[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.230741] kauditd_printk_skb: 8 callbacks suppressed [ 29.230753] audit: type=1800 audit(1542695411.233:29): pid=5878 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.264077] audit: type=1800 audit(1542695411.233:30): pid=5878 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2018/11/20 06:30:20 fuzzer started 2018/11/20 06:30:23 dialing manager at 10.128.0.26:46767 2018/11/20 06:30:23 syscalls: 1 2018/11/20 06:30:23 code coverage: enabled 2018/11/20 06:30:23 comparison tracing: enabled 2018/11/20 06:30:23 setuid sandbox: enabled 2018/11/20 06:30:23 namespace sandbox: enabled 2018/11/20 06:30:23 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/20 06:30:23 fault injection: enabled 2018/11/20 06:30:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/20 06:30:23 net packet injection: enabled 2018/11/20 06:30:23 net device setup: enabled 06:33:23 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f00000001c0)=@abs, 0x6e, &(0x7f0000000100), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000100000001000000a7f8b04bdc113a10"], 0x18}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) syzkaller login: [ 221.518996] IPVS: ftp: loaded support on port[0] = 21 06:33:23 executing program 1: mknod$loop(&(0x7f0000000040)='./file1\x00', 0x6003, 0xffffffffffffffff) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x6f, &(0x7f0000001380)=0x5d, 0x4) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000340)={0x38, 0xfffffffffffffffe, 0x6, 0x0, 0x6}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff) write$P9_RWALK(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="3d0000006f02000400ad041700000300000000000000100000000008000000000000002000000000020000000000000040000000000600000000"], 0x3a) write$cgroup_int(r0, &(0x7f0000000080), 0x2001007f) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) pwrite64(r0, &(0x7f0000000400)="fe94fbb5083fdb2f93669b0371e3396da677b85ac5b1e6db6ef6a0a8c1a70328a76f", 0x22, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000440)=0x7) request_key(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000500)={'syz', 0x2}, &(0x7f0000000540)='/dev/ptmx\x00', 0x0) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f00000013c0)=""/45) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) pwrite64(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x0) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000380)=""/11) r1 = open(&(0x7f0000000140)='./file1\x00', 0x0, 0x4) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0)='tls\x00', 0x4) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000180)}) [ 221.809380] IPVS: ftp: loaded support on port[0] = 21 06:33:24 executing program 2: syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x205, 0x107000) [ 222.143411] IPVS: ftp: loaded support on port[0] = 21 06:33:24 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8000000008b0f, &(0x7f0000000000)={'veth0_to_team\x00', @ifru_addrs=@ethernet={0x1, @link_local}}) [ 222.603004] IPVS: ftp: loaded support on port[0] = 21 [ 222.856526] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.863630] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.871351] device bridge_slave_0 entered promiscuous mode 06:33:25 executing program 4: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x44, 0x4, 0xa94e, 0x0, 0xffffffffffffffff, 0x1d01}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x1f) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000003c0)={0x0, @loopback, 0x0, 0x0, 'lc\x00', 0x0, 0x7}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000280), &(0x7f00000000c0)=""/70}, 0x18) [ 223.010332] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.019888] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.034951] device bridge_slave_1 entered promiscuous mode [ 223.175079] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.275610] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.300693] IPVS: ftp: loaded support on port[0] = 21 [ 223.675506] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 223.692075] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.703801] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.717537] device bridge_slave_0 entered promiscuous mode 06:33:25 executing program 5: symlink(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00') setresuid(0x0, 0xee00, 0x0) rmdir(&(0x7f0000000040)='./file0\x00') [ 223.785056] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 223.804514] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.836355] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.843781] device bridge_slave_1 entered promiscuous mode [ 223.990301] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 224.080037] IPVS: ftp: loaded support on port[0] = 21 [ 224.157612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 224.316667] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.325075] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.367244] device bridge_slave_0 entered promiscuous mode [ 224.431477] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.446932] team0: Port device team_slave_0 added [ 224.495727] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.503264] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.516539] device bridge_slave_1 entered promiscuous mode [ 224.562478] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.582377] team0: Port device team_slave_1 added [ 224.606814] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.647421] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 224.722468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.739816] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.749772] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.758034] device bridge_slave_0 entered promiscuous mode [ 224.771330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.785563] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.800726] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 224.818105] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.824976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.846985] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.858164] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.867188] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.880203] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.898697] device bridge_slave_1 entered promiscuous mode [ 224.958061] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.968263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.986569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.014651] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 225.023466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.040306] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 225.096630] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.126856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.134889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.182107] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 225.197188] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 225.293502] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.485027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 225.499570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.612324] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 225.652868] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.665997] team0: Port device team_slave_0 added [ 225.782230] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.800815] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.810762] team0: Port device team_slave_1 added [ 225.841241] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.857359] team0: Port device team_slave_0 added [ 225.912755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.928212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.946671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.983040] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 225.996243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 226.025225] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.033471] team0: Port device team_slave_1 added [ 226.050765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.100022] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.116213] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.131922] device bridge_slave_0 entered promiscuous mode [ 226.161728] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.174698] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.187179] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.214254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.282540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.310786] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.322421] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.334401] device