[info] Using makefile-style concurrent boot in runlevel 2. [ 27.024444] audit: type=1800 audit(1545618666.356:21): pid=5875 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.076874] sshd (6013) used greatest stack depth: 15728 bytes left Warning: Permanently added '10.128.0.76' (ECDSA) to the list of known hosts. 2018/12/24 02:31:18 fuzzer started 2018/12/24 02:31:19 dialing manager at 10.128.0.26:33943 2018/12/24 02:31:20 syscalls: 1 2018/12/24 02:31:20 code coverage: enabled 2018/12/24 02:31:20 comparison tracing: enabled 2018/12/24 02:31:20 setuid sandbox: enabled 2018/12/24 02:31:20 namespace sandbox: enabled 2018/12/24 02:31:20 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 02:31:20 fault injection: enabled 2018/12/24 02:31:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 02:31:20 net packet injection: enabled 2018/12/24 02:31:20 net device setup: enabled 02:33:45 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) [ 186.475080] IPVS: ftp: loaded support on port[0] = 21 02:33:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) syz_open_pts(r0, 0x0) pipe(&(0x7f0000000580)={0xffffffffffffffff}) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8d}, 0x0, &(0x7f0000000040)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) close(r0) [ 186.746929] IPVS: ftp: loaded support on port[0] = 21 02:33:46 executing program 2: r0 = socket$inet6(0xa, 0x3, 0xcc) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5d2d023c126285718070") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000139ff0)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000002440)=[{&(0x7f00000024c0)="a2", 0x1}], 0x1}, 0x0) sendmmsg$inet_sctp(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 187.087204] IPVS: ftp: loaded support on port[0] = 21 02:33:46 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) [ 187.430540] IPVS: ftp: loaded support on port[0] = 21 02:33:47 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0xffffffffffffff2f, 0x0, 0x0, 0x0, 0xfffffeef, 0xfffffffffffffffd}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 187.948400] IPVS: ftp: loaded support on port[0] = 21 02:33:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) getgid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) getgroups(0x0, 0x0) getpgrp(0x0) getpid() write$binfmt_aout(r1, &(0x7f0000006c40)=ANY=[@ANYBLOB="10"], 0x1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$security_ima(&(0x7f0000000300)='./file0\x00', &(0x7f0000000240)='security.ima\x00', 0x0, 0x0, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x8) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000380)={'bond_slave_1\x00'}) fstat(0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) [ 188.221774] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.239060] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.257384] device bridge_slave_0 entered promiscuous mode [ 188.378623] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.405729] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.413136] device bridge_slave_1 entered promiscuous mode [ 188.538162] IPVS: ftp: loaded support on port[0] = 21 [ 188.545990] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.669711] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.795957] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.802428] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.836906] device bridge_slave_0 entered promiscuous mode [ 188.941751] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.975787] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.990637] device bridge_slave_1 entered promiscuous mode [ 189.118646] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.186734] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.248468] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.298134] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.312771] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.326772] device bridge_slave_0 entered promiscuous mode [ 189.391466] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.488082] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.496082] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.503452] device bridge_slave_1 entered promiscuous mode [ 189.565893] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.630321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.650992] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.666270] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.675381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.708375] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.797478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.810312] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.965509] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.982942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.007595] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.014086] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.030408] device bridge_slave_0 entered promiscuous mode [ 190.067194] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.091488] team0: Port device team_slave_0 added [ 190.112032] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.134755] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.142698] device bridge_slave_0 entered promiscuous mode [ 190.152591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.177903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.225840] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.232221] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.248394] device bridge_slave_1 entered promiscuous mode [ 190.258027] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.264390] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.280002] device bridge_slave_1 entered promiscuous mode [ 190.289435] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.314303] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.331983] team0: Port device team_slave_1 added [ 190.388208] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.410160] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.429492] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.489433] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.534228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.549825] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.579074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.652061] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.682419] team0: