc57fc4fc16532255bf2b4b80ed8bc6585ee218e102b7b5b3ad11b7bc8e618f5d66eeef03e4c594c21c72fcc462705e6a2e405bb6c04f5390a512d5d272ac42955fb9117dccd07bda7ab325028c071bb74c4d344d912c9f8ad6af462c1d4468e9cf36f228a003d5323e50943ecbae58862f295390b5aeed18d9f421744e5e2c5d22125c1cc358cf87a0c8569c89e5e7e5292a2a623aca85c1f2f5232abb6504e0944d778396d04fb3d386665f0efbf66aab78293649bd2f956b3382234984370a22065c0547f13a7dcb601879e3c3ee28d3d1c642eefeef80c885a9b6609f138137838fba3fbddef8c291187d951b6ea494832c3003a66372a150e7c446a25d16ebf077af7266e55cf852f8556444b9a6c76273fc44cebb25956912b1519d482e6badfdc9a0a4aa2078d8117bed4f990f6d0fafe8919da2ee91ee48f9f90d4bd7f9af595839e5333a6e2668ae837460bf7deac98594361659e9b9105dafa2f6949b5900f52a3d16fac186aaf710bcbf9aee376ba389ec0f4ea387755baf4575f353c4b687ffce2ec248c3afb90e9ea751708b75cef06300dbf15d967ee9d2beb282603a5c787d9a2317eec750458ce15b1ce5ff3f772964f1194939f23d2ef44da1cbfeeca1e3ddb7287c69d04fde90c1f385f8a48944a8f1c6b3500c7b4f943df549a5cde04e83d2cb804763b207792fb8bfab0402767b5e4936f6e429bc71ec73783c7cd296fbb749396377cb8386cbbd41152521765d9451bf3dcc0af93699c44bbd11d03514a8a5f00a6084116e675a38e255006500b28f36154f6b7ef8cde8495dd6efa639f0ddbea9b92534c842e9e625d6b3fc7192e56d3acae73c51253f42e6dfd8b78bd584353afde976fa5577b33b03ace0f1c40b78423959a0192589dd3a4f681dae2bc0a04cd7cb0eafa333af7a77d7525ed4d41d9621665134060a8109419f6b3d7b8f175f2286048a0affb7aecc88180871d35e1be594ad76b0910f0ea0424c5ba342ad8705a095b42376f55bb39b8efbb6ac4af1b82f7c3cb2d34fa1bbfd58cc48ba1c50daf16235bd671fabe098651076c8eeaa02c9b6e70e7d2f4342d552294fe5b09505df1f261c659daf853a022b67eacc5cadfc028ea8d219465c175cf329f56a38208ff821096a8a8dac10c0b6dc2e4fa76b009792a6eaeaf32213de5dc244a7b4ab6ad9238c511579607c5219db41c483f05c834ab4326195983d98586ae5ddc39f0ea0e31988b23e2bae94dd213f96e68c9b32a46503747ddba75700699c1df43089f2af873439c6ccec0b0c3f19089945e417e5a8538d07b35c0a8dcdfa3ccc1a96c610b2f0d4079e78b5c52734a0750fc47c99266400acd80a9f12c9f87d562ca1544864e7fdb3978c519afe2ab708374a158908e72d7c5b81ca50437a5c030057d6cdac3e491e911ffd34bea5509b39adb015b71ea27b235e338928658f3eef8faa1204f47c6fba6b3a4343981ea2d333d46dc8e7638a506917b954e4549dac8c8cc4822ecabdd0a0bf4dbadc4676b3702435165210586efa9392815d75b25a7279c64b6596eff5988f3ca7f83a8cde67dcc696058d924bf777096214a43c4e74e24e07f64786b70e9a2caa2923aacd98453aa76546c40f61c23d821249f76a9d0999ff9ee6ca7d40a80990a0b26c5fae81c098d0920fb67326fbe9fec2c1bf7aad59cf8e7863bbafcd9d723b3507b456e8eb50f4d7b3df56048b495c6f9d5e85bfd110d99f0458b8fb631d413ab7afcdbb79d242224d1cb53b7c5b9e778fd445f9b9bcb761a454ade09e2561107e69518cddd82e488bbefd5c78c4d60572213e38bb146fcc6f043b66a45c868074d39d055ba413021cb207c7dd86f020244368e8f7e4be431725df64ce669ed50dcc28c83f98d2cf86ba296d0807d72d206816a5e19d36fef0f0d30a0a5b7008787b115988447ba9d8c448c2df21578e3f6bfe8ef92c34b413cc4e23dff42f70523951038b20213da39e1301c32214624439c5b94ea431f3f2d4cf179f6bd2bab4f8012faf83ea9108de5b9e6a4e38545dd639d20e11ad4af38b088c023dae81b31e42c5628c302410a05308388250fed4165539017402330362743325cae042fb39912a25d585567aabafb964003a356a40a27c42ae0b09ee3a27c17b966338bc74eb2ba20d49bf15005e3bad98622d2a142f623ecdad35e60373c383ad644b14379ed75e1f151ba579a34e309cdadcad1627e66942a2c79aa904a2c5083ef957", 0xd36}, 0x68) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000003b000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:32:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vlan0\x00', 0xd803}) [ 184.529094] audit: type=1804 audit(1555673523.312:50): pid=7570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir911031019/syzkaller.4heOon/21/file0/file0/memory.events" dev="sda1" ino=16531 res=1 11:32:03 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) 11:32:03 executing program 2: mkdir(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) chdir(0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) timer_create(0x0, 0x0, 0x0) times(0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) timer_create(0x0, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000400)='net/tcp\x00\xcdWq\xe9*\a4g\a^\x90\xb6\xe4kH2\x80/\x88\xb6\xbb\xeb`\xb8@#\x83tH\xae\xa4y\x1d\\]\x93\x93\xb5e\xd9\xd4\xb8A# \xc8*s\xd0g>\x16\xabM\x7foK\xec\x17f\xb9x\x11\xbf\xab\x16\xc5\xcb\x94\xff\x1c\xa0\x01\xb3I\x1c\xb9\xcc\xbb\xbe\x9c\xd0!\x13\xe1\xbc.\xfaG3\x85\xe0,') sendfile(r0, r1, &(0x7f0000000080), 0x80000003) 11:32:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f00000011c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}}}, 0x90) 11:32:03 executing program 4: futex(&(0x7f000000cffc)=0x2000000000000004, 0x109, 0x4, 0x0, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") futex(&(0x7f000000cffc), 0xa, 0x0, 0x0, 0x0, 0x223) 11:32:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000000)={0x5, 0x0, [{0x40000000, 0x2, 0x2, 0x80000000, 0x9}, {0x40000001, 0x3cf3, 0x81, 0x9, 0x3f}, {0xc000001b, 0x2, 0xffff, 0x3, 0x2e}, {0x7}, {0xa, 0x2}]}) [ 184.819823] audit: type=1804 audit(1555673523.602:51): pid=7595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir911031019/syzkaller.4heOon/22/file0/memory.events" dev="sda1" ino=16569 res=1 11:32:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f00000011c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}}}, 0x90) 11:32:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r1, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x1) 11:32:03 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000280)={'lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\xce\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00\x13\x00 \x00\x00\x00\x03\x00', 0x101}) 11:32:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f00000011c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}}}, 0x90) 11:32:03 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000300)={0x1000, 0x9, 0x69}) clone(0x2102009ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) pipe2$9p(&(0x7f0000000040), 0x84800) openat$zero(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/zero\x00', 0x2, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cachefiles\x00', 0x2000, 0x0) creat(&(0x7f0000000380)='./file0\x00', 0x1) write$P9_RLCREATE(r0, 0x0, 0x29a) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000740)=@nat={'nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0x19, 0x1, 0x0, [0x20000000, 0x0, 0x0, 0x20000030, 0x20000060], 0x0, 0x0, 0x0}, 0x108) poll(&(0x7f0000000100)=[{r0}], 0x1, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000000)={0x0, @aes256}) ioctl$EVIOCGREP(r0, 0x4004743c, 0x0) 11:32:03 executing program 0: syz_emit_ethernet(0x3e, &(0x7f0000000080)={@broadcast, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x70}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x2, 0x0, 0x0, 0x0, 0x6, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, 0x0) 11:32:03 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) 11:32:03 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x2000000) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000080)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) dup3(r0, r1, 0x0) sendto$inet6(r0, &(0x7f00000005c0), 0xfffffffffffffd47, 0x0, 0x0, 0x0) 11:32:04 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) 11:32:04 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 11:32:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000006100)=[{{0x0, 0x0, &(0x7f0000002dc0)=[{&(0x7f0000001bc0)=""/245, 0xf5}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000002cc0)=""/172, 0xac}, {&(0x7f0000002d80)=""/29, 0x1d}], 0x4}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0xfffffffffffffcca, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x40000000042, 0x105}, 0x14}}, 0x0) 11:32:04 executing program 3: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000002000/0x4000)=nil) 11:32:04 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x1004e20, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f0000000440), 0x400000000000211, 0x0) 11:32:04 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) [ 185.400737] device lo entered promiscuous mode [ 185.473084] device lo left promiscuous mode [ 185.478832] device lo entered promiscuous mode 11:32:04 executing program 5: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) mremap(&(0x7f0000008000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000004000/0x2000)=nil) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x6100) write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0xf642e7e) 11:32:04 executing program 2: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:04 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() fsetxattr$security_evm(r0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000200)='overlay\x00', 0x41000, &(0x7f00000002c0)={[{@index_off='index=off'}], [{@dont_hash='dont_hash'}, {@hash='hash'}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@smackfstransmute={'smackfstransmute'}}]}) lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r1, 0x5, &(0x7f0000000040)) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531007c778e0bfce8be9442e5de490cbb0be96b2c6530f4d45fe9a8759d32531180"]) chdir(&(0x7f0000000380)='./file0\x00') perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x80000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:04 executing program 0: r0 = socket$kcm(0x10, 0x210000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="23000000420081aee405e9a4000000000000151dc8f51ea5d24700000000b187000000", 