bridge_slave_1 entered promiscuous mode [ 226.358947] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.391344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.401251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.419908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.432639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.453913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.512857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.527332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.538053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.567500] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 226.634241] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.650489] team0: Port device team_slave_0 added [ 226.655646] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.666234] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.686252] device bridge_slave_0 entered promiscuous mode [ 226.696330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 226.730453] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.737029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.744142] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.750606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.810676] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 226.850136] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.866890] team0: Port device team_slave_1 added [ 226.872450] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.893648] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.915878] device bridge_slave_1 entered promiscuous mode [ 226.996772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 227.004046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 227.016914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.044839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 227.144098] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 227.155135] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 227.178821] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 227.194644] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 227.202895] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 227.217649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 227.316428] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 227.323502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 227.335173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.355774] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 227.406639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 227.556524] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 227.563544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 227.640541] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 227.684384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 227.691447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 227.790248] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 227.825721] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.832221] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.838955] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.845320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.868479] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.956821] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.963193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.969934] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.976351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.991101] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.999529] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 228.032102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 228.134495] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 228.142265] team0: Port device team_slave_0 added [ 228.272120] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 228.282771] team0: Port device team_slave_1 added [ 228.437525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.447512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.469171] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 228.479044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 228.489750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 228.514124] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 228.521742] team0: Port device team_slave_0 added [ 228.633828] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 228.640986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 228.651199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.674980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 228.691898] team0: Port device team_slave_1 added [ 228.713324] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.719742] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.726455] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.732819] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.770050] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 228.779024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 228.797353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.805296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.888675] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 228.895517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 228.914707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 228.938284] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 228.957413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.979731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.056904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 229.063793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.087274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.247597] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 229.254748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.267312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.403228] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 229.416548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.424660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.453476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.194501] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.200985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.207754] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.214166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.239872] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 230.481547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.739412] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.745803] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.752477] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.758865] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.769818] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 231.506549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 232.172185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.625630] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.127146] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 233.133340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 233.147160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 233.216605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.366050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.627200] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.647216] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.754335] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.994009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.077350] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.083536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.096814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.289635] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.296389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.307519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.440827] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 234.570951] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.864612] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.953239] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.967986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.980350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 235.415018] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.437229] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.907624] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 235.919147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.391827] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 