Port device team_slave_0 added [ 190.711078] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.723807] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.745907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.755939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.795297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.838950] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.848758] team0: Port device team_slave_1 added [ 190.854664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.904274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.923465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.934763] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.942442] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.951415] device bridge_slave_0 entered promiscuous mode [ 190.963292] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.989876] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.008748] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.024488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.040050] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.091366] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.103939] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.116085] device bridge_slave_1 entered promiscuous mode [ 191.129310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 191.147326] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.157639] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.174260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.212802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.229453] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.237350] team0: Port device team_slave_0 added [ 191.244887] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.263775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.287261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.325951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 191.373708] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.391784] team0: Port device team_slave_1 added [ 191.401587] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.412144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.427824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.466150] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 191.584682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.669035] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 191.708620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.725483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.770650] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.784695] team0: Port device team_slave_0 added [ 191.809801] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.836215] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.866525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.911306] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.919774] team0: Port device team_slave_0 added [ 191.935080] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.944844] team0: Port device team_slave_1 added [ 191.954857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.983744] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.027259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.046311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.074319] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 192.095709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.103642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.162665] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 192.171099] team0: Port device team_slave_1 added [ 192.190203] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.236505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.313825] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.321052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.332690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.388695] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.421362] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.438739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.449619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.496961] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.595053] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.601615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.608743] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.615151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.627803] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.690674] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.725869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.733872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.809088] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.822170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.838961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.935720] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 192.949223] team0: Port device team_slave_0 added [ 192.972718] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.979118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.985829] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.992196] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.020966] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.055729] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 193.067487] team0: Port device team_slave_1 added [ 193.136921] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.260251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.376736] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 193.383938] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.404805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.443933] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.450346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.457100] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.463485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.493699] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.504982] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 