0x23}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000001740)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000014680)={0x0, 0x0, 0x0}, 0x0) 11:32:04 executing program 1: sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) 11:32:04 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='oom_score_adj\x00') lseek(r0, 0xffffffffffffffff, 0x3) 11:32:04 executing program 1: sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) 11:32:04 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x40106309}], 0x0, 0x0, 0x0}) [ 185.672619] audit: type=1804 audit(1555673524.462:52): pid=7689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir090232143/syzkaller.J7QWQr/20/file0/memory.events" dev="sda1" ino=16600 res=1 11:32:04 executing program 1: sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) [ 185.768912] binder: 7698:7700 BC_ACQUIRE_DONE u0000000000000000 no match [ 185.797543] binder: 7698:7701 BC_ACQUIRE_DONE u0000000000000000 no match 11:32:04 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) [ 185.904374] md: invalid raid superblock magic on ram0 [ 185.924185] md: ram0 does not have a valid v0.0 superblock, not importing! [ 185.938742] md: md_import_device returned -22 [ 186.017286] audit: type=1804 audit(1555673524.802:53): pid=7686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir597411413/syzkaller.rBJTou/20/file0/memory.events" dev="sda1" ino=16543 res=1 [ 186.160398] audit: type=1804 audit(1555673524.802:54): pid=7696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir090232143/syzkaller.J7QWQr/20/file0/file0/memory.events" dev="sda1" ino=16542 res=1 11:32:05 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x1004e20, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f0000000440), 0x400000000000211, 0x0) 11:32:05 executing program 1: socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) 11:32:05 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x2808003102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$TCSETS2(r0, 0x402c542b, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 11:32:05 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) [ 186.300670] md: invalid raid superblock magic on ram0 [ 186.325347] md: ram0 does not have a valid v0.0 superblock, not importing! [ 186.336961] md: md_import_device returned -22 [ 186.434972] overlayfs: './file0' not a directory [ 186.454089] audit: type=1804 audit(1555673525.242:55): pid=7686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir597411413/syzkaller.rBJTou/20/file0/memory.events" dev="sda1" ino=16543 res=1 11:32:05 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:05 executing program 2: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000002000/0x4000)=nil) 11:32:05 executing program 1: socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) 11:32:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = socket(0x40000000015, 0x805, 0x0) getsockopt(r1, 0x114, 0x2710, &(0x7f0000af0fe7)=""/13, &(0x7f0000000000)=0xfcfe) 11:32:05 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f00000011c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000001040)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}}}, 0x90) 11:32:05 executing program 4: r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xffffffffffffff7f}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x4}) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0) read(r2, &(0x7f0000481000)=""/128, 0x80) 11:32:05 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) [ 186.546559] md: invalid raid superblock magic on ram0 [ 186.554709] md: ram0 does not have a valid v0.0 superblock, not importing! [ 186.564043] md: md_import_device returned -22 11:32:05 executing program 4: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() fsetxattr$security_evm(r1, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000200)='overlay\x00', 0x41000, &(0x7f00000002c0)={[{@index_off='index=off'}], [{@dont_hash='dont_hash'}, {@hash='hash'}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@smackfstransmute={'smackfstransmute'}}]}) lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r2, 0x5, &(0x7f0000000040)) lstat(0x0, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531007c778e0bfce8be9442e5de490cbb0be96b2c6530f4d45fe9a8759d32531180"]) chdir(&(0x7f0000000380)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:05 executing program 1: socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000010000000000000000"], 0x98}}, 0x0) 11:32:05 executing program 2: syz_emit_ethernet(0x211d49, &(0x7f0000000000)={@local, @empty=[0x2, 0x7], [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x32, 0x0, @ipv4={[0x2], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff83, 0x0, 0x0, 0x0, [0x9, 0x29], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3], [], @broadcast}, @ipv4={[], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 186.653762] md: invalid raid superblock magic on ram0 [ 186.688898] md: ram0 does not have a valid v0.0 superblock, not importing! [ 186.737132] md: md_import_device returned -22 [ 186.782880] audit: type=1804 audit(1555673525.572:56): pid=7764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir708425314/syzkaller.8r77to/24/file0/memory.events" dev="sda1" ino=16527 res=1 [ 186.901154] overlayfs: './file0' not a directory [ 186.914049] audit: type=1804 audit(1555673525.702:57): pid=7770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir708425314/syzkaller.8r77to/24/file0/memory.events" dev="sda1" ino=16527 res=1 11:32:05 executing program 5: clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000480)='./file0\x00', 0x1043, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000300)=""/11, 0xb) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) ioctl$TCSETAW(r1, 0x5407, 0x0) msgctl$IPC_RMID(r0, 0x0) 11:32:05 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, 0x0, 0x0) 11:32:05 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() fsetxattr$security_evm(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000200)='overlay\x00', 0x0, 0x0) lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r1, 0x5, &(0x7f0000000040)) lstat(0x0, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531007c778e0bfce8be9442e5de490cbb0be96b2c6530f4"]) chdir(&(0x7f0000000380)='./file0\x00') perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x80000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:05 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKPG(0xffffffffffffffff, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:05 executing program 2: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)) 11:32:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070") r1 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 11:32:05 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKPG(0xffffffffffffffff, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:05 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKPG(0xffffffffffffffff, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) [ 187.149150] overlayfs: missing 'lowerdir' 11:32:05 executing program 2: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000140)="410f01f964ff0941c3c4e2c99758423eded8738d66420fe2e33ea163917b1f00000000c442019dcc6f") clone(0x2808003102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) ioctl$TCSETS2(r0, 0x402c542b, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 11:32:06 executing program 0: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:06 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, 0x0, 0x0) 11:32:06 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_triestat\x00') lseek(r0, 0x1, 0x0) [ 187.264464] md: invalid raid superblock magic on ram0 [ 187.291310] md: ram0 does not have a valid v0.0 superblock, not importing! [ 187.314650] md: md_import_device returned -22 [ 187.412380] overlayfs: missing 'lowerdir' [ 187.418048] overlayfs: './file0' not a directory 11:32:08 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000140), 0xc) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) 11:32:08 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, 0x0, 0x0) 11:32:08 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$netlink(0x10, 0x3, 0x40000000010) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x6c, r1, 0xc01, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @empty={[0x60]}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0) 11:32:08 executing program 0: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x4, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="10630840"], 0x0, 0xfdfdffff, 0x0}) 11:32:08 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 11:32:09 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000001400)='dctcp\x00', 0xffab) sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) [ 190.145446] md: invalid raid superblock magic on ram0 [ 190.159254] binder: 7840:7843 Acquire 1 refcount change on invalid ref 0 ret -22 [ 190.160185] Bearer rejected, not supported in standalone mode [ 190.168438] md: ram0 does not have a valid v0.0 superblock, not importing! [ 190.183580] binder: 7840:7843 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 190.210983] md: md_import_device returned -22 11:32:09 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, 0x0}, 0x0) 11:32:09 executing program 0: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:09 executing program 4: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) r0 = getpid() lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531007c778e0bfce8be9442e5de490cbb0be96b2c6530f4d45fe9a8759d32531180"]) chdir(&(0x7f0000000380)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:09 executing program 5: r0 = socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_proto_private(r0, 0x89e1, &(0x7f0000000080)) [ 190.267449] binder: 7840:7856 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 190.278458] binder: 7840:7856 BC_DEAD_BINDER_DONE 0000000000000000 not found 11:32:09 executing program 5: mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") symlink(&(0x7f0000000500)='.