236.408446] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 236.421870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.432737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 06:33:38 executing program 0: socketpair$packet(0x11, 0x0, 0x300, &(0x7f00000000c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) [ 236.839330] hrtimer: interrupt took 66894 ns 06:33:39 executing program 0: socketpair$packet(0x11, 0x0, 0x300, &(0x7f00000000c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) [ 236.971868] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.035369] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 237.046237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.053401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 06:33:39 executing program 0: socketpair$packet(0x11, 0x0, 0x300, &(0x7f00000000c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) 06:33:39 executing program 0: socketpair$packet(0x11, 0x0, 0x300, &(0x7f00000000c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) [ 237.624995] 8021q: adding VLAN 0 to HW filter on device team0 06:33:40 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000380)={0x2, 0x0, [0x4b564d01, 0xfff, 0xc0010004]}) [ 238.075607] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 06:33:40 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x80, 0x0) r1 = memfd_create(&(0x7f0000000180)="060000005e00acd8fdccee71e5f5cb803160e43885a4f5d01b5c040cf8465cb4ba8def1264eea53f006b5a8b1968d77c14690d185539c1d710f04712a8ba61b2947c256e1e2b9fbbb8ac818d9371d4d47aaa5a0faac79723e567206cd53515bffcf583b73200591592b1b661f4e975b2e7ec697908dbc7f187c90791044ac80eff7c4a274e787200bcab359b853e99ca7a32ab4b49dce49fa5d00e776de7cc4bc98b8b4589030000007d405279a6395edc9da004df2007656c4f37f1dacca278c29af51846a0804df92c2bc9f72f6e749b61141b18dd1858d26f15974ce6b5bac7f2570a7f145a494c3a541b64198d459cb1b94a4b1d6f85e9a2ca9c6408c8bd69515f4cb0b920f72f46fc274d232c844dbaa9a27972273f660962da69fd8c9a6f6a8403698a7cf7543b3d70a29866c7ef753d96cb1191cecebe76aabbcafaa3ded51fd7033a3132f2fd0d4e843d41ae9b3381a97eb780d1e2f6f2b8c98aab43e2ecb82c6ae1bb1b1f40", 0x3) write$binfmt_misc(r1, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xff67) sendfile(r0, r1, &(0x7f0000000380), 0xfffb) fcntl$addseals(r1, 0x409, 0x8) write$evdev(r1, &(0x7f0000000400), 0x0) fsetxattr$system_posix_acl(r1, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f00000000c0)={{}, {}, [], {}, [], {0x8}}, 0x24, 0x0) [ 238.252104] kvm [7520]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010004 data 0x0 06:33:40 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000100)=@ipx, 0x80}}], 0x1, 0x0, &(0x7f0000003280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x38) 06:33:40 executing program 1: mknod$loop(&(0x7f0000000040)='./file1\x00', 0x6003, 0xffffffffffffffff) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x6f, &(0x7f0000001380)=0x5d, 0x4) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000340)={0x38, 0xfffffffffffffffe, 0x6, 0x0, 0x6}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff) write$P9_RWALK(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="3d0000006f02000400ad041700000300000000000000100000000008000000000000002000000000020000000000000040000000000600000000"], 0x3a) write$cgroup_int(r0, &(0x7f0000000080), 0x2001007f) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) pwrite64(r0, &(0x7f0000000400)="fe94fbb5083fdb2f93669b0371e3396da677b85ac5b1e6db6ef6a0a8c1a70328a76f", 0x22, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000440)=0x7) request_key(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000500)={'syz', 0x2}, &(0x7f0000000540)='/dev/ptmx\x00', 0x0) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f00000013c0)=""/45) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) pwrite64(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x0) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000380)=""/11) r1 = open(&(0x7f0000000140)='./file1\x00', 0x0, 0x4) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0)='tls\x00', 0x4) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000180)}) 06:33:40 executing program 0: set_mempolicy(0x4003, &(0x7f0000000140)=0x6, 0x9) r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44000) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getegid() getgroups(0x0, &(0x7f0000000280)) fallocate(r0, 0x0, 0x0, 0xa6ba0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) io_submit(r1, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000200000, 0xff01000000000000, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}]) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040), &(0x7f0000000180)=0x8) 06:33:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000027000)='./file0\x00', 0x0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) mount(&(0x7f0000000500)=ANY=[@ANYBLOB="5b643a1a5d3a2f"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)='\x00') writev(0xffffffffffffffff, &(0x7f00000005c0), 0x0) getpgrp(0x0) fstat(0xffffffffffffffff, &(0x7f0000000640)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000800)={{{@in6=@dev, @in6=@mcast2}}, {{@in=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000000980)=0x71) [ 238.922022] libceph: parse_ips bad ip '[d:]' [ 238.966655] libceph: parse_ips bad ip '[d:]' [ 239.091658] syz-executor0 (7587) used greatest stack depth: 13760 bytes left [ 239.469789] audit: type=1804 audit(1542695621.473:31): pid=6059 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir262003650/syzkaller.sU9W35/0/cpuset.effective_mems" dev="sda1" ino=16524 res=1 06:33:42 executing program 4: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x44, 0x4, 0xa94e, 0x0, 0xffffffffffffffff, 0x1d01}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x1f) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000003c0)={0x0, @loopback, 0x0, 0x0, 'lc\x00', 0x0, 0x7}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000280), &(0x7f00000000c0)=""/70}, 0x18) 06:33:42 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup2(r0, r1) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000001b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-aesni\x00'}, 0x58) ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, &(0x7f0000000200)=""/225) ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000040)={0x0, 0x3, 0x100000000}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000028c0), 0x0) accept$alg(r4, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xffffff29) 06:33:42 executing program 2: perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x200, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003500)=[{{&(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, &(0x7f0000007d80)) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_mr_cache\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x7fffef8d) ioctl$BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000000)) 06:33:42 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x10, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f0000000000), 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x400, 0x9, 0x8e0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000001380)={[{0x0, 'memory'}, {0x0, 'cpu'}]}, 0xd) pipe(&(0x7f0000000480)) syz_genetlink_get_family_id$team(&(0x7f0000000500)='team\x00') accept4$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000600)=0x14, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000680)={0x0, @remote, @dev}, &(0x7f00000006c0)=0xc) epoll_create1(0x0) syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x50, 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000013c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 06:33:42 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000640)=@polexpire={0xcc, 0x1b, 0xa01, 0x0, 0x0, {{{@in=@rand_addr, @in6}}}, [@sec_ctx={0xc, 0x8, {0x8}}]}, 0xcc}}, 0x0) [ 240.630474] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 240.637522] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:33:42 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x44, 0x4, 0xa94e, 0x0, 0xffffffffffffffff, 0x1d01}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x1f) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000003c0)={0x0, @loopback, 0x0, 0x0, 'lc\x00', 0x0, 0x7}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000280), &(0x7f00000000c0)=""/70}, 0x18) 06:33:42 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x20601, 0x0) perf_event_open(&(0x7f0000000400)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet(0x2, 0x0, 0x8) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000340)) fcntl$addseals(0xffffffffffffffff, 0x8, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000540)=ANY=[], 0x0) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000140), 