193.515778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.532183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.596104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.603949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.624209] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.134853] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.141307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.148021] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.154386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.166687] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.443833] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.450270] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.456983] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.463419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.489324] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.605841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.626083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.994518] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.000992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.007735] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.014106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.041380] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 195.615967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.033878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.317927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.479719] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.771257] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.790353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.005679] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.012018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.046400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.069455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.188730] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.194979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.204439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.378605] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.531085] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.551773] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.563600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.741050] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.887434] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.905711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.925997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.964662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 200.156076] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 200.162306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.169722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.356373] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 200.362565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.386554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.407706] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.422651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.591529] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.827350] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.923816] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.329248] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.336507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.347238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.753261] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.566690] hrtimer: interrupt took 37728 ns 02:34:01 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:02 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:02 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:02 executing program 0: ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:02 executing program 0: ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:02 executing program 0: ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) [ 203.443667] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem 02:34:02 executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/pid\x00') close(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, 0x0) 02:34:02 executing program 0: r0 = syz_open_dev$midi(0x0, 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) [ 203.491869] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 203.574034] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 203.582252] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size [ 204.102497] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 204.110752] FAT-fs (loop5): Filesystem has been set read-only [ 204.119901] FAT-fs (loop5): error, invalid access to FAT (entry 0x00006500) [ 204.127601] FAT-fs (loop5): error, invalid access to FAT (entry 0x00006500) [ 204.139506] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 204.151384] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 0) 02:34:03 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x0, 0x0) clone(0x802182001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x24, &(0x7f0000001000)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d030100000000009500000000000000712600000000000035060000ff000000bf25000000000000070500000e0000000f65000000000000bf5400000000000007040000040000003d4301000000000095000000000000006154000000000000bf250000000000000f65000000000000070500000e000000bf5400000000000007040000040000003d43010000000000950000000000000061540000000000006b25000000000000070500000e0000000f6500000000000007050000040000000f65000000000000bf5400000000000007040000040000003d3201000000000095000000000000004d54000000000000b7000000000000009500000000000000"], 0x0}, 0x48) r1 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x6, 0x2000) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) exit(0x5853) fremovexattr(r1, &(0x7f00000002c0)=@random={'trusted.', '-vboxnet0cpuset\x00'}) 02:34:03 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:03 executing program 0: r0 = syz_open_dev$midi(0x0, 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:03 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:03 