\x00', &(0x7f00000004c0)='./file0\x00') umount2(&(0x7f00000001c0)='./file0/../file0/file0\x00', 0x80000000002) 11:32:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000300)='/dev/video#\x00', 0x0, 0x2) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000bc8000)) readv(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/168, 0xa8}], 0x1) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/net/pfkey\x00', 0x30203, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(r3, 0x400448c9, &(0x7f00000004c0)={{0x2, 0xee, 0x0, 0x20, 0x0, 0x400}, 0x2}) 11:32:09 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, 0x0}, 0x0) [ 190.326333] md: invalid raid superblock magic on ram0 [ 190.339769] md: ram0 does not have a valid v0.0 superblock, not importing! [ 190.354704] md: md_import_device returned -22 11:32:09 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:09 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, 0x0}, 0x0) [ 190.446466] md: invalid raid superblock magic on ram0 [ 190.451813] md: ram0 does not have a valid v0.0 superblock, not importing! [ 190.459162] md: md_import_device returned -22 [ 190.554164] kauditd_printk_skb: 1 callbacks suppressed [ 190.554174] audit: type=1804 audit(1555673529.342:59): pid=7864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir708425314/syzkaller.8r77to/28/file0/memory.events" dev="sda1" ino=16629 res=1 [ 190.695661] overlayfs: './file0' not a directory [ 190.705995] audit: type=1804 audit(1555673529.492:60): pid=7890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir708425314/syzkaller.8r77to/28/file0/memory.events" dev="sda1" ino=16629 res=1 11:32:09 executing program 3: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000080)="f3e100575cc2c9734e424a2664f0ff064a460f3038082e67660e0f01da450f73f500c4e1b971e300feabc4aba39de50c420fae9b72af7111bc02") 11:32:09 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x40086303}], 0x0, 0x0, 0x0}) 11:32:09 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:09 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)}, 0x0) 11:32:09 executing program 4: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) r0 = getpid() lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531007c778e0bfce8be9442e5de490cbb0be96b2c6530f4d45fe9a8759d32531180"]) chdir(&(0x7f0000000380)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) [ 190.946589] binder: 7840:7892 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 190.953925] binder: 7840:7843 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 190.960969] binder: 7840:7856 BC_DEAD_BINDER_DONE 0000000000000000 not found 11:32:09 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)}, 0x0) [ 191.006607] binder: 7895:7903 BC_FREE_BUFFER u0000000000000000 no match [ 191.019136] md: invalid raid superblock magic on ram0 [ 191.026459] binder: 7895:7906 BC_FREE_BUFFER u0000000000000000 no match [ 191.044437] md: ram0 does not have a valid v0.0 superblock, not importing! 11:32:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = memfd_create(&(0x7f0000000040)='\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00', 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 191.068805] md: md_import_device returned -22 11:32:09 executing program 5: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") exit(0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000080)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}) [ 191.218864] audit: type=1804 audit(1555673530.002:61): pid=7897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir708425314/syzkaller.8r77to/29/file0/memory.events" dev="sda1" ino=16612 res=1 11:32:10 executing program 2: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) syz_execute_func(&(0x7f0000000140)="410f01f964ff0941c3c4e2c99758423eded8738d66420fe2e33ea163917b1f00000000c442019dcc6f") clone(0x2808003102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$TCSETS2(r0, 0x402c542b, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 11:32:10 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:10 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)}, 0x0) 11:32:10 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[]}}, 0x0) [ 191.358691] md: invalid raid superblock magic on ram0 [ 191.377521] md: ram0 does not have a valid v0.0 superblock, not importing! [ 191.398559] md: md_import_device returned -22 11:32:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000006100)=[{{0x0, 0x0, &(0x7f0000002dc0)=[{&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000002cc0)=""/172, 0xac}, {&(0x7f0000002d80)=""/29, 0x1d}], 0x3}}], 0x1, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0xfffffffffffffcca, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x40000000042, 0x105}, 0x14}}, 0x0) 11:32:10 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:10 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[]}}, 0x0) 11:32:10 executing program 4: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000002000/0x4000)=nil) r0 = getpid() process_vm_writev(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/182, 0xb6}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f0000000240)=""/127, 0x7f}, {&(0x7f0000000500)=""/34, 0x20}, {&(0x7f00000002c0)=""/60, 0x3c}, {&(0x7f0000000300)=""/201, 0xc9}], 0x6, &(0x7f0000000940)=[{&(0x7f0000000580)=""/127, 0x7f}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000680)=""/87, 0xac}, {&(0x7f0000000700)=""/117, 0xfffffee0}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000840)=""/220, 0xdc}], 0x7, 0x0) 11:32:10 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:10 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:10 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(0xffffffffffffffff, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_open_dev$audion(&(0x7f00000003c0)='/dev/audio#\x00', 0x4007, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x5, 0x8100) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r4, 0x20, 0x70bd27, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4010}, 0x20004000) r5 = creat(&(0x7f0000000100)='./file0\x00', 0x80) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000040)=0x80) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x8880, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1, 0x6, 0x5, 0x0, 0x7, 0x0, {0x58aab2d5, 0x3, 0x9, 0x7, 0x0, 0xffffffff7fffffff, 0x3, 0x4, 0x23, 0x8001, 0x0, 0x1ff, 0xe1, 0x0, "8badb5826877ecabf2bfc60bd9a585d5d56d034227387c09c6f72fa6ba291ad4"}}) epoll_create1(0x80000) ioctl$KVM_RUN(r2, 0xae80, 0x0) bind$vsock_dgram(r5, 0x0, 0x0) 11:32:11 executing program 2: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(0x0, 0x0) getpid() mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1\x00']) chdir(&(0x7f0000000380)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) 11:32:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[]}}, 0x0) 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(0xffffffffffffffff, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:11 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000000)={0x1f, {0x0, 0x0, 0x100000001}}, 0xa) 11:32:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000006100)=[{{&(0x7f0000002e00)=@ipx, 0x80, &(0x7f0000003380)=[{&(0x7f0000002e80)=""/31, 0x1f}, {&(0x7f0000002ec0)=""/217, 0xd9}, {&(0x7f0000002fc0)=""/240, 0xf0}, {&(0x7f00000030c0)=""/187, 0xbb}, {&(0x7f0000003180)=""/34, 0x22}, {&(0x7f00000031c0)=""/58, 0x3a}, {&(0x7f0000000180)=""/191, 0xbf}, {&(0x7f00000032c0)=""/100, 0x64}, {&(0x7f0000003340)=""/15, 0xf}], 0x9, &(0x7f0000003440)=""/4096, 0x1000}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0xfffffffffffffcca, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x40000000042, 0x105}, 0x14}}, 0x0) 11:32:11 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040), 0x4) dup3(r0, r1, 0x0) 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(0xffffffffffffffff, 0x40140921, &(0x7f0000000040)={0xfff, 0x1, 0x0, 0x0}) 11:32:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB]}}, 0x0) 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, 0x0) 11:32:11 executing program 4: 11:32:11 executing program 3: [ 192.304141] audit: type=1804 audit(1555673531.092:62): pid=7994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir090232143/syzkaller.J7QWQr/29/file0/memory.events" dev="sda1" ino=16654 res=1 11:32:11 executing program 4: [ 192.535659] overlayfs: filesystem on './file0' not supported as upperdir [ 192.581035] audit: type=1804 audit(1555673531.372:63): pid=8023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir090232143/syzkaller.J7QWQr/29/file0/file0/memory.events" dev="sda1" ino=16638 res=1 11:32:11 executing program 3: 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, 