0xba) [ 241.046702] Unrecognized hibernate image header format! [ 241.052694] PM: Image mismatch: architecture specific data 06:33:43 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x5, 0x30000) ioctl$BLKROSET(r0, 0x125d, &(0x7f00000002c0)=0x80) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000000000), 0xc) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0xf30e020000000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x14, 0x22, 0x1, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000280)) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x6102bc20ebf407b4) getsockopt$packet_int(r2, 0x107, 0x7, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='pagemap\x00') connect$llc(0xffffffffffffffff, &(0x7f0000000140)={0x1a, 0x30f, 0x400, 0x80, 0x0, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10, r3, 0x0) 06:33:43 executing program 1: mknod$loop(&(0x7f0000000040)='./file1\x00', 0x6003, 0xffffffffffffffff) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x6f, &(0x7f0000001380)=0x5d, 0x4) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000340)={0x38, 0xfffffffffffffffe, 0x6, 0x0, 0x6}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff) write$P9_RWALK(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="3d0000006f02000400ad041700000300000000000000100000000008000000000000002000000000020000000000000040000000000600000000"], 0x3a) write$cgroup_int(r0, &(0x7f0000000080), 0x2001007f) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) pwrite64(r0, &(0x7f0000000400)="fe94fbb5083fdb2f93669b0371e3396da677b85ac5b1e6db6ef6a0a8c1a70328a76f", 0x22, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000440)=0x7) request_key(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000500)={'syz', 0x2}, &(0x7f0000000540)='/dev/ptmx\x00', 0x0) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f00000013c0)=""/45) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) pwrite64(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x0) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000380)=""/11) r1 = open(&(0x7f0000000140)='./file1\x00', 0x0, 0x4) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0)='tls\x00', 0x4) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000180)}) [ 241.473383] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:33:43 executing program 1: mknod$loop(&(0x7f0000000040)='./file1\x00', 0x6003, 0xffffffffffffffff) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x6f, &(0x7f0000001380)=0x5d, 0x4) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000340)={0x38, 0xfffffffffffffffe, 0x6, 0x0, 0x6}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff) write$P9_RWALK(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="3d0000006f02000400ad041700000300000000000000100000000008000000000000002000000000020000000000000040000000000600000000"], 0x3a) write$cgroup_int(r0, &(0x7f0000000080), 0x2001007f) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) pwrite64(r0, &(0x7f0000000400)="fe94fbb5083fdb2f93669b0371e3396da677b85ac5b1e6db6ef6a0a8c1a70328a76f", 0x22, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000440)=0x7) request_key(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000500)={'syz', 0x2}, &(0x7f0000000540)='/dev/ptmx\x00', 0x0) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f00000013c0)=""/45) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) pwrite64(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x0) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000380)=""/11) r1 = open(&(0x7f0000000140)='./file1\x00', 0x0, 0x4) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0)='tls\x00', 0x4) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000180)}) 06:33:43 executing program 4: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x44, 0x4, 0xa94e, 0x0, 0xffffffffffffffff, 0x1d01}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x1f) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000003c0)={0x0, @loopback, 0x0, 0x0, 'lc\x00', 0x0, 0x7}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000280), &(0x7f00000000c0)=""/70}, 0x18) 06:33:43 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x44, 0x4, 0xa94e, 0x0, 0xffffffffffffffff, 0x1d01}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x1f) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000003c0)={0x0, @loopback, 0x0, 0x0, 'lc\x00', 0x0, 0x7}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000280), &(0x7f00000000c0)=""/70}, 0x18) 06:33:44 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x5, 0x30000) ioctl$BLKROSET(r0, 0x125d, &(0x7f00000002c0)=0x80) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000000000), 0xc) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0xf30e020000000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x14, 0x22, 0x1, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000280)) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x6102bc20ebf407b4) getsockopt$packet_int(r2, 0x107, 0x7, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='pagemap\x00') connect$llc(0xffffffffffffffff, &(0x7f0000000140)={0x1a, 0x30f, 0x400, 0x80, 0x0, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10, r3, 0x0) 06:33:44 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup2(r0, r1) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000001b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-aesni\x00'}, 0x58) ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, &(0x7f0000000200)=""/225) ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000040)={0x0, 0x3, 0x100000000}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000028c0), 0x0) accept$alg(r4, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xffffff29) 06:33:44 executing program 4: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x44, 0x4, 0xa94e, 0x0, 0xffffffffffffffff, 0x1d01}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x1f) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000003c0)={0x0, @loopback, 0x0, 0x0, 'lc\x00', 0x0, 0x7}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000280), &(0x7f00000000c0)=""/70}, 0x18) [ 242.587783] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 242.913980] audit: type=1804 audit(1542695624.913:32): pid=6059 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir262003650/syzkaller.sU9W35/2/cpuset.effective_mems" dev="sda1" ino=16554 res=1 [ 244.056264] audit: type=1804 audit(1542695626.053:33): pid=6059 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir262003650/syzkaller.sU9W35/3/cpuset.effective_mems" dev="sda1" ino=16547 res=1 06:33:46 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000040)={0x1f, 0x0, &(0x7f0000000100)}) 06:33:46 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x5, 0x30000) ioctl$BLKROSET(r0, 0x125d, &(0x7f00000002c0)=0x80) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000000000), 0xc) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0xf30e020000000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x14, 0x22, 0x1, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000280)) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x6102bc20ebf407b4) getsockopt$packet_int(r2, 0x107, 0x7, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='pagemap\x00') connect$llc(0xffffffffffffffff, &(0x7f0000000140)={0x1a, 0x30f, 0x400, 0x80, 0x0, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10, r3, 0x0) 06:33:46 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x44, 0x4, 0xa94e, 0x0, 0xffffffffffffffff, 0x1d01}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x1f) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000003c0)={0x0, @loopback, 0x0, 0x0, 'lc\x00', 0x0, 0x7}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000280), &(0x7f00000000c0)=""/70}, 0x18) 06:33:46 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x840000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2711, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x23e) 06:33:46 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup2(r0, r1) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000001b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-aesni\x00'}, 0x58) ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, &(0x7f0000000200)=""/225) ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000040)={0x0, 0x3, 0x100000000}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000028c0), 0x0) accept$alg(r4, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xffffff29) 06:33:46 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) [ 244.405232] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:33:46 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2, 0xd101}}, 0xf0}}, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000100)) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000004c0)={0x100, {{0xa, 