executing program 4: mknod(&(0x7f0000000140)='./bus\x00', 0x8001, 0x236161bc) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="71125314040400ff0002"], 0x1) pwritev(r0, &(0x7f0000001640)=[{&(0x7f0000000000), 0xffffff91}], 0x1, 0x0) pwritev(r0, &(0x7f0000000540)=[{&(0x7f0000004180)="b9", 0x1}], 0x1, 0x0) 02:34:03 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x0, 0x0) clone(0x802182001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0xfffffffffffffffe, 0x0, 0x4, 0x6, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4c4, 0xd3, 0x0, 0xfffffffffffffbff, 0x0, 0x0, 0x1d5b, 0x0, 0x0, 0x5, 0x3, 0x0, 0x7, 0x101, 0x0, 0x0, 0x5, 0xf8, 0x1, 0x6991, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0xec, 0x7, 0xb7, 0xfffffffffffffff9}, 0x0, 0x0, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x24, &(0x7f0000001000)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d030100000000009500000000000000712600000000000035060000ff000000bf25000000000000070500000e0000000f65000000000000bf5400000000000007040000040000003d4301000000000095000000000000006154000000000000bf250000000000000f65000000000000070500000e000000bf5400000000000007040000040000003d43010000000000950000000000000061540000000000006b25000000000000070500000e0000000f6500000000000007050000040000000f65000000000000bf5400000000000007040000040000003d3201000000000095000000000000004d54000000000000b7000000000000009500000000000000"], 0x0}, 0x48) r1 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x6, 0x2000) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) exit(0x5853) fremovexattr(r1, &(0x7f00000002c0)=@random={'trusted.', '-vboxnet0cpuset\x00'}) 02:34:03 executing program 0: r0 = syz_open_dev$midi(0x0, 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:03 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) [ 204.336297] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem 02:34:03 executing program 2: mknod(&(0x7f0000000000)='./bus\x00', 0x80b0, 0x6c7) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1, 0x0) write(r0, &(0x7f0000000380)="5b8ecb1b8e725c3e6199f9b3aa27470a3c53c6664364deec53030fdaf4dcf9e2d94937420dd07e4317adcce329342ebfda13de2b323a60326b9b470d3b756d6c69f934135aebdb1e52a7f762e560cdd0a603d829c72471692c4d61b10dccf9d0e60b658da77857e399e38d477f71fe726904ff309965c68cee48c679c144745e997726328bebd18b0d7d1322e0ad7e3bfbb900ab51945c8046c41d703e96c8813f96575a191a2e05ac5e1aec55e0d8", 0xaf) [ 204.385848] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size 02:34:03 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:03 executing program 2: unshare(0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000001000)={&(0x7f0000000000)=""/4096, 0x208000, 0x800}, 0x18) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000001040), 0x4) getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x0, 0x0, 0x0) 02:34:03 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:03 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:03 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) [ 204.661318] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem 02:34:04 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) [ 204.717290] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size 02:34:04 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000003c0)={0x30}, 0x30) 02:34:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:04 executing program 0: syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:04 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:04 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x400) ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, 0x0) unshare(0x8000400) 02:34:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) [ 205.211517] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 205.255474] EXT4-fs (loop3): bad geometry: first data block is 0 with a 1k block and cluster size 02:34:04 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = getegid() write$FUSE_CREATE_OPEN(r0, &(0x7f0000000100)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, r2}}}}, 0xa0) io_setup(0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) 02:34:04 executing program 0: syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:04 executing program 2: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) clone(0x802182001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4c4, 0x0, 0x0, 0xfffffffffffffbff, 0x0, 0x0, 0x1d5b, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x50f1, 0x5, 0xf8, 0x1, 0x6991, 0x80000000000, 0x0, 0x0, 0x4, 0x0, 0x20, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0x0, 0x7, 0xb7, 0xfffffffffffffff9}, 0x0, 0x0, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x24, &(0x7f0000001000)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d030100000000009500000000000000712600000000000035060000ff000000bf25000000000000070500000e0000000f65000000000000bf5400000000000007040000040000003d4301000000000095000000000000006154000000000000bf250000000000000f65000000000000070500000e000000bf5400000000000007040000040000003d43010000000000950000000000000061540000000000006b25000000000000070500000e0000000f6500000000000007050000040000000f65000000000000bf5400000000000007040000040000003d3201000000000095000000000000004d54000000000000b7000000000000009500000000000000"], 0x0}, 0x48) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) exit(0x5853) fremovexattr(0xffffffffffffffff, &(0x7f00000002c0)=@random={'trusted.', '-vboxnet0cpuset\x00'}) 02:34:04 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:04 executing program 4: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, &(0x7f0000000300)) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='/exe\x00\x00\x00\x00\x00\x00\x0f\x1c\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) pread64(r2, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180), &(0x7f0000000200)=0x4) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105518, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)=""/144, 0x90) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000000)={0x0, 0x9}) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600)=[{0x0}], 0x1}], 0x1, 0x4010) fsetxattr$security_smack_transmute(r0, 0x0, &(0x7f00000002c0)='TRUE', 0x4, 0x0) r3 = syz_open_procfs(0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000100)) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x20004080) dup2(r1, r4) 02:34:05 executing program 2: ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f00000001c0)='/dev/usbmon#\x00') r0 = socket$inet6_udp(0xa, 0x2, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$TCXONC(r1, 0x540a, 0x0) perf_event_open(&(0x7f0000000800)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f000001cff0)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40000000000003b, &(0x7f0000000000)=@dstopts, 0x8) connect$inet6(r0, 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xa) connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x26) sendmmsg(r0, &(0x7f0000005fc0), 0x8000000000000fc, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000140)=0xba, 0x4) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x8, 0x4e}, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) connect$l2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @broadcast}, 0x4}}, 0x2e) ioctl$DRM_IOCTL_SET_MASTER(0xffffffffffffffff, 0x641e) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r3, 0x0) lstat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) write$binfmt_misc(r3, &(0x7f0000000440)={'syz1'}, 0x1200e) 02:34:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:05 executing program 0: syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0385720, &(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:05 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, [0xfffffffe]}) [ 205.760435] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 02:34:05 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:05 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, 0x0) 02:34:05 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:05 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, 0x0) 02:34:05 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:05 executing program 4: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, &(0x7f0000000300)) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='/exe\x00\x00\x00\x00\x00\x00\x0f\x1c\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) pread64(r2, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180), &(0x7f0000000200)=0x4) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105518, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)=""/144, 0x90) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000000)={0x0, 0x9}) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600)=[{0x0}], 0x1}], 0x1, 0x4010) fsetxattr$security_smack_transmute(r0, 0x0, &(0x7f00000002c0)='TRUE', 0x4, 0x0) r3 = syz_open_procfs(0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000100)) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x20004080) dup2(r1, r4) 02:34:05 executing program 2: ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x100000fffffffe) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f00000001c0)='/dev/usbmon#\x00') r0 = socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000700)=""/118, 0x76, 0x40, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$TCXONC(r1, 0x540a, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000100)=ANY=[@ANYBLOB="000000f1"], 0x0) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f000001cff0)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r2, &(0x7f0000000500)={&(0x7f00000000c0)={0x2, 0x0, @local}, 0x10, &(0x7f0000000600), 0x0, &(0x7f00000003c0)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000240)=""/39, 0x27}, &(0x7f0000000280)}}, @mask_fadd={0x58, 0x114, 0x8, {{}, &(0x7f00000002c0), &(0x7f0000000300)}}], 0x88}, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40000000000003b, &(0x7f0000000000)=@dstopts, 0x8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xa) connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r0, &(0x7f0000005fc0), 0x8000000000000fc, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000140)=0xba, 0x4) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x8, 0x4e}, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) connect$l2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @broadcast}, 0x4, 0x4}}, 0x2e) ioctl$DRM_IOCTL_SET_MASTER(0xffffffffffffffff, 0x641e) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r3, 0x0) lstat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) write$binfmt_misc(r3, &(0x7f0000000440)={'syz1'}, 0x1200e) 02:34:05 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:05 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:05 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, 0x0) 02:34:05 executing program 5: ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0385720, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:05 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:05 executing program 5: r0 = syz_open_dev$midi(0x0, 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:05 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:05 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:06 executing program 4: ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x100000fffffffe) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f00000001c0)='/dev/usbmon#\x00') r0 = socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000700)=""/118, 0x76, 0x40, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$TCXONC(r1, 0x540a, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000100)=ANY=[@ANYBLOB="000000f1"], 0x0) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f000001cff0)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r2, &(0x7f0000000500)={&(0x7f00000000c0)={0x2, 0x0, @local}, 0x10, &(0x7f0000000600), 0x0, &(0x7f00000003c0)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000240)=""/39, 0x27}, &(0x7f0000000280)}}, @mask_fadd={0x58, 0x114, 0x8, {{}, &(0x7f00000002c0), &(0x7f0000000300)}}], 0x88}, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40000000000003b, &(0x7f0000000000)=@dstopts, 0x8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xa) connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r0, &(0x7f0000005fc0), 0x8000000000000fc, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000140)=0xba, 0x4) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x8, 