0x0) 11:32:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB]}}, 0x0) 11:32:11 executing program 4: 11:32:11 executing program 5: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESTART(r0, 0xc0401273, 0x0) 11:32:11 executing program 2: 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, 0x0) 11:32:11 executing program 3: 11:32:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB]}}, 0x0) 11:32:11 executing program 4: 11:32:11 executing program 5: 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0}) 11:32:11 executing program 3: 11:32:11 executing program 4: 11:32:11 executing program 5: 11:32:11 executing program 3: 11:32:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a00"/76], 0x4c}}, 0x0) 11:32:11 executing program 2: 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0}) 11:32:11 executing program 4: 11:32:11 executing program 5: 11:32:11 executing program 3: 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0}) 11:32:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a00"/76], 0x4c}}, 0x0) 11:32:11 executing program 2: 11:32:11 executing program 4: 11:32:11 executing program 3: 11:32:11 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x0, 0x0, 0x0}) 11:32:11 executing program 5: 11:32:12 executing program 2: 11:32:12 executing program 3: 11:32:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a00"/76], 0x4c}}, 0x0) 11:32:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000006100)=[{{0x0, 0x0, &(0x7f0000002dc0)=[{&(0x7f0000001bc0)=""/245, 0xf5}, {&(0x7f0000000380)=""/4096, 0x1000}], 0x2}}], 0x1, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xfffffffffffffcca, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x40000000042, 0x105}, 0x14}}, 0x0) 11:32:12 executing program 5: 11:32:12 executing program 2: 11:32:12 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x0, 0x0, 0x0}) 11:32:12 executing program 3: 11:32:12 executing program 5: 11:32:12 executing program 2: 11:32:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd000000000500"], 0x72}}, 0x0) 11:32:12 executing program 0: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x40140921, &(0x7f0000000040)={0xfff, 0x0, 0x0, 0x0}) 11:32:12 executing program 4: 11:32:12 executing program 2: 11:32:12 executing program 5: 11:32:12 executing program 3: 11:32:12 executing program 0: 11:32:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd000000000500"], 0x72}}, 0x0) 11:32:12 executing program 4: 11:32:12 executing program 3: 11:32:12 executing program 5: 11:32:12 executing program 0: 11:32:12 executing program 2: 11:32:12 executing program 4: 11:32:12 executing program 5: 11:32:12 executing program 2: 11:32:12 executing program 0: 11:32:12 executing program 3: 11:32:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd000000000500"], 0x72}}, 0x0) 11:32:12 executing program 4: 11:32:12 executing program 5: 11:32:12 executing program 3: 11:32:12 executing program 0: 11:32:12 executing program 2: 11:32:12 executing program 4: 11:32:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000"], 0x85}}, 0x0) 11:32:12 executing program 2: 11:32:12 executing program 3: 11:32:12 executing program 5: 11:32:12 executing program 0: 11:32:12 executing program 2: 11:32:12 executing program 4: 11:32:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000"], 0x85}}, 0x0) 11:32:12 executing program 5: 11:32:12 executing program 3: 11:32:12 executing program 0: 11:32:12 executing program 4: 11:32:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000"], 0x85}}, 0x0) 11:32:12 executing program 2: 11:32:12 executing program 5: 11:32:12 executing program 3: 11:32:12 executing program 0: 11:32:12 executing program 4: 11:32:12 executing program 3: 11:32:12 executing program 2: 11:32:13 executing program 5: 11:32:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000"], 0x8f}}, 0x0) 11:32:13 executing program 0: 11:32:13 executing program 3: 11:32:13 executing program 4: 11:32:13 executing program 5: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 11:32:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x8802, 0x0) 11:32:13 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x1004e20, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f0000000440), 0x400000000000211, 0x810) 11:32:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000"], 0x8f}}, 0x0) 11:32:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000006100)=[{{0x0, 0x0, &(0x7f0000002dc0)=[{&(0x7f0000001bc0)=""/245, 0xf5}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000002cc0)=""/172, 0xac}, {&(0x7f0000002d80)=""/29, 0x1d}], 0x4}, 0x80000000}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0xfffffffffffffcca, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x40000000042, 0x105}, 0x14}}, 0x0) 11:32:13 executing program 3: 11:32:13 executing program 2: 11:32:13 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000300)=ANY=[@ANYBLOB="6d616e676c650000000000000000000000000000000000000000a005000058024f9f80a3306e074fd9ab0d8dd0d93c7d71c54c000000000000000000b00400000000000000000000e800000000000000000000000000d5"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 11:32:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff0200000040000000000000000000"], 0x8f}}, 0x0) 11:32:13 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x101}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 11:32:13 executing program 2: getpid() r0 = syz_open_procfs(0x0, 0x0) lseek(r0, 0x0, 0x3) syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) sendfile(r1, r1, 0x0, 0x20) sendfile(r1, r1, &(0x7f0000000180), 0x7f8) mount(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000240)) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x8000) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) 11:32:13 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00\f#\x9f\xd0\x85\xac\xc4\x9b\x81-\xb3\xd7=C\xea', 0x200002, 0x0) fchdir(r0) r1 = inotify_init() r2 = open(&(0x7f0000028000)='./control\x00', 0x0, 0x0) inotify_add_watch(r1, &(0x7f0000000000)='./control\x00', 0x40) renameat2(r2, &(0x7f0000000040)='./control\x00', r2, &(0x7f0000036000)='./file0\x00', 0x2) 11:32:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000400000000000000000000100000000"], 0x94}}, 0x0) [ 194.615034] audit: type=1400 audit(1555673533.402:64): avc: denied { map } for pid=8243 comm="syz-executor.2" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=30663 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 194.672737] device lo left promiscuous mode [ 194.691469] device lo entered promiscuous mode [ 194.708978] device lo left promiscuous mode 11:32:13 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000040)={0x0, @multicast2, 0x0, 0x0, 'none\x00'}, 0x2c) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="606b9a974a00000127bd7000ffdbdf17ae1f005d8f023414be080300b302f11cfcdf74dfaf5e4d56cc06b7d7cd00000f000200080001d970"], 0x1}}, 0x0) lsetxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00fb150000adcc94c0ff0000000000000104"], 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x60, &(0x7f0000000000)={0x0, @empty, 0x0, 0x0, 'dh\x00', 0x0, 0x0, 0x400}, 0x2c) 11:32:13 executing program 0: r0 = socket(0x20000000000000a, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") getsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000dbb000), &(0x7f0000000040)=0x4) 11:32:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$unix(0x1, 0x5, 0x0) close(r2) close(r1) pipe(&(0x7f00000000c0)) close(r2) 11:32:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000400000000000000000000100000000"], 0x94}}, 0x0) 11:32:13 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0xa, 0x5, 0x6d, 0x8000000000000002, 0x0, 0x0}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000000100)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000040), 0x0}, 0x18) 11:32:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000400000000000000000000100000000"], 0x94}}, 0x0) 11:32:13 executing program 3: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffd8) 11:32:13 executing program 5: clone(0x0, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000080)='./file0\x00', 0x8025, 0x0) execve(0x0, 0x0, 0x0) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000240)=[&(0x7f0000000100)='^mime_type,\x00', &(0x7f0000000180)='}\x00']) 11:32:13 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev}}, 0x1c) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0) 11:32:13 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f323c123f319bd070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f0000000340)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000180), 0x10) sendto$inet(r1, &(0x7f0000000040), 0xffdd, 0x0, 0x0, 0xfffffffffffffdb6) 11:32:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff020000004000000000000000000001000000000000"], 0x96}}, 0x0) 11:32:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001140)="0adc03263c343f319bd070") r1 = getpgrp(0x0) r2 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xffffffffffffff7f}, 0x0, 0x8) rt_tgsigqueueinfo(r1, r2, 0x11, &(0x7f0000000000)) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0) read(r3, &(0x7f0000481000)=""/128, 0x20481080) 11:32:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 11:32:13 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c12") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release={0x40046307}], 