0x4e23, 0x1, @mcast2, 0x5}}, 0x0, 0x3, [{{0xa, 0x4e24, 0x4, @dev={0xfe, 0x80, [], 0xf}, 0x1ff}}, {{0xa, 0x4e24, 0x6, @mcast1}}, {{0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x1b}, 0x66e6}}]}, 0x210) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000740), &(0x7f0000000780)=0x1c) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000980)={&(0x7f0000000a00)=ANY=[@ANYBLOB="000127bd7000fcdbdf250c00000058000300080007004e220000080004000300000008000300020000001400020073797a6b616c6c65723000000000000014000600fe8000000000000000000000000000aa14000200626373683000000000000000000000000800050000000000"], 0x1}, 0x1, 0x0, 0x0, 0x810}, 0x240000c0) kexec_load(0x9, 0x1, &(0x7f0000000800)=[{&(0x7f00000007c0)="23a373c7c7fb9a2d6707653c32fa6a", 0xf, 0x1ff, 0x1ff}], 0x280002) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x3f, &(0x7f00000002c0)="e348d382d2810a43d0f66958b49c0e4490a44eb11ada4544425c09bfa4fb9a688dead3ab16ced5c1dd25feb48ced023a383c527d31f31669d609e42d56e97d30da04d6c7fc184b676b4b84d23845dbc4b01396b3be0fe133eef6fcae649800b24c6e4c39bb11541fdb7f1431f745c9fd78aa29c359f93ca6be1f510d45075482c026a39bf0c2712b909cb9f288cf9ecac93487368ddc509fd94b05ae451fe19c3cc5afbfa23cd97d0b50f0f248b5", 0xae) socket$nl_xfrm(0x10, 0x3, 0x6) 06:33:46 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2, 0xd101}}, 0xf0}}, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000100)) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000004c0)={0x100, {{0xa, 0x4e23, 0x1, @mcast2, 0x5}}, 0x0, 0x3, [{{0xa, 0x4e24, 0x4, @dev={0xfe, 0x80, [], 0xf}, 0x1ff}}, {{0xa, 0x4e24, 0x6, @mcast1}}, {{0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x1b}, 0x66e6}}]}, 0x210) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000740), &(0x7f0000000780)=0x1c) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000980)={&(0x7f0000000a00)=ANY=[@ANYBLOB="000127bd7000fcdbdf250c00000058000300080007004e220000080004000300000008000300020000001400020073797a6b616c6c65723000000000000014000600fe8000000000000000000000000000aa14000200626373683000000000000000000000000800050000000000"], 0x1}, 0x1, 0x0, 0x0, 0x810}, 0x240000c0) kexec_load(0x9, 0x1, &(0x7f0000000800)=[{&(0x7f00000007c0)="23a373c7c7fb9a2d6707653c32fa6a", 0xf, 0x1ff, 0x1ff}], 0x280002) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x3f, &(0x7f00000002c0)="e348d382d2810a43d0f66958b49c0e4490a44eb11ada4544425c09bfa4fb9a688dead3ab16ced5c1dd25feb48ced023a383c527d31f31669d609e42d56e97d30da04d6c7fc184b676b4b84d23845dbc4b01396b3be0fe133eef6fcae649800b24c6e4c39bb11541fdb7f1431f745c9fd78aa29c359f93ca6be1f510d45075482c026a39bf0c2712b909cb9f288cf9ecac93487368ddc509fd94b05ae451fe19c3cc5afbfa23cd97d0b50f0f248b5", 0xae) socket$nl_xfrm(0x10, 0x3, 0x6) 06:33:46 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket(0x40000000015, 0x5, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r1, &(0x7f0000000e40), 0xffc, 0x0, &(0x7f00000004c0)={0x2, 0x0, @loopback}, 0x10) 06:33:46 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCETHTOOL(r0, 0x8993, &(0x7f0000000040)={'bond0\x00', &(0x7f0000000140)=@ethtool_gstrings}) 06:33:46 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2, 0xd101}}, 0xf0}}, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000100)) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000004c0)={0x100, {{0xa, 0x4e23, 0x1, @mcast2, 0x5}}, 0x0, 0x3, [{{0xa, 0x4e24, 0x4, @dev={0xfe, 0x80, [], 0xf}, 0x1ff}}, {{0xa, 0x4e24, 0x6, @mcast1}}, {{0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x1b}, 0x66e6}}]}, 0x210) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000740), &(0x7f0000000780)=0x1c) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000980)={&(0x7f0000000a00)=ANY=[@ANYBLOB="000127bd7000fcdbdf250c00000058000300080007004e220000080004000300000008000300020000001400020073797a6b616c6c65723000000000000014000600fe8000000000000000000000000000aa14000200626373683000000000000000000000000800050000000000"], 0x1}, 0x1, 0x0, 0x0, 0x810}, 0x240000c0) kexec_load(0x9, 0x1, &(0x7f0000000800)=[{&(0x7f00000007c0)="23a373c7c7fb9a2d6707653c32fa6a", 0xf, 0x1ff, 0x1ff}], 0x280002) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x3f, &(0x7f00000002c0)="e348d382d2810a43d0f66958b49c0e4490a44eb11ada4544425c09bfa4fb9a688dead3ab16ced5c1dd25feb48ced023a383c527d31f31669d609e42d56e97d30da04d6c7fc184b676b4b84d23845dbc4b01396b3be0fe133eef6fcae649800b24c6e4c39bb11541fdb7f1431f745c9fd78aa29c359f93ca6be1f510d45075482c026a39bf0c2712b909cb9f288cf9ecac93487368ddc509fd94b05ae451fe19c3cc5afbfa23cd97d0b50f0f248b5", 0xae) socket$nl_xfrm(0x10, 0x3, 0x6) 06:33:46 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2, 0xd101}}, 0xf0}}, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000100)) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000004c0)={0x100, {{0xa, 0x4e23, 0x1, @mcast2, 0x5}}, 0x0, 0x3, [{{0xa, 0x4e24, 0x4, @dev={0xfe, 0x80, [], 0xf}, 0x1ff}}, {{0xa, 0x4e24, 0x6, @mcast1}}, {{0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, [], 0x1b}, 0x66e6}}]}, 0x210) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000740), &(0x7f0000000780)=0x1c) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000980)={&(0x7f0000000a00)=ANY=[@ANYBLOB="000127bd7000fcdbdf250c00000058000300080007004e220000080004000300000008000300020000001400020073797a6b616c6c65723000000000000014000600fe8000000000000000000000000000aa14000200626373683000000000000000000000000800050000000000"], 0x1}, 0x1, 0x0, 0x0, 0x810}, 0x240000c0) kexec_load(0x9, 0x1, &(0x7f0000000800)=[{&(0x7f00000007c0)="23a373c7c7fb9a2d6707653c32fa6a", 0xf, 0x1ff, 0x1ff}], 0x280002) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x3f, &(0x7f00000002c0)="e348d382d2810a43d0f66958b49c0e4490a44eb11ada4544425c09bfa4fb9a688dead3ab16ced5c1dd25feb48ced023a383c527d31f31669d609e42d56e97d30da04d6c7fc184b676b4b84d23845dbc4b01396b3be0fe133eef6fcae649800b24c6e4c39bb11541fdb7f1431f745c9fd78aa29c359f93ca6be1f510d45075482c026a39bf0c2712b909cb9f288cf9ecac93487368ddc509fd94b05ae451fe19c3cc5afbfa23cd97d0b50f0f248b5", 0xae) socket$nl_xfrm(0x10, 0x3, 0x6) 06:33:46 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001440)={&(0x7f0000000000)={0x10, 0x4170000}, 0xc, &(0x7f0000001400)={&(0x7f0000000240)=@newae={0x5c, 0x1e, 0x101, 0x0, 0x0, {{@in=@rand_addr}, @in=@remote}, [@replay_esn_val={0x1c}]}, 0x5c}}, 0x0) 06:33:47 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x5, 0x30000) ioctl$BLKROSET(r0, 0x125d, &(0x7f00000002c0)=0x80) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000000000), 0xc) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0xf30e020000000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x14, 0x22, 0x1, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000280)) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x6102bc20ebf407b4) getsockopt$packet_int(r2, 0x107, 0x7, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='pagemap\x00') connect$llc(0xffffffffffffffff, &(0x7f0000000140)={0x1a, 0x30f, 0x400, 0x80, 0x0, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10, r3, 0x0) 06:33:47 executing program 5: r0 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000400)={0xb, 0xfffffffffffffffe}) 06:33:47 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 06:33:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0xaaaaaaaaaaaab7d, 0x0, &(0x7f0000000080), 0x111) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000200)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f00000001c0)="650fc75c276766b882000f00d0c4423d3c56eef22ede9a002000000f01cf0f3042802100660f38802afb0f23d4", 0x2d}], 0x1, 0xffffffffffffffff, &(0x7f0000000040), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200)}}, 0x20) 06:33:47 executing program 0: fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) r0 = socket(0x10, 0x20001000000003, 0x0) write(r0, &(0x7f0000000000)="220000001400070500e80000004c03000208030001000000080002004102fff0f054", 0x22) r1 = socket$netlink(0x10, 0x3, 0x18) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/attr/current\x00', 0x2, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="390000001300090468fe0704000000000000ff3f03000000450001070000001419001a0015000a00070007000200000800005d14a4e91ee438", 0x39}], 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) connect$inet(r2, &(0x7f0000000040)={0x2, 0x3ffffffffffffffe, @broadcast}, 0x10) r4 = dup3(r2, r2, 0x80000) ioctl$VIDIOC_G_STD(r4, 0x80085617, &(0x7f00000002c0)) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000080)={0x2, {0x2, 0x4e20}, {0x2, 0x4e21, @loopback}, {0x2, 0x4e23, @broadcast}, 0x180, 0x8, 0x5, 0x1000, 0x0, 0x0, 0x800}) r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x94) sendmmsg(r2, &(0x7f0000007fc0), 0x40000000000002f, 0x0) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000240)=0x0) ioctl$TUNGETIFF(r5, 0x800454d2, &(0x7f0000000200)) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000180)={0x8001, 0x8, 0x6, 0x0, 0x372}) ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000340)={0x3, 0x1, @start={0xda, 0x1}}) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000003c0)='./file0\x00', 0x8000, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYRES64=r6, @ANYRES64=r0]) 06:33:47 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup2(r0, r1) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000001b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-aesni\x00'}, 0x58) ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, &(0x7f0000000200)=""/225) ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000040)={0x0, 0x3, 0x100000000}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000028c0), 0x0) accept$alg(r4, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xffffff29) [ 245.265623] netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. 