0x4e}, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) connect$l2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @broadcast}, 0x4, 0x4}}, 0x2e) ioctl$DRM_IOCTL_SET_MASTER(0xffffffffffffffff, 0x641e) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r3, 0x0) lstat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) write$binfmt_misc(r3, &(0x7f0000000440)={'syz1'}, 0x1200e) 02:34:06 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:06 executing program 2: ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x100000fffffffe) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f00000001c0)='/dev/usbmon#\x00') r0 = socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000700)=""/118, 0x76, 0x40, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$TCXONC(r1, 0x540a, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000100)=ANY=[@ANYBLOB="000000f1"], 0x0) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f000001cff0)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r2, &(0x7f0000000500)={&(0x7f00000000c0)={0x2, 0x0, @local}, 0x10, &(0x7f0000000600), 0x0, &(0x7f00000003c0)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000240)=""/39, 0x27}, &(0x7f0000000280)}}, @mask_fadd={0x58, 0x114, 0x8, {{}, &(0x7f00000002c0), &(0x7f0000000300)}}], 0x88}, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40000000000003b, &(0x7f0000000000)=@dstopts, 0x8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xa) connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r0, &(0x7f0000005fc0), 0x8000000000000fc, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000140)=0xba, 0x4) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x8, 0x4e}, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) connect$l2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @broadcast}, 0x4, 0x4}}, 0x2e) ioctl$DRM_IOCTL_SET_MASTER(0xffffffffffffffff, 0x641e) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r3, 0x0) lstat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) write$binfmt_misc(r3, &(0x7f0000000440)={'syz1'}, 0x1200e) 02:34:06 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:06 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:06 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, &(0x7f0000000300)) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='/exe\x00\x00\x00\x00\x00\x00\x0f\x1c\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) pread64(r2, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180), &(0x7f0000000200)=0x4) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0xc1105518, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)=""/144, 0x90) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000000)={0x0, 0x9}) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600)=[{0x0}], 0x1}], 0x1, 0x4010) fsetxattr$security_smack_transmute(r0, 0x0, &(0x7f00000002c0)='TRUE', 0x4, 0x0) r3 = syz_open_procfs(0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000100)) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x20004080) dup2(r1, r4) 02:34:06 executing program 5: syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0385720, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:06 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="000100000200000066000000c9030000ec00002f000000000000000000000000002000000020000000010000000000006e5fbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 02:34:06 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, 0x0) 02:34:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:06 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x1, 0x7) getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, 0x0, &(0x7f0000000000)) 02:34:06 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 02:34:06 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x638, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0385720, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, [0xfffffffe]}) 02:34:06 executing program 2: semget(0x3, 0x0, 0x40) 02:34:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) [ 207.240793] EXT4-fs (loop3): VFS: Can't find ext4 filesystem 02:34:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4010ae68, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 02:34:06 executing program 0: 02:34:06 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 02:34:06 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x0, 0x0) clone(0x802182001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4c4, 0xd3, 0x0, 0x0, 0x0, 0x0, 0x1d5b, 0x0, 0x0, 0x5, 0x3, 0x0, 0x7, 0x101, 0x0, 0x50f1, 0x5, 0xf8, 0x1, 0x6991, 0x80000000000, 0x0, 0x0, 0x4, 0x0, 0x20, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0xec, 0x7, 0xb7, 0xfffffffffffffff9}, 0x0, 0x0, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x24, &(0x7f0000001000)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d030100000000009500000000000000712600000000000035060000ff000000bf25000000000000070500000e0000000f65000000000000bf5400000000000007040000040000003d4301000000000095000000000000006154000000000000bf250000000000000f65000000000000070500000e000000bf5400000000000007040000040000003d43010000000000950000000000000061540000000000006b25000000000000070500000e0000000f6500000000000007050000040000000f65000000000000bf5400000000000007040000040000003d3201000000000095000000000000004d54000000000000b7000000000000009500000000000000"], 0x0}, 0x48) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x6, 0x2000) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) exit(0x5853) 02:34:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:06 executing program 2: 02:34:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4010ae68, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) [ 207.590903] EXT4-fs (loop3): VFS: Can't find ext4 filesystem 02:34:07 executing program 4: 02:34:07 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:07 executing program 0: 02:34:07 executing program 2: 02:34:07 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 02:34:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4010ae68, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 02:34:07 executing program 0: ioctl$KVM_ASSIGN_SET_INTX_MASK(0xffffffffffffffff, 0x4040aea4, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000008f00)={'tunl0\x00B\xb5\xab*\x00\x00\x00\xee\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 