0x0, 0x0, 0x0}) 11:32:13 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:14 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff020000004000000000000000000001000000000000"], 0x96}}, 0x0) 11:32:14 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0xfffffffffffffffd, 0x31, 0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) 11:32:14 executing program 3: syz_emit_ethernet(0x3e, &(0x7f0000000080)={@broadcast, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x70}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x2, 0x0, 0x0, 0x0, 0x6, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8864, 0x11, 0x0, @local, @dev}}}}}}, 0x0) [ 195.224062] binder: 8315:8320 Acquire 1 refcount change on invalid ref 0 ret -22 [ 195.233634] audit: type=1400 audit(1555673534.012:65): avc: denied { block_suspend } for pid=8312 comm="syz-executor.4" capability=36 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 195.251563] binder: 8315:8320 DecRefs 0 refcount change on invalid ref 0 ret -22 11:32:14 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff020000004000000000000000000001000000000000"], 0x96}}, 0x0) [ 195.308300] binder: 8314:8325 unknown command 0 [ 195.325519] binder: 8314:8325 ioctl c0306201 200002c0 returned -22 11:32:14 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:14 executing program 5: creat(&(0x7f0000000300)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000009) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001380)='/dev/fuse\x00', 0x2, 0x0) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) close(r0) [ 195.353422] audit: type=1400 audit(1555673534.062:66): avc: denied { map } for pid=8314 comm="syz-executor.2" path="/dev/binder0" dev="devtmpfs" ino=613 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 195.366688] binder: release 8314:8325 transaction 2 out, still active [ 195.395876] binder: BINDER_SET_CONTEXT_MGR already set 11:32:14 executing program 3: r0 = socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_proto_private(r0, 0x89e1, &(0x7f0000000080)="a2") [ 195.424886] binder: 8314:8325 ioctl 40046207 0 returned -16 [ 195.424985] binder_alloc: 8314: binder_alloc_buf, no vma 11:32:14 executing program 0: clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x28) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="0519c73c7f000000000000000000ef3bd40677800225cdb6b960b174950500000000000000cfe6a20000000000000100000001000000fffff9"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r0, 0x0, 0x0) 11:32:14 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000400000000000000000000100000000000000"], 0x97}}, 0x0) [ 195.465539] binder: 8314:8341 transaction failed 29189/-3, size 24-8 line 2917 [ 195.468089] binder: unexpected work type, 4, not freed [ 195.514281] binder: undelivered TRANSACTION_COMPLETE 11:32:14 executing program 2: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) creat(0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x8000000000000800, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, 0x0) write$P9_RWSTAT(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f319bd070") 11:32:14 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:14 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)=""/164, 0xa4}], 0x1, 0x0) 11:32:14 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000400000000000000000000100000000000000"], 0x97}}, 0x0) [ 195.547955] audit: type=1400 audit(1555673534.082:67): avc: denied { set_context_mgr } for pid=8314 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 195.578383] binder: undelivered TRANSACTION_ERROR: 29189 11:32:14 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x10000261, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00\x92\x9dgh\xc7\x0e\xd1\xbb\x14\x00\xc5]V\xa2\xcc\xf3\x0e\xe0') preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x0) 11:32:14 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 195.617336] binder: send failed reply for transaction 2, target dead 11:32:14 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x11) sendmsg(r0, &(0x7f0000000cc0)={&(0x7f00000000c0)=@in={0x2, 0x4e21, @loopback}, 0x80, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="380000000000000029000000320000008624d2d2a497f3fdf0f70b9b385b3452a4516cb59fe0073261ec66feb8da24f33f00000000000000"], 0x38}, 0x0) 11:32:14 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000313000000000000000000000005000600000000000a0000000000000000000000000000000000ffff000000000d0000000000000005000900880000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000fd0000000005000500000000000a00000000000000ff02000000400000000000000000000100000000000000"], 0x97}}, 0x0) [ 195.672054] audit: type=1400 audit(1555673534.092:68): avc: denied { call } for pid=8314 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 195.716592] audit: type=1400 audit(1555673534.092:69): avc: denied { transfer } for pid=8314 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 11:32:14 executing program 5: creat(&(0x7f0000000300)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000009) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001380)='/dev/fuse\x00', 0x2, 0x0) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) close(r0) 11:32:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release={0x40046307}], 0x0, 0x0, 0x0}) 11:32:14 executing program 3: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f000000bfc8)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000440)="5500000018007fafb62d1cb2a4a280930206000000a843096c26236925000b0021000000000000000000a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83de448daa7227c43ab8220000bf0cec6bab91d4", 0x55}], 0x1}, 0x0) 11:32:14 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000000)=""/148, 0x7b}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/ip6_mr_cache\x00') r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") preadv(r0, &(0x7f0000000700), 0xdd, 0x67) 11:32:14 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x1000000, 0x0, 0x0}) [ 195.888519] binder: 8389 invalid dec weak, ref 8 desc 0 s 1 w 0 11:32:14 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:14 executing program 3: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, 0x0}) 11:32:14 executing program 1: mknod(&(0x7f0000000080)='./file0\x00', 0x8025, 0x0) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000240)=[&(0x7f0000000100)='^mime_type,\x00']) 11:32:14 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:14 executing program 5: mkdir(0x0, 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() fsetxattr$security_evm(r1, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000200)='overlay\x00', 0x41000, &(0x7f00000002c0)={[{@index_off='index=off'}], [{@dont_hash='dont_hash'}, {@hash='hash'}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@smackfstransmute={'smackfstransmute'}}]}) lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r2, 0x5, &(0x7f0000000040)) lstat(0x0, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, 0x0) chdir(&(0x7f0000000380)='./file0\x00') perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x80000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100000, 0x500001c) [ 196.000895] binder: 8405:8411 ioctl c0306201 20000180 returned -14 [ 196.005049] binder: 8407:8412 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 11:32:14 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:14 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='yeah\x00', 0x5) sendto$inet(r1, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0xf7) 11:32:14 executing program 1: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c00000003060d01ff0488fffdffff57ffccad000c000100060d00007d5500010c00020000002201f6f00061"], 0x2c}}, 0x0) ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) exit_group(0x0) 11:32:14 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 196.088679] binder: 8407:8426 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 11:32:14 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) sendmmsg(r0, &(0x7f00000092c0), 0x800010b, 0x18) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$rtc(&(0x7f0000000180)='/dev/rtc#\x00', 0x0, 0x100) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) prctl$PR_GET_SECCOMP(0x15) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000280)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000100)='./bus\x00') 11:32:14 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:15 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f00000011c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x20000000007, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}}}, 0x90) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 11:32:15 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:15 executing program 0: mkdir(&(0x7f000002b000)='./file0\x00', 0x0) r0 = creat(&(0x7f0000002500)='./file0/bus\x00', 0x0) fcntl$lock(r0, 0x6, &(0x7f00000000c0)={0x1}) 11:32:15 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) [ 196.299751] overlayfs: missing 'lowerdir' [ 196.315255] FAT-fs (loop3): bogus number of reserved sectors 11:32:15 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f00000011c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}}}, 0x90) [ 196.360300] FAT-fs (loop3): Can't find a valid FAT filesystem [ 196.521746] audit: type=1804 