06:33:47 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 06:33:47 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000140)="2f65786500000000000035abe1e80d903e0d717ac1889a45e54a5c8f95f5d2968ae8c767e9d18fd69a000000") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800000000004, 0x20011, r1, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x72, &(0x7f00000002c0), &(0x7f0000000300)=0x8) [ 245.331812] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:33:47 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) [ 245.455950] FAT-fs (loop0): Unrecognized mount option "ÿÿÿÿÿÿÿÿ" or missing value 06:33:47 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 06:33:47 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) accept4(r0, &(0x7f00000001c0)=@ethernet={0x0, @dev}, &(0x7f0000000240)=0x80, 0x0) 06:33:47 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000004d80)="0a5c2d0240316285717070") r1 = socket$pptp(0x18, 0x1, 0x2) close(r1) 06:33:47 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = syz_open_dev$sndseq(&(0x7f0000cab5b3)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000c03000)={{0x20000000000080}, "0a4ceaa05dad126e00000002a1569b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42d576589701a4"}) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) dup2(r2, r1) 06:33:47 executing program 4: socket$inet6(0xa, 0x3, 0x6) syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000880)={@un=@abs, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300), 0x3}, 0xa0) ioctl$KVM_GET_NESTED_STATE(r0, 0xc080aebe, &(0x7f0000000ec0)={0x0, 0x0, 0x2080}) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}}, &(0x7f0000000380)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000280)=r0, 0x4) r1 = socket(0x40000000015, 0x5, 0x0) ioctl$int_in(r1, 0x0, &(0x7f0000000900)) alarm(0x10000) renameat2(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x4) r2 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0, 0x3f}) mq_timedsend(r2, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)={0x77359400}) ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f00000002c0)=""/60) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x40}, &(0x7f00000001c0)=0x8) perf_event_open(&(0x7f0000000300)={0x0, 0x70, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) kexec_load(0x201ef1c0, 0x1, &(0x7f0000000180)=[{&(0x7f00000001c0), 0x2, 0x1d2187000, 0x1000000}], 0xc0b11f2000000000) [ 246.022330] netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. 06:33:48 executing program 0: fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) r0 = socket(0x10, 0x20001000000003, 0x0) write(r0, &(0x7f0000000000)="220000001400070500e80000004c03000208030001000000080002004102fff0f054", 0x22) r1 = socket$netlink(0x10, 0x3, 0x18) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/attr/current\x00', 0x2, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="390000001300090468fe0704000000000000ff3f03000000450001070000001419001a0015000a00070007000200000800005d14a4e91ee438", 0x39}], 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) connect$inet(r2, &(0x7f0000000040)={0x2, 0x3ffffffffffffffe, @broadcast}, 0x10) r4 = dup3(r2, r2, 0x80000) ioctl$VIDIOC_G_STD(r4, 0x80085617, &(0x7f00000002c0)) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000080)={0x2, {0x2, 0x4e20}, {0x2, 0x4e21, @loopback}, {0x2, 0x4e23, @broadcast}, 0x180, 0x8, 0x5, 0x1000, 0x0, 0x0, 0x800}) r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x94) sendmmsg(r2, &(0x7f0000007fc0), 0x40000000000002f, 0x0) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000240)=0x0) ioctl$TUNGETIFF(r5, 0x800454d2, &(0x7f0000000200)) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000180)={0x8001, 0x8, 0x6, 0x0, 0x372}) ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000340)={0x3, 0x1, @start={0xda, 0x1}}) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000003c0)='./file0\x00', 0x8000, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYRES64=r6, @ANYRES64=r0]) 06:33:48 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000900)={[{@nosuiddir='nosuiddir'}]}) 06:33:48 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7c0916527441a41fb2bee6cd8fced9b3d694c521fcd5f6aad308d18e177dd271fe977f74ffb08f1a97e0fcf890b3e705df24874dcefe0a6337068b1c869a6608", "7c3ff75720b1b041e08b4cf4abf314344d035ba046fe609b0ed132d5434c4df1"}) [ 246.187114] netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. 06:33:48 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @local}, {0x0, @random="8148e914ad32"}, 0x0, {0x3, 0x0, @rand_addr}, 'lo\x00'}) [ 246.321022] gfs2: not a GFS2 filesystem 06:33:48 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x2, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000430007031dfffd946f61830002200a00090000e7fe1c40000c1ba3a20400ff7e280000001100ffffba16a0aa1ce208b3ebea8653b1cc7e63975c02007b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 246.437377] FAT-fs (loop0): Unrecognized mount option "ÿÿÿÿÿÿÿÿ" or missing value 06:33:48 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x20, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000600)={{0x9, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 'syz0\x00', &(0x7f0000000000), 0x274, [], [0x5]}) [ 246.478104] gfs2: not a GFS2 filesystem 06:33:48 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='dctcp\x00', 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f00000001c0), 0xfffffdf5, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='veno\x00', 0x5) sendto$inet(r0, &(0x7f00000005c0)="1a8c443d3a568c81cc096aa87ddab0f1b182da383fd71795f41053261e63b0b9f1283f7431b6146106716c21b43625f9194bf4b6a5dba53c46b82862a2f804121cda7e6be8fd507bb1545de629746d878f10be8036e98a270c42d6458f97b342303464e94ccb6d6f4f81941e3f3fa371596cdf17e160c992140c9dc81362f019f017", 0x82, 0x0, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/226, 0xfffffd85}], 0x1) recvfrom(r0, &(0x7f0000000200)=""/239, 0xef, 0x0, 0x0, 0x0) close(r0) [ 246.521762] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. 06:33:48 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7c0916527441a41fb2bee6cd8fced9b3d694c521fcd5f6aad308d18e177dd271fe977f74ffb08f1a97e0fcf890b3e705df24874dcefe0a6337068b1c869a6608", "7c3ff75720b1b041e08b4cf4abf314344d035ba046fe609b0ed132d5434c4df1"}) 06:33:48 executing program 5: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:netlabel_mgmt_exec_t:s0\x00', 0x2a, 0x0) mount$bpf(0x20000000, &(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='bpf\x00', 0x2001001, &(0x7f0000000140)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000800), 0x100020, &(0x7f0000000300)={[{@noblock_validity='noblock_validity'}]}) 06:33:48 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000100), 0xe) listen(r0, 0xfffffffffffffffe) close(0xffffffffffffffff) socket$l2tp(0x18, 0x1, 0x1) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r3 = socket$rds(0x15, 0x5, 0x0) accept4$inet6(r2, &(0x7f00000002c0)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000300)=0x1c, 0x80800) bind$rds(r3, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000001c80)={&(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10, &(0x7f00000003c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="82bc0000000000110000007c4502c8b748f36c975e01000008200000000000"], 0x1f}, 0x0) userfaultfd(0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) lstat(&(0x7f0000000b40)='./file0\x00', &(0x7f0000000b80)) geteuid() getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000d40)={{{@in6=@mcast1, @in=@multicast2}}, {{@in=@rand_addr}, 0x0, @in=@broadcast}}, &(0x7f0000000e40)=0xe8) getuid() ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000000c0)={'bond_slave_1\x00', {0x2, 