207.959733] EXT4-fs (loop3): VFS: Can't find ext4 filesystem 02:34:07 executing program 1: r0 = socket$inet_tcp(0x2, 0x3, 0x6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:07 executing program 2: 02:34:07 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 208.171453] ================================================================== [ 208.179020] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 208.179038] Write of size 832 at addr ffff8881cda7cbc0 by task syz-executor0/7967 [ 208.179042] [ 208.179057] CPU: 1 PID: 7967 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 208.179072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.179078] Call Trace: [ 208.212821] dump_stack+0x244/0x39d [ 208.212842] ? dump_stack_print_info.cold.1+0x20/0x20 [ 208.212855] ? printk+0xa7/0xcf [ 208.212872] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 208.212900] print_address_description.cold.4+0x9/0x1ff [ 208.237675] ? fpstate_init+0x50/0x160 [ 208.237693] kasan_report.cold.5+0x1b/0x39 [ 208.237708] ? fpstate_init+0x50/0x160 [ 208.237727] ? fpstate_init+0x50/0x160 [ 208.237750] check_memory_region+0x13e/0x1b0 [ 208.258041] memset+0x23/0x40 [ 208.261194] fpstate_init+0x50/0x160 [ 208.264925] kvm_arch_vcpu_init+0x3e9/0x870 02:34:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) 02:34:07 executing program 2: 02:34:07 executing program 4: [ 208.269263] kvm_vcpu_init+0x2fa/0x420 [ 208.269281] ? vcpu_stat_get+0x300/0x300 [ 208.269302] ? kmem_cache_alloc+0x33f/0x730 [ 208.277238] vmx_create_vcpu+0x1b7/0x2695 [ 208.277256] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 208.277271] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 208.277293] ? preempt_schedule+0x4d/0x60 [ 208.299581] ? preempt_schedule_common+0x1f/0xe0 [ 208.304358] ? vmx_exec_control+0x210/0x210 [ 208.308701] ? ___preempt_schedule+0x16/0x18 [ 208.313124] ? kasan_check_write+0x14/0x20 [ 208.317364] ? __mutex_unlock_slowpath+0x197/0x8c0 02:34:07 executing program 2: [ 208.322325] ? wait_for_completion+0x8a0/0x8a0 [ 208.326923] ? print_usage_bug+0xc0/0xc0 [ 208.331010] ? migrate_swap_stop+0x8a0/0x8a0 [ 208.335432] kvm_arch_vcpu_create+0xe5/0x220 [ 208.339853] ? kvm_arch_vcpu_free+0x90/0x90 [ 208.344242] kvm_vm_ioctl+0x526/0x2030 [ 208.348151] ? kvm_unregister_device_ops+0x70/0x70 [ 208.353110] ? mark_held_locks+0x130/0x130 [ 208.357361] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 208.362576] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 208.367691] ? futex_wake+0x304/0x760 02:34:07 executing program 4: [ 208.371529] ? __lock_acquire+0x62f/0x4c20 [ 208.375812] ? mark_held_locks+0x130/0x130 [ 208.380096] ? graph_lock+0x270/0x270 [ 208.383920] ? do_futex+0x249/0x26d0 [ 208.387649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.387671] ? find_held_lock+0x36/0x1c0 [ 208.387697] ? __fget+0x4aa/0x740 [ 208.387717] ? lock_downgrade+0x900/0x900 [ 208.404891] ? check_preemption_disabled+0x48/0x280 [ 208.409952] ? kasan_check_read+0x11/0x20 [ 208.414116] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 02:34:07 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='veth0\x00', 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202ed885e8c36f308b02d2827fe7c1783289f501d436b9e0ef676f96094bfa6cff4e4e6e2a0dab3a66b65fd67cf3008cc2f3"], 0x34) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'GPL!wlan1-systemproc}keyring({,trusted'}]}, 0x32) [ 208.419418] ? rcu_read_unlock_special+0x370/0x370 [ 208.424372] ? __fget+0x4d1/0x740 [ 208.427849] ? ksys_dup3+0x680/0x680 [ 208.431605] ? __might_fault+0x12b/0x1e0 [ 208.435680] ? lock_downgrade+0x900/0x900 [ 208.439844] ? lock_release+0xa00/0xa00 [ 208.443834] ? perf_trace_sched_process_exec+0x860/0x860 [ 208.449298] ? kvm_unregister_device_ops+0x70/0x70 [ 208.454243] do_vfs_ioctl+0x1de/0x1790 [ 208.458150] ? ioctl_preallocate+0x300/0x300 [ 208.462584] ? __fget_light+0x2e9/0x430 [ 208.466588] ? fget_raw+0x20/0x20 02:34:07 executing program 2: [ 208.470072] ? _copy_to_user+0xc8/0x110 [ 208.474068] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.479627] ? put_timespec64+0x10f/0x1b0 [ 208.483792] ? nsecs_to_jiffies+0x30/0x30 [ 208.487953] ? do_syscall_64+0x9a/0x820 [ 208.491944] ? do_syscall_64+0x9a/0x820 [ 208.495930] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 208.500525] ? security_file_ioctl+0x94/0xc0 [ 208.504989] ksys_ioctl+0xa9/0xd0 [ 208.508463] __x64_sys_ioctl+0x73/0xb0 [ 208.512381] do_syscall_64+0x1b9/0x820 [ 208.516290] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 208.521673] ? syscall_return_slowpath+0x5e0/0x5e0 [ 208.526648] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.531509] ? trace_hardirqs_on_caller+0x310/0x310 [ 208.536571] ? prepare_exit_to_usermode+0x291/0x3b0 [ 208.536595] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.536619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.536636] RIP: 0033:0x457669 [ 208.554871] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.573794] RSP: 002b:00007f7368986c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.581517] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 208.588805] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 208.596096] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 208.603372] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73689876d4 [ 208.610675] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 208.617969] [ 208.619604] Allocated by task 7967: [ 208.623242] save_stack+0x43/0xd0 [ 208.626706] kasan_kmalloc+0xcb/0xd0 [ 208.630428] kasan_slab_alloc+0x12/0x20 [ 208.634434] kmem_cache_alloc+0x130/0x730 [ 208.638608] vmx_create_vcpu+0x110/0x2695 [ 208.642764] kvm_arch_vcpu_create+0xe5/0x220 [ 208.642782] kvm_vm_ioctl+0x526/0x2030 [ 208.651077] do_vfs_ioctl+0x1de/0x1790 [ 208.654978] ksys_ioctl+0xa9/0xd0 [ 208.658447] __x64_sys_ioctl+0x73/0xb0 [ 208.662348] do_syscall_64+0x1b9/0x820 [ 208.666247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.671435] [ 208.673078] Freed by task 0: [ 208.676101] (stack is not available) [ 208.679818] [ 208.681455] The buggy address belongs to the object at ffff8881cda7cb80 [ 208.681455] which belongs to the cache x86_fpu of size 832 [ 208.683021] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [ 208.693773] The buggy address is located 64 bytes inside of [ 208.693773] 832-byte region [ffff8881cda7cb80, ffff8881cda7cec0) [ 208.693779] The buggy address belongs to the page: [ 208.693793] page:ffffea0007369f00 count:1 mapcount:0 mapping:ffff8881d7b0a500 index:0x0 [ 208.693806] flags: 0x2fffc0000000200(slab) [ 208.693827] raw: 02fffc0000000200 ffff8881d5142948 ffff8881d5142948 ffff8881d7b0a500 [ 208.693847] raw: 0000000000000000 ffff8881cda7c040 0000000100000004 0000000000000000 [ 208.744451] page dumped because: kasan: bad access detected [ 208.750144] [ 208.751756] Memory state around the buggy address: [ 208.756679] ffff8881cda7cd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 208.764037] ffff8881cda7ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02:34:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4010ae68, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) [ 208.771381] >ffff8881cda7ce80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 208.778718] ^ [ 208.784152] ffff8881cda7cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 208.791494] ffff8881cda7cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 208.798838] ================================================================== [ 208.806173] Disabling lock debugging due to kernel taint [ 208.814696] Kernel panic - not syncing: panic_on_warn set ... [ 208.820612] CPU: 1 PID: 7967 Comm: syz-executor0 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 208.830495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.839833] Call Trace: [ 208.842405] dump_stack+0x244/0x39d [ 208.846025] ? dump_stack_print_info.cold.1+0x20/0x20 [ 208.851205] ? fpstate_init+0x30/0x160 [ 208.855093] panic+0x2ad/0x632 [ 208.858277] ? add_taint.cold.5+0x16/0x16 [ 208.862414] ? preempt_schedule+0x4d/0x60 [ 208.866556] ? ___preempt_schedule+0x16/0x18 [ 208.870955] ? trace_hardirqs_on+0xb4/0x310 [ 208.875276] ? fpstate_init+0x50/0x160 [ 208.879150] end_report+0x47/0x4f [ 208.882594] kasan_report.cold.5+0xe/0x39 [ 208.886725] ? fpstate_init+0x50/0x160 [ 208.890688] ? fpstate_init+0x50/0x160 [ 208.894576] check_memory_region+0x13e/0x1b0 [ 208.898969] memset+0x23/0x40 [ 208.902084] fpstate_init+0x50/0x160 [ 208.905784] kvm_arch_vcpu_init+0x3e9/0x870 [ 208.910096] kvm_vcpu_init+0x2fa/0x420 [ 208.913979] ? vcpu_stat_get+0x300/0x300 [ 208.918032] ? kmem_cache_alloc+0x33f/0x730 [ 208.922353] vmx_create_vcpu+0x1b7/0x2695 [ 208.926500] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 208.929812] kobject: 'kvm' (00000000d0c3af73): kobject_uevent_env [ 208.931621] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 208.938511] kobject: 'kvm' (00000000d0c3af73): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 208.942442] ? preempt_schedule+0x4d/0x60 [ 208.942461] ? preempt_schedule_common+0x1f/0xe0 [ 208.942479] ? vmx_exec_control+0x210/0x210 [ 208.957926] kobject: 'kvm' (00000000d0c3af73): kobject_uevent_env [ 208.960892] ? ___preempt_schedule+0x16/0x18 [ 208.960908] ? kasan_check_write+0x14/0x20 [ 208.960925] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 208.968067] kobject: 'kvm' (00000000d0c3af73): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 208.971457] ? wait_for_completion+0x8a0/0x8a0 [ 208.971476] ? print_usage_bug+0xc0/0xc0 [ 208.971496] ? migrate_swap_stop+0x8a0/0x8a0 [ 209.007040] kvm_arch_vcpu_create+0xe5/0x220 [ 209.011436] ? kvm_arch_vcpu_free+0x90/0x90 [ 209.015747] kvm_vm_ioctl+0x526/0x2030 [ 209.019623] ? kvm_unregister_device_ops+0x70/0x70 [ 209.024564] ? mark_held_locks+0x130/0x130 [ 209.028807] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 209.033999] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 209.039086] ? futex_wake+0x304/0x760 [ 209.042902] ? __lock_acquire+0x62f/0x4c20 [ 209.047143] ? mark_held_locks+0x130/0x130 [ 209.051373] ? graph_lock+0x270/0x270 [ 209.055158] ? do_futex+0x249/0x26d0 [ 209.058860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 209.064407] ? find_held_lock+0x36/0x1c0 [ 209.068455] ? __fget+0x4aa/0x740 [ 209.071895] ? lock_downgrade+0x900/0x900 [ 209.076033] ? check_preemption_disabled+0x48/0x280 [ 209.081045] ? kasan_check_read+0x11/0x20 [ 209.085182] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 209.090444] ? rcu_read_unlock_special+0x370/0x370 [ 209.095361] ? __fget+0x4d1/0x740 [ 209.098798] ? ksys_dup3+0x680/0x680 [ 209.102496] ? __might_fault+0x12b/0x1e0 [ 209.106550] ? lock_downgrade+0x900/0x900 [ 209.110706] ? lock_release+0xa00/0xa00 [ 209.114669] ? perf_trace_sched_process_exec+0x860/0x860 [ 209.120113] ? kvm_unregister_device_ops+0x70/0x70 [ 209.125049] do_vfs_ioctl+0x1de/0x1790 [ 209.128943] ? ioctl_preallocate+0x300/0x300 [ 209.133341] ? __fget_light+0x2e9/0x430 [ 209.137301] ? fget_raw+0x20/0x20 [ 209.140739] ? _copy_to_user+0xc8/0x110 [ 209.144698] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.150321] ? put_timespec64+0x10f/0x1b0 [ 209.154456] ? nsecs_to_jiffies+0x30/0x30 [ 209.158599] ? do_syscall_64+0x9a/0x820 [ 209.162606] ? do_syscall_64+0x9a/0x820 [ 209.166572] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 209.171158] ? security_file_ioctl+0x94/0xc0 [ 209.175572] ksys_ioctl+0xa9/0xd0 [ 209.179033] __x64_sys_ioctl+0x73/0xb0 [ 209.182919] do_syscall_64+0x1b9/0x820 [ 209.186792] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 209.192138] ? syscall_return_slowpath+0x5e0/0x5e0 [ 209.197051] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.201882] ? trace_hardirqs_on_caller+0x310/0x310 [ 209.206885] ? prepare_exit_to_usermode+0x291/0x3b0 [ 209.211888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.216716] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.221905] RIP: 0033:0x457669 [ 209.225085] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.243969] RSP: 002b:00007f7368986c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.251658] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 209.258919] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 209.266172] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 209.273424] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73689876d4 [ 209.280680] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 209.288833] Kernel Offset: disabled [ 209.292454] Rebooting in 86400 seconds..