audit(1555673535.312:70): pid=8442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir911031019/syzkaller.4heOon/58/file0/memory.events" dev="sda1" ino=16614 res=1 [ 196.632033] overlayfs: missing 'lowerdir' [ 196.651149] audit: type=1804 audit(1555673535.442:71): pid=8477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir911031019/syzkaller.4heOon/58/file0/file0/memory.events" dev="sda1" ino=16637 res=1 11:32:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)=@ipv4_newroute={0x24, 0x18, 0xe01, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@RTA_GATEWAY={0x8, 0xb, @rand_addr=0x75f}]}, 0x24}}, 0x0) 11:32:15 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:15 executing program 2: syz_emit_ethernet(0x0, 0x0, 0x0) 11:32:15 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x10000261, 0x0) r0 = syz_open_pts(0xffffffffffffff9c, 0x84100) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000040)={0x9, 0x3, 0x7fffffff, 0x12, 0x18, 0x2, 0xffff, 0x22, 0x2, 0x54c2}) syz_open_procfs(0x0, &(0x7f0000000000)='cpuset\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) dup2(0xffffffffffffffff, 0xffffffffffffffff) r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) getegid() ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) ioctl$BLKTRACESTOP(r2, 0x1275, 0x0) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) 11:32:15 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='oom_score_adj\x00') read(r0, 0x0, 0x39f) 11:32:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup(0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x4, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="10630840"], 0x0, 0xfdfdffff, 0x0}) 11:32:15 executing program 2: syz_emit_ethernet(0x0, 0x0, 0x0) 11:32:15 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 196.802083] binder: 8482:8486 BC_DEAD_BINDER_DONE 0000000000000000 not found 11:32:15 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000700)='./bus\x00', 0x0) r1 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) sync_file_range(r1, 0x0, 0x0, 0x7) 11:32:15 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000140)=""/246) 11:32:15 executing program 2: syz_emit_ethernet(0x0, 0x0, 0x0) 11:32:15 executing program 5: r0 = gettid() clone(0x804007ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) getrandom(&(0x7f0000000080)=""/44, 0xfd30, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, 0x83, 0x800, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, @perf_config_ext={0xfffffffffffffffa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00r%\xf7\x83\x80\x80}\xdePS`\x18A\xa0\xd0\xf8+t7HR\xb0\x1f\x12Y\x97b-\xc4\xa5\xe7\x1d,\xe5\xac2\xff\x90\x82O\xa2^Y\a\x04\x89M\xa7@\xf7\xe9\xc0\xff\xb4,5j\x1f([\xfc\x8f\v\x8cor\xef\x15\x1d\xabL\\*Zu\x1f\x04\xbf\xc6\x9a\xc5\xc3\xb5\x16\x8am\x13\xd8&\xb1\xed\fu\'\xd5\x8fT\xad\xc1/\xca\x1f%\xc8\xfc%\x86\xeaM\x90\xf8M\xab\xcd\xec)\x1f\xb7\x80\xa3\x9a\x11}\x12\xb0\x89;\x18 \x98\xdc\xee\xd3;\"*\x1dA7\t\xae5]M)\x7f\xe4,]N\x9d\x8b\xbd\x9d\fp\x9c\xaeG\xe8\x8f\x8a\xa2\xaaP[>\x99[P\x1f\r7S\xcd5\x10\xe8t6a+@\x13\x05\xf3\x16\x17\x7fmMLp\xfd\x9d&!\xc3pz\xd8\x8d\xa7\x85%\x96\xd8\x9aY\xcbtP^gZ\xc6\xeb\xc0?\xaa>\xe9\x98\x89\x17kW\x115\x03\x1a\xfc\x97\xce\xc4]\"\xfdh\xc5\xbd\f\x9d\xce\tby(A\x1b\x83\xf6\x8b\xf7\xbeK!\xfd\xf0\x03<\xf9I\xb8\xa7j\xa6]h\xad\x88Yg\xc2\xcc<-`\xect\xfc\xf5\xde\x16,\x94\xff\xe3\xe1Wu\xc1\xa1\xcf\xd9\x81\x8dL\x17\xa2\xf8\xd0\xa70%8\xf0y\xe7\xb1(\xef\x12<\x8b\xb9\t\x00\x00\x00\x00\x00\x00\x008\x14\xc2\xae\xa8l5\xfb\xf4$Jdc]2\xff\x12\xe4\xdc\xb3\xdfV\xe5\xd5\xd3\x88*\x99\x84\x99?\x8a\x7f\xefr\xd8u\xd2\x1c\x1e;\xb2\xbc>ny\xa2\xb6\xd3\"\xf7\x10\xf07\x8a\xbc \x95\xd3!9\xe3\x9f2#\xdb\x99a0\x92\x95\xe4\xc3\xc8\xe1\xb0\x00\x1d\xd7W\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\xec\xa8\f{\f\x00', 0x0) execveat(r1, &(0x7f0000000000)='\x00', &(0x7f0000000380), &(0x7f00000001c0), 0x1000) ptrace(0x10, r0) 11:32:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) creat(0x0, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x8000000000000800, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) sched_setattr(0x0, 0x0, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f319bd070") 11:32:15 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:15 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release={0x40046307}], 0x0, 0x0, 0x0}) [ 196.927117] audit: type=1804 audit(1555673535.712:72): pid=8502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir436206414/syzkaller.PPza3l/75/file0/bus" dev="ramfs" ino=31407 res=1 11:32:15 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:15 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x0, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:15 executing program 1: 11:32:15 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:15 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x0, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) [ 197.082687] binder: 8525 invalid dec weak, ref 14 desc 0 s 1 w 0 [ 197.097794] audit: type=1804 audit(1555673535.712:73): pid=8502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir436206414/syzkaller.PPza3l/75/file0/file0/bus" dev="ramfs" ino=31420 res=1 11:32:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x4, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="10630840"], 0x0, 0xfdfdffff, 0x0}) 11:32:15 executing program 3: creat(&(0x7f0000000300)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000009) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001380)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) close(r0) 11:32:15 executing program 0: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) sched_setattr(0x0, 0x0, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f319bd070") [ 197.144436] binder: 8525 invalid dec weak, ref 16 desc 0 s 1 w 0 11:32:18 executing program 5: 11:32:18 executing program 4: r0 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:18 executing program 1: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x2], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:18 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x0, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:18 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) close(r1) close(r2) pipe(&(0x7f0000000240)) writev(r2, &(0x7f0000001800)=[{&(0x7f0000000380)="49c1a0a7c13cd7438ea541835f3b97671f67e6ff419a8c34e9ccd1a2c5a7fc8bec717c61545e0ce219f5a3603c88ac27b79051a851a4e0776680848ebde1bc945efab82e5b2470a1004b110b9591dd291b3b800e6648e2f852e03dee2595280b968168e35f93f8c7bdc784d3d0092d7b5f924dde89e6494b116aba0b7fae5508ecf89d77", 0x84}], 0x1) splice(r0, 0x0, r2, 0x0, 0xc0, 0x0) read(r1, &(0x7f0000000280)=""/131, 0x83) write$binfmt_misc(r2, &(0x7f0000000340)=ANY=[@ANYBLOB=' '], 0x1) write(r0, &(0x7f0000000080)="2400000012005f3414f9f40700090400818a0400"/36, 0x24) 11:32:18 executing program 3: creat(&(0x7f0000000300)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000009) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001380)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) close(r0) 11:32:18 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:18 executing program 1: [ 199.959165] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 199.997532] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 11:32:18 executing program 4: r0 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:18 executing program 0: 11:32:18 executing program 5: 11:32:18 executing program 1: 11:32:18 executing program 3: 11:32:18 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:18 executing program 0: 11:32:18 executing program 4: r0 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:18 executing program 5: 11:32:19 executing program 1: 11:32:19 executing program 0: 11:32:19 executing program 3: 11:32:19 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="033cf52a10e5", @random="029cce98941b", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [0x29c, 0x543, 0x700, 0x5, 0x500000000003f00, 0x5], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x7], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3, 0x0, 0x0, 0x5]}, @mcast2}}}}}}}, 0x0) 11:32:19 executing program 5: 11:32:19 executing program 4: r0 = epoll_create1(0x0) close(0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r0, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:19 executing program 1: 11:32:19 executing program 3: 11:32:19 executing program 0: 11:32:19 executing program 5: 11:32:19 executing program 3: 11:32:19 executing program 0: 11:32:19 executing program 2: 11:32:19 executing program 1: 11:32:19 executing program 0: 11:32:19 executing program 4: r0 = epoll_create1(0x0) close(0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r0, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:19 executing program 5: 11:32:19 executing program 3: 11:32:19 executing program 2: 11:32:19 executing program 1: 11:32:19 executing program 5: 11:32:19 executing program 3: 11:32:19 executing program 0: 11:32:19 executing program 1: 11:32:19 executing program 4: r0 = epoll_create1(0x0) close(0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r0, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:19 executing program 2: 11:32:19 executing program 5: 11:32:19 executing program 3: 11:32:19 executing program 0: 11:32:19 executing program 2: 11:32:19 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:19 executing program 1: 11:32:19 executing program 5: 11:32:19 executing program 0: 11:32:19 executing program 3: 11:32:19 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:19 executing program 1: 11:32:19 executing program 5: 11:32:19 executing program 2: 11:32:19 executing program 0: 11:32:19 executing program 3: 11:32:19 executing program 5: 11:32:19 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:19 executing program 0: 11:32:19 executing program 1: 11:32:19 executing program 2: 11:32:19 executing program 3: 11:32:19 executing program 5: 11:32:19 executing program 1: 11:32:19 executing program 0: 11:32:19 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:19 executing program 0: 11:32:19 executing program 2: 11:32:19 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:19 executing program 5: 11:32:19 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) flock(r0, 0x1) 11:32:19 executing program 3: r0 = socket(0x40000000015, 0x40000000000005, 0x0) setsockopt(r0, 0x100000114, 0x3f, &(0x7f0000c63ffc)='\x00\x00\x00\x00', 0x4) 11:32:19 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:32:20 executing program 5: 11:32:20 executing program 2: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x10020006004, 0x1) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='udf\x00', 0x0, 0x0) 11:32:20 executing program 3: 11:32:20 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:20 executing program 3: mkdir(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfsplus(0x0, &(0x7f0000000540)='./file0\x00', 0x0, 0x1, &(0x7f0000000700)=[{&(0x7f0000000580), 0x0, 0x10001}], 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f00000004c0)=""/39, 0x27, 0x10020, 0x0, 0x0) 11:32:20 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:20 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008108e00f80ecdb4cb904021d65ef0b007c05e87c55a1bc000900b80040990300000000000000130c812fa8000b000f0063e3e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x80) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) 11:32:20 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) finit_module(r0, 0x0, 0x0) 11:32:20 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x4000) [ 201.280789] print_req_error: 14 callbacks suppressed [ 201.280796] print_req_error: I/O error, dev loop5, sector 64 [ 201.292407] print_req_error: I/O error, dev loop5, sector 256 [ 201.299636] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 11:32:20 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 201.363382] print_req_error: I/O error, dev loop5, sector 512 [ 201.372209] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 11:32:20 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='oom_score_adj\x00') lseek(r0, 0x40000000000, 0x0) 11:32:20 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 201.419082] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 201.468127] UDF-fs: Scanning with blocksize 512 failed [ 201.497794] print_req_error: I/O error, dev loop5, sector 64 [ 201.541066] print_req_error: I/O error, dev loop5, sector 512 [ 201.549627] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 201.563959] print_req_error: I/O error, dev loop5, sector 1024 [ 201.570011] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 201.595603] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 201.602806] UDF-fs: Scanning with blocksize 1024 failed [ 201.608495] print_req_error: I/O error, dev loop5, sector 64 [ 201.629854] print_req_error: I/O error, dev loop5, sector 1024 [ 201.636022] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 201.645833] print_req_error: I/O error, dev loop5, sector 2048 [ 201.651928] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 201.661432] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 201.668374] UDF-fs: Scanning with blocksize 2048 failed [ 201.674167] print_req_error: I/O error, dev loop5, sector 64 [ 201.680923] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 201.690321] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 201.699494] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 201.706519] UDF-fs: Scanning with blocksize 4096 failed [ 201.711947] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1) [ 201.720827] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 201.729872] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 201.738796] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 201.745767] UDF-fs: Scanning with blocksize 512 failed [ 201.751601] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 201.760678] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 201.769528] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 201.776972] UDF-fs: Scanning with blocksize 1024 failed [ 201.782918] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 201.792209] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 201.801135] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 201.808071] UDF-fs: Scanning with blocksize 2048 failed [ 201.813946] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 201.823029] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 201.831969] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found 11:32:20 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) finit_module(r0, 0x0, 0x0) 11:32:20 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x10000261, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='cpuset\x00') preadv(r0, &(0x7f0000000480), 0x10000000000003b8, 0x0) 11:32:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x100000000000, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180)={[{0x800000000002b, 'pids'}]}, 0x6) 11:32:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) flock(r0, 0x1) 11:32:20 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:20 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700)=[{&(0x7f0000000000)='E', 0x1}], 0x1) 11:32:20 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 201.838893] UDF-fs: Scanning with blocksize 4096 failed [ 201.844463] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1) 11:32:20 executing program 3: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='utf8=1,iocharset=iso8859-6,errors=continue']) 11:32:20 executing program 2: sched_setaffinity(0x0, 0xffffffffffffff26, &(0x7f0000000140)=0x1) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000080)={0xc2af, 0x1}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x1) fcntl$addseals(r1, 0x409, 0x2) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffd8) setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x800, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x400) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) 11:32:20 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000780)={0x633181562ee64afa}) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) 11:32:20 executing program 0: [ 201.985493] FAT-fs (loop3): bogus number of reserved sectors 11:32:20 executing program 1: mknod$loop(&(0x7f0000000140)='./file0\x00', 0x10020006004, 0x1) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='udf\x00', 0x0, 0x0) syz_execute_func(&(0x7f0000000100)="3e0f8a00000100c402a19ef3460f745932dbc046d9e10f937893660f17befaffffff3626663ea541d2827670759cc401905e17") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000140)='trusted.overlay.origin\x00', 0x0, 0x0, 0x0) prctl$PR_SET_FPEXC(0xc, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) 11:32:20 executing program 5: clock_gettime(0x0, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$BLKPG(0xffffffffffffffff, 0x1269, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) lstat(0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x100000000000, 0x4b) r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180)={[{0x800000000002b, 'pids'}]}, 0x6) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) [ 202.026462] FAT-fs (loop3): Can't find a valid FAT filesystem 11:32:20 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release={0x40046306, 0xfdfdffff00000000}], 0x0, 0x0, 0x0}) 11:32:20 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 202.108027] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 11:32:20 executing program 3: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) close(r1) close(r2) pipe(&(0x7f0000000240)) splice(r0, 0x0, r2, 0x0, 0xc0, 0x0) read(r1, &(0x7f0000000280)=""/131, 0x38) write$binfmt_misc(r2, &(0x7f0000000340)=ANY=[@ANYBLOB=' '], 0x1) write(r0, &(0x7f0000000080)="2400000012005f3414f9f40700090400818a0400"/36, 0x24) 11:32:21 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 202.163904] binder: 8787:8794 Acquire 1 refcount change on invalid ref 0 ret -22 [ 202.173706] FAT-fs (loop2): bogus number of reserved sectors [ 202.185067] FAT-fs (loop2): Can't find a valid FAT filesystem [ 202.205818] binder: 8787:8794 Release 1 refcount change on invalid ref 0 ret -22 11:32:21 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) finit_module(r0, 0x0, 0x1) 11:32:21 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 202.272990] binder: 8787:8794 Acquire 1 refcount change on invalid ref 0 ret -22 [ 202.307490] binder: 8787:8809 Release 1 refcount change on invalid ref 0 ret -22 11:32:21 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 202.333812] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 202.507279] FAT-fs (loop2): bogus number of reserved sectors [ 202.527581] FAT-fs (loop2): Can't find a valid FAT filesystem 11:32:21 executing program 2: sched_setaffinity(0x0, 0xffffffffffffff26, &(0x7f0000000140)=0x1) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000080)={0xc2af, 0x1}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x1) fcntl$addseals(r1, 0x409, 0x2) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffd8) setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x800, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x400) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) 11:32:21 executing program 3: 11:32:21 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) [ 202.726915] FAT-fs (loop2): bogus number of reserved sectors [ 202.733431] FAT-fs (loop2): Can't find a valid FAT filesystem [ 428.001856] INFO: task syz-executor.1:8798 blocked for more than 140 seconds. [ 428.009682] Not tainted 4.14.112 #2 [ 428.019421] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.027453] syz-executor.1 D29744 8798 7140 0x00000004 [ 428.041424] Call Trace: [ 428.044035] __schedule+0x7be/0x1cf0 [ 428.047747] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.057679] ? _raw_spin_unlock_irq+0x28/0x90 [ 428.062215] schedule+0x92/0x1c0 [ 428.065581] rwsem_down_write_failed+0x5cd/0xbe0 [ 428.075147] ? rwsem_down_read_failed+0x380/0x380 [ 428.079996] ? save_trace+0x290/0x290 [ 428.085011] ? ns_test_super+0x50/0x50 [ 428.088912] call_rwsem_down_write_failed+0x17/0x30 [ 428.098790] ? call_rwsem_down_write_failed+0x17/0x30 [ 428.104021] down_write+0x53/0x90 [ 428.107469] ? grab_super+0x5e/0x140 [ 428.116670] grab_super+0x5e/0x140 [ 428.120246] ? ns_test_super+0x50/0x50 [ 428.124130] sget_userns+0x2b3/0xc30 [ 428.127843] ? kill_litter_super+0xa0/0xa0 [ 428.136976] ? kill_litter_super+0xa0/0xa0 [ 428.141266] ? ns_test_super+0x50/0x50 [ 428.145154] ? ns_test_super+0x50/0x50 [ 428.149037] ? kill_litter_super+0xa0/0xa0 [ 428.158179] sget+0xd6/0x120 [ 428.161250] mount_bdev+0xd5/0x370 [ 428.164791] ? udf_load_vrs+0xae0/0xae0 [ 428.168763] udf_mount+0x35/0x40 [ 428.177310] mount_fs+0x9d/0x2a7 [ 428.180774] vfs_kern_mount.part.0+0x5e/0x3d0 [ 428.185296] do_mount+0x417/0x27d0 [ 428.188847] ? copy_mount_string+0x40/0x40 [ 428.198131] ? memdup_user+0x58/0xa0 [ 428.201894] ? copy_mount_options+0x1fe/0x2f0 [ 428.206399] SyS_mount+0xab/0x120 [ 428.209843] ? copy_mnt_ns+0x8c0/0x8c0 [ 428.218601] do_syscall_64+0x1eb/0x630 [ 428.222532] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.227385] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.237546] RIP: 0033:0x458c29 [ 428.242263] RSP: 002b:00007f90aa759c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 428.249978] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 428.262640] RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000080 [ 428.269920] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 428.279240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90aa75a6d4 [ 428.289566] R13: 00000000004c4c0e R14: 00000000004d8888 R15: 00000000ffffffff [ 428.298795] [ 428.298795] Showing all locks held in the system: [ 428.308151] 1 lock held by khungtaskd/1007: [ 428.312694] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 428.321935] 2 locks held by getty/7092: [ 428.325909] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 428.334641] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 428.343995] 2 locks held by getty/7093: [ 428.347964] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 428.356703] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 428.366057] 2 locks held by getty/7094: [ 428.370049] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 428.378734] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 428.388104] 2 locks held by getty/7095: [ 428.392106] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 428.400839] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 428.410161] 2 locks held by getty/7096: [ 428.414125] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 428.422857] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 428.432184] 2 locks held by getty/7097: [ 428.436152] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 428.444889] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 428.454225] 2 locks held by getty/7098: [ 428.458192] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 428.466941] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 428.476296] 2 locks held by syz-executor.1/8798: [ 428.481093] #0: (&bdev->bd_fsfreeze_mutex){+.+.}, at: [] mount_bdev+0x76/0x370 [ 428.490252] #1: (&type->s_umount_key#59){+.+.}, at: [] grab_super+0x5e/0x140 [ 428.499197] [ 428.500864] ============================================= [ 428.500864] [ 428.508835] NMI backtrace for cpu 0 [ 428.512710] CPU: 0 PID: 1007 Comm: khungtaskd Not tainted 4.14.112 #2 [ 428.519289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.528642] Call Trace: [ 428.531235] dump_stack+0x138/0x19c [ 428.534868] nmi_cpu_backtrace.cold+0x57/0x94 [ 428.539368] ? irq_force_complete_move.cold+0x7d/0x7d [ 428.544564] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 428.549845] arch_trigger_cpumask_backtrace+0x14/0x20 [ 428.555029] watchdog+0x5d8/0xb80 [ 428.558488] kthread+0x31c/0x430 [ 428.561850] ? reset_hung_task_detector+0x20/0x20 [ 428.566687] ? kthread_create_on_node+0xd0/0xd0 [ 428.571365] ret_from_fork+0x3a/0x50 [ 428.575266] Sending NMI from CPU 0 to CPUs 1: [ 428.580267] NMI backtrace for cpu 1 [ 428.580271] CPU: 1 PID: 8785 Comm: syz-executor.1 Not tainted 4.14.112 #2 [ 428.580276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.580279] task: ffff88805e362180 task.stack: ffff88805ea18000 [ 428.580282] RIP: 0010:debug_smp_processor_id+0x1c/0x20 [ 428.580285] RSP: 0018:ffff88805ea1f678 EFLAGS: 00000292 [ 428.580290] RAX: 0000000000000001 RBX: ffff8880886d6be0 RCX: ffffc9000a448000 [ 428.580294] RDX: 0000000000040000 RSI: ffffffff82d7e11c RDI: ffffffff869d15c0 [ 428.580297] RBP: ffff88805ea1f678 R08: 0000000000000000 R09: ffff88805e362a48 [ 428.580301] R10: ffff88805e362a28 R11: ffff88805e362180 R12: ffffea00024453dc [ 428.580304] R13: 0000000001420848 R14: ffff8880886d6be0 R15: dffffc0000000000 [ 428.580308] FS: 00007f90aa77b700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 428.580311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 428.580315] CR2: 00007f1f0e9c3000 CR3: 00000000a9fb3000 CR4: 00000000001406e0 [ 428.580318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 428.580322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 428.580324] Call Trace: [ 428.580327] rcu_is_watching+0x15/0xb0 [ 428.580329] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 428.580332] find_get_entry+0x32c/0x520 [ 428.580335] pagecache_get_page+0x4a/0x750 [ 428.580337] __getblk_gfp+0x24b/0x710 [ 428.580340] __bread_gfp+0x2e/0x290 [ 428.580342] udf_tread+0xe8/0x130 [ 428.580345] udf_read_tagged+0x40/0x4b0 [ 428.580347] udf_check_anchor_block+0x19b/0x580 [ 428.580350] ? blkdev_ioctl+0x10e/0x1880 [ 428.580353] ? udf_process_sequence+0x37d0/0x37d0 [ 428.580365] ? __lock_is_held+0xb6/0x140 [ 428.580368] udf_scan_anchors+0x3ef/0x5a0 [ 428.580371] ? udf_check_anchor_block+0x580/0x580 [ 428.580373] ? udf_get_last_session+0xe0/0xe0 [ 428.580376] ? udf_tread+0xf0/0x130 [ 428.580378] udf_load_vrs+0x5c4/0xae0 [ 428.580381] ? udf_scan_anchors+0x5a0/0x5a0 [ 428.580384] ? udf_bread+0x1f0/0x1f0 [ 428.580387] ? lockdep_init_map+0x9/0x10 [ 428.580389] udf_fill_super+0x727/0x157f [ 428.580392] ? udf_load_vrs+0xae0/0xae0 [ 428.580394] ? snprintf+0xa5/0xd0 [ 428.580396] ? vsprintf+0x40/0x40 [ 428.580399] mount_bdev+0x2c1/0x370 [ 428.580401] ? udf_load_vrs+0xae0/0xae0 [ 428.580404] udf_mount+0x35/0x40 [ 428.580406] mount_fs+0x9d/0x2a7 [ 428.580409] vfs_kern_mount.part.0+0x5e/0x3d0 [ 428.580411] do_mount+0x417/0x27d0 [ 428.580414] ? copy_mount_string+0x40/0x40 [ 428.580416] ? memdup_user+0x58/0xa0 [ 428.580419] ? copy_mount_options+0x1fe/0x2f0 [ 428.580422] SyS_mount+0xab/0x120 [ 428.580424] ? copy_mnt_ns+0x8c0/0x8c0 [ 428.580427] do_syscall_64+0x1eb/0x630 [ 428.580429] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.580432] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.580435] RIP: 0033:0x458c29 [ 428.580437] RSP: 002b:00007f90aa77ac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 428.580444] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 428.580447] RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000020000080 [ 428.580451] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 428.580454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90aa77b6d4 [ 428.580458] R13: 00000000004c4c0e R14: 00000000004d8888 R15: 00000000ffffffff [ 428.580460] Code: e9 96 fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e8 c7 f3 84 fe 48 c7 c6 80 15 9d 86 48 c7 c7 c0 15 9d 86 e8 94 fd ff ff <5d> c3 66 90 55 48 89 e5 41 54 49 89 fc e8 a2 f3 84 fe 4c 89 e6 [ 428.580842] Kernel panic - not syncing: hung_task: blocked tasks [ 428.926146] CPU: 0 PID: 1007 Comm: khungtaskd Not tainted 4.14.112 #2 [ 428.932725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.942176] Call Trace: [ 428.944768] dump_stack+0x138/0x19c [ 428.948392] panic+0x1f2/0x438 [ 428.951576] ? add_taint.cold+0x16/0x16 [ 428.955545] ? ___preempt_schedule+0x16/0x18 [ 428.959959] watchdog+0x5e9/0xb80 [ 428.963415] kthread+0x31c/0x430 [ 428.966774] ? reset_hung_task_detector+0x20/0x20 [ 428.971611] ? kthread_create_on_node+0xd0/0xd0 [ 428.976284] ret_from_fork+0x3a/0x50 [ 428.981134] Kernel Offset: disabled [ 428.984761] Rebooting in 86400 seconds..