0x4e20, @local}}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) 06:33:48 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7c0916527441a41fb2bee6cd8fced9b3d694c521fcd5f6aad308d18e177dd271fe977f74ffb08f1a97e0fcf890b3e705df24874dcefe0a6337068b1c869a6608", "7c3ff75720b1b041e08b4cf4abf314344d035ba046fe609b0ed132d5434c4df1"}) [ 246.933423] ================================================================== [ 246.941102] BUG: KASAN: use-after-free in ext4_data_block_valid+0x2d5/0x330 [ 246.948241] Read of size 8 at addr ffff8801d1ef9750 by task udevd/7917 [ 246.954917] [ 246.956569] CPU: 0 PID: 7917 Comm: udevd Not tainted 4.20.0-rc1-next-20181109+ #110 [ 246.964375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.973760] Call Trace: [ 246.976444] dump_stack+0x244/0x39d [ 246.980104] ? dump_stack_print_info.cold.1+0x20/0x20 [ 246.985346] ? printk+0xa7/0xcf [ 246.988640] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 246.993464] print_address_description.cold.7+0x9/0x1ff [ 246.998848] kasan_report.cold.8+0x242/0x309 [ 247.003268] ? ext4_data_block_valid+0x2d5/0x330 [ 247.008032] __asan_report_load8_noabort+0x14/0x20 [ 247.012975] ext4_data_block_valid+0x2d5/0x330 [ 247.017656] __check_block_validity.constprop.80+0xc1/0x210 [ 247.023381] ext4_map_blocks+0x1021/0x1b50 [ 247.027714] ? __lock_is_held+0xb5/0x140 [ 247.031798] ? ext4_issue_zeroout+0x190/0x190 [ 247.036372] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 247.041965] ? d_alloc+0x28b/0x380 [ 247.045527] ext4_getblk+0x4f2/0x630 [ 247.049249] ? find_held_lock+0x36/0x1c0 [ 247.053324] ? ext4_iomap_begin+0x1390/0x1390 [ 247.057900] ? memset+0x31/0x40 [ 247.061195] ext4_bread_batch+0x7f/0x440 [ 247.065325] ext4_find_entry+0xd49/0x1b70 [ 247.069499] ? ext4_search_dir+0x6c0/0x6c0 [ 247.073743] ? mark_held_locks+0x130/0x130 [ 247.077984] ? graph_lock+0x270/0x270 [ 247.081804] ? __d_lookup_rcu+0xaa0/0xaa0 [ 247.085961] ? graph_lock+0x270/0x270 [ 247.089790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.095353] ? graph_lock+0x270/0x270 [ 247.099203] ? graph_lock+0x270/0x270 [ 247.103021] ? find_held_lock+0x36/0x1c0 [ 247.107105] ? graph_lock+0x270/0x270 [ 247.110933] ? __lockdep_init_map+0x105/0x590 [ 247.115478] ext4_lookup+0x15b/0x700 [ 247.119263] ? __init_waitqueue_head+0x9e/0x150 [ 247.119288] ? ext4_cross_rename+0x1cf0/0x1cf0 [ 247.119305] ? lock_acquire+0x1ed/0x520 [ 247.132770] __lookup_slow+0x2b5/0x540 [ 247.136679] ? vfs_unlink+0x510/0x510 [ 247.140504] ? path_init+0x1ed0/0x1ed0 [ 247.144403] lookup_slow+0x57/0x80 [ 247.147948] walk_component+0x92b/0x2590 [ 247.152112] ? trace_hardirqs_on+0xbd/0x310 [ 247.156489] ? check_preemption_disabled+0x48/0x280 [ 247.161519] ? path_init+0x1538/0x1ed0 [ 247.165414] ? trace_hardirqs_off_caller+0x300/0x300 [ 247.170530] ? pick_link+0xaf0/0xaf0 [ 247.174262] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 247.179285] ? set_root+0x42b/0x810 [ 247.182920] ? mark_held_locks+0xc7/0x130 [ 247.187090] ? vfs_mknod+0x800/0x800 [ 247.190810] ? trace_hardirqs_on+0xbd/0x310 [ 247.195211] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 247.200519] ? path_openat+0x220/0x5150 [ 247.204504] ? trace_hardirqs_off_caller+0x300/0x300 [ 247.209623] ? debug_mutex_init+0x2d/0x60 [ 247.213780] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 247.218808] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.224462] ? security_inode_permission+0xd2/0x100 [ 247.229525] ? inode_permission+0xb2/0x560 [ 247.233769] link_path_walk.part.40+0xa61/0x1530 [ 247.238528] ? lookup_open+0x1b90/0x1b90 [ 247.242616] ? walk_component+0x2590/0x2590 [ 247.246962] ? check_preemption_disabled+0x48/0x280 [ 247.251986] ? lock_release+0xa10/0xa10 [ 247.255973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.261576] ? percpu_counter_add_batch+0x141/0x190 [ 247.266664] path_openat+0x270/0x5150 [ 247.270475] ? graph_lock+0x270/0x270 [ 247.274309] ? find_held_lock+0x36/0x1c0 [ 247.278388] ? path_lookupat.isra.43+0xc00/0xc00 [ 247.283201] ? is_bpf_text_address+0xac/0x170 [ 247.287724] ? lock_downgrade+0x900/0x900 [ 247.291879] ? check_preemption_disabled+0x48/0x280 [ 247.296910] ? kasan_check_read+0x11/0x20 [ 247.301065] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 247.306353] ? rcu_read_unlock_special+0x370/0x370 [ 247.311291] ? rcu_softirq_qs+0x20/0x20 [ 247.315323] ? unwind_dump+0x190/0x190 [ 247.319233] ? is_bpf_text_address+0xd3/0x170 [ 247.323772] ? kernel_text_address+0x79/0xf0 [ 247.328194] ? __kernel_text_address+0xd/0x40 [ 247.332696] ? unwind_get_return_address+0x61/0xa0 [ 247.337667] ? __save_stack_trace+0x8d/0xf0 [ 247.342021] ? save_stack+0xa9/0xd0 [ 247.345656] ? save_stack+0x43/0xd0 [ 247.349332] ? kasan_kmalloc+0xc7/0xe0 [ 247.353263] ? kasan_slab_alloc+0x12/0x20 [ 247.357445] ? kmem_cache_alloc+0x12e/0x730 [ 247.361778] do_filp_open+0x255/0x380 [ 247.365611] ? may_open_dev+0x100/0x100 [ 247.369602] ? find_held_lock+0x36/0x1c0 [ 247.373686] ? cache_grow_end+0xa8/0x190 [ 247.377757] ? graph_lock+0x270/0x270 [ 247.381642] do_open_execat+0x221/0x8e0 [ 247.385623] ? __lock_is_held+0xb5/0x140 [ 247.389695] ? unregister_binfmt+0x2a0/0x2a0 [ 247.394115] ? rcu_read_lock_sched_held+0x14f/0x180 [ 247.399152] ? memcpy+0x45/0x50 [ 247.402452] open_exec+0x53/0x70 [ 247.405889] load_elf_binary+0x96e/0x5620 [ 247.410054] ? find_held_lock+0x36/0x1c0 [ 247.414142] ? search_binary_handler+0x12e/0x570 [ 247.418918] ? notesize.isra.5+0x80/0x80 [ 247.422989] ? lock_downgrade+0x900/0x900 [ 247.427156] ? kasan_check_write+0x14/0x20 [ 247.431423] search_binary_handler+0x17d/0x570 [ 247.436019] __do_execve_file.isra.33+0x1661/0x25d0 [ 247.441061] ? prepare_bprm_creds+0x120/0x120 [ 247.445630] ? usercopy_warn+0x110/0x110 [ 247.449721] ? check_preemption_disabled+0x48/0x280 [ 247.454804] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 247.460353] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 247.465900] ? strncpy_from_user+0x411/0x5a0 [ 247.470325] ? digsig_verify+0x1530/0x1530 [ 247.474568] ? kmem_cache_alloc+0x33a/0x730 [ 247.478967] ? do_syscall_64+0x9a/0x820 [ 247.482966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.488509] ? getname_flags+0x26e/0x590 [ 247.492578] ? trace_hardirqs_off_caller+0x300/0x300 [ 247.497726] __x64_sys_execve+0x8f/0xc0 [ 247.501718] do_syscall_64+0x1b9/0x820 [ 247.505690] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 247.511067] ? syscall_return_slowpath+0x5e0/0x5e0 [ 247.516002] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 247.520860] ? trace_hardirqs_on_caller+0x310/0x310 [ 247.525887] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 247.530924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.536469] ? prepare_exit_to_usermode+0x291/0x3b0 [ 247.541518] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 247.546380] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.551578] RIP: 0033:0x7f731c9db207 [ 247.555321] Code: 77 19 f4 48 89 d7 44 89 c0 0f 05 48 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 f7 d8 64 41 89 01 eb df b8 3b 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 00 8c 2d 00 f7 d8 64 89 02 [ 247.574235] RSP: 002b:00007ffdfeb5cc88 EFLAGS: 00000206 ORIG_RAX: 000000000000003b [ 247.581992] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f731c9db207 [ 247.589272] RDX: 000000000181bb10 RSI: 00007ffdfeb5cd80 RDI: 00007ffdfeb5dd90 [ 247.596546] RBP: 0000000000625500 R08: 000000000000177e R09: 000000000000177e [ 247.603827] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000181bb10 [ 247.611108] R13: 0000000000000007 R14: 000000000181b250 R15: 0000000000000005 [ 247.618401] [ 247.620029] Allocated by task 1: [ 247.623406] save_stack+0x43/0xd0 [ 247.626867] kasan_kmalloc+0xc7/0xe0 [ 247.630589] kasan_slab_alloc+0x12/0x20 [ 247.634606] kmem_cache_alloc+0x12e/0x730 [ 247.638776] add_system_zone+0x2e5/0x5f0 [ 247.642846] ext4_setup_system_zone+0x208/0x520 [ 247.647578] ext4_fill_super+0x89eb/0xdba0 [ 247.651838] mount_bdev+0x314/0x3e0 [ 247.655500] ext4_mount+0x3c/0x50 [ 247.659017] legacy_get_tree+0x12f/0x260 [ 247.663093] vfs_get_tree+0x1cb/0x5c0 [ 247.666904] do_mount+0x82a/0x1ff0 [ 247.670451] ksys_mount+0x12d/0x140 [ 247.674140] do_mount_root+0x35/0x1d3 [ 247.677950] mount_block_root+0x39c/0x6ed [ 247.682097] mount_root+0x358/0x39f [ 247.685727] prepare_namespace+0x26c/0x2ab [ 247.689984] kernel_init_freeable+0x69b/0x6b4 [ 247.694480] kernel_init+0x11/0x1ae [ 247.698115] ret_from_fork+0x3a/0x50 [ 247.701823] [ 247.703454] Freed by task 7909: [ 247.706762] save_stack+0x43/0xd0 [ 247.710219] __kasan_slab_free+0x102/0x150 [ 247.714456] kasan_slab_free+0xe/0x10 [ 247.718275] kmem_cache_free+0x83/0x290 [ 247.722249] ext4_release_system_zone+0x7c/0x110 [ 247.727006] ext4_setup_system_zone+0x3ef/0x520 [ 247.731681] ext4_remount+0x16fc/0x2980 [ 247.735674] legacy_reconfigure+0x14c/0x1c0 [ 247.739998] reconfigure_super+0x4c0/0xbb0 [ 247.744241] do_mount+0x1ab4/0x1ff0 [ 247.747874] ksys_mount+0x12d/0x140 [ 247.751507] __x64_sys_mount+0xbe/0x150 [ 247.755690] do_syscall_64+0x1b9/0x820 [ 247.759590] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.764778] [ 247.766425] The buggy address belongs to the object at ffff8801d1ef9738 [ 247.766425] which belongs to the cache ext4_system_zone of size 40 [ 247.779462] The buggy address is located 24 bytes inside of [ 247.779462] 40-byte region [ffff8801d1ef9738, ffff8801d1ef9760) [ 247.791165] The buggy address belongs to the page: [ 247.796132] page:ffffea000747be40 count:1 mapcount:0 mapping:ffff8801d45d4240 index:0xffff8801d1ef9fb9 [ 247.805634] flags: 0x2fffc0000000200(slab) [ 247.809880] raw: 02fffc0000000200 ffff8801d45d5238 ffff8801d45d5238 ffff8801d45d4240 [ 247.817797] raw: ffff8801d1ef9fb9 ffff8801d1ef9000 0000000100000006 0000000000000000 [ 247.825677] page dumped because: kasan: bad access detected [ 247.831381] [ 247.833003] Memory state around the buggy address: [ 247.837935] ffff8801d1ef9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 247.845298] ffff8801d1ef9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 247.852662] >ffff8801d1ef9700: fc fc fc fc fc fc fc fb fb fb fb fb fc fc fb fb [ 247.860017] ^ [ 247.865990] ffff8801d1ef9780: fb fb fb fc fc fb fb fb fb fb fc fc fb fb fb fb [ 247.873349] ffff8801d1ef9800: fb fc fc fb fb fb fb fb fc fc fb fb fb fb fb fc [ 247.880717] ================================================================== 06:33:49 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1000000000000279, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/if_inet6\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000157, 0x4c004800) gettid() 06:33:49 executing program 0: fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) r0 = socket(0x10, 0x20001000000003, 0x0) write(r0, &(0x7f0000000000)="220000001400070500e80000004c03000208030001000000080002004102fff0f054", 0x22) r1 = socket$netlink(0x10, 0x3, 0x18) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/attr/current\x00', 0x2, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="390000001300090468fe0704000000000000ff3f03000000450001070000001419001a0015000a00070007000200000800005d14a4e91ee438", 0x39}], 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) connect$inet(r2, &(0x7f0000000040)={0x2, 0x3ffffffffffffffe, @broadcast}, 0x10) r4 = dup3(r2, r2, 0x80000) ioctl$VIDIOC_G_STD(r4, 0x80085617, &(0x7f00000002c0)) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000080)={0x2, {0x2, 0x4e20}, {0x2, 0x4e21, @loopback}, {0x2, 0x4e23, @broadcast}, 0x180, 0x8, 0x5, 0x1000, 0x0, 0x0, 0x800}) r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x94) sendmmsg(r2, &(0x7f0000007fc0), 0x40000000000002f, 0x0) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000240)=0x0) ioctl$TUNGETIFF(r5, 0x800454d2, &(0x7f0000000200)) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000180)={0x8001, 0x8, 0x6, 0x0, 0x372}) ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000340)={0x3, 0x1, @start={0xda, 0x1}}) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000003c0)='./file0\x00', 0x8000, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYRES64=r6, @ANYRES64=r0]) 06:33:49 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, &(0x7f0000000340)=ANY=[]) read(0xffffffffffffffff, &(0x7f0000006b80)=""/135, 0x87) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000001d80)='/dev/ion\x00', 0x0, 0x0) write$binfmt_aout(r1, &(0x7f0000006c40)=ANY=[@ANYBLOB="0000000000000000000008000000000000000000001c3adde6863809aa0000004e2311b580fbf902bf4059f358dc1ab73301f0ffffc2eed78c43937aad9a85afe827389338a0ddbe9f63e9b1a3abe483a608e2d94fcadcb572c54f42bb8c0d7de02d9bf774a2d8fa246a1f22796dbb1ceeb7bd438081598f12acde0bf8cde4f051b6a442f46e96203526564fc79e6a1ef2fc533e4c9b0036d4f4443a273f0ec003ff00eb19b4fdc7de34de39ed145571230ab02c89bc39f65ba52646a67b733958b24c6f2624191a334f913026b86d7fa03cebaa7c45dcf82769f29e83bfaa7f103cdcecc965d75d880b7a6ea60fbf2b9cc4616742d607788f27f5ab53706ea929058d05a8f8ab6e151114442eb2fc431b7574b73dcfcdb520a5d4839f404a02620f7c2ec21322cf59ebccf70d55234c226198e3e7b3bf24cfb9de6785c10e71e355ab0e796be4c424cd4132769936a102291c4e9da51c33b852609c08b1985d1519116486"], 0x165) socket$inet6_dccp(0xa, 0x6, 0x0) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f00000003c0)={0x0, 0x6}, 0x2) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) write$FUSE_WRITE(0xffffffffffffff9c, &(0x7f0000000040)={0x18, 0xfffffffffffffff5, 0x8, {0x3}}, 0x18) keyctl$instantiate_iov(0x14, r2, &(0x7f0000000a40)=[{&(0x7f00000009c0)="28c4f9176843dc8321001147ade62bfcdb186c3994a84645aeac29e997ece8d9740ecfcf6fe94c61918fa4d1021838617592debe82379fe7ac4898e725039344a7136ce34c3777c02c29598324", 0x4d}], 0x1, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0xfffffefffffffffd) [ 247.888188] Disabling lock debugging due to kernel taint [ 247.910601] EXT4-fs (sda1): re-mounted. Opts: noblock_validity,,errors=continue [ 247.946599] netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. 06:33:50 executing program 5: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:netlabel_mgmt_exec_t:s0\x00', 0x2a, 0x0) mount$bpf(0x20000000, &(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='bpf\x00', 0x2001001, &(0x7f0000000140)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000800), 0x100020, &(0x7f0000000300)={[{@noblock_validity='noblock_validity'}]}) 06:33:50 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='dctcp\x00', 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f00000001c0), 0xfffffdf5, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='veno\x00', 0x5) sendto$inet(r0, &(0x7f00000005c0)="1a8c443d3a568c81cc096aa87ddab0f1b182da383fd71795f41053261e63b0b9f1283f7431b6146106716c21b43625f9194bf4b6a5dba53c46b82862a2f804121cda7e6be8fd507bb1545de629746d878f10be8036e98a270c42d6458f97b342303464e94ccb6d6f4f81941e3f3fa371596cdf17e160c992140c9dc81362f019f017", 0x82, 0x0, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/226, 0xfffffd85}], 0x1) recvfrom(r0, &(0x7f0000000200)=""/239, 0xef, 0x0, 0x0, 0x0) close(r0) 06:33:50 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7c0916527441a41fb2bee6cd8fced9b3d694c521fcd5f6aad308d18e177dd271fe977f74ffb08f1a97e0fcf890b3e705df24874dcefe0a6337068b1c869a6608", "7c3ff75720b1b041e08b4cf4abf314344d035ba046fe609b0ed132d5434c4df1"}) [ 248.026659] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 248.034520] FAT-fs (loop3): Filesystem has been set read-only [ 248.091036] Kernel panic - not syncing: panic_on_warn set ... [ 248.096969] CPU: 0 PID: 7917 Comm: udevd Tainted: G B 4.20.0-rc1-next-20181109+ #110 [ 248.106153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.115506] Call Trace: [ 248.118101] dump_stack+0x244/0x39d [ 248.121739] ? dump_stack_print_info.cold.1+0x20/0x20 [ 248.127034] panic+0x2ad/0x55c [ 248.130237] ? add_taint.cold.5+0x16/0x16 [ 248.134396] ? preempt_schedule+0x4d/0x60 [ 248.138552] ? ___preempt_schedule+0x16/0x18 [ 248.142980] ? trace_hardirqs_on+0xb4/0x310 [ 248.147204] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 248.147311] kasan_end_report+0x47/0x4f [ 248.147326] kasan_report.cold.8+0x76/0x309 [ 248.147340] ? ext4_data_block_valid+0x2d5/0x330 [ 248.147355] __asan_report_load8_noabort+0x14/0x20 [ 248.147374] ext4_data_block_valid+0x2d5/0x330 [ 248.168654] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 17) [ 248.173204] __check_block_validity.constprop.80+0xc1/0x210 [ 248.173222] ext4_map_blocks+0x1021/0x1b50 [ 248.173238] ? __lock_is_held+0xb5/0x140 [ 248.173284] ? ext4_issue_zeroout+0x190/0x190 [ 248.203577] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 248.209138] ? d_alloc+0x28b/0x380 [ 248.212694] ext4_getblk+0x4f2/0x630 [ 248.216409] ? find_held_lock+0x36/0x1c0 [ 248.220476] ? ext4_iomap_begin+0x1390/0x1390 [ 248.224977] ? memset+0x31/0x40 [ 248.228281] ext4_bread_batch+0x7f/0x440 [ 248.232361] ext4_find_entry+0xd49/0x1b70 [ 248.236532] ? ext4_search_dir+0x6c0/0x6c0 [ 248.240772] ? mark_held_locks+0x130/0x130 [ 248.245014] ? graph_lock+0x270/0x270 [ 248.248830] ? __d_lookup_rcu+0xaa0/0xaa0 [ 248.252988] ? graph_lock+0x270/0x270 [ 248.256795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.262350] ? graph_lock+0x270/0x270 [ 248.266160] ? graph_lock+0x270/0x270 [ 248.269971] ? find_held_lock+0x36/0x1c0 [ 248.274038] ? graph_lock+0x270/0x270 [ 248.277849] ? __lockdep_init_map+0x105/0x590 [ 248.282353] ext4_lookup+0x15b/0x700 [ 248.286077] ? __init_waitqueue_head+0x9e/0x150 [ 248.290753] ? ext4_cross_rename+0x1cf0/0x1cf0 [ 248.295339] ? lock_acquire+0x1ed/0x520 [ 248.299320] __lookup_slow+0x2b5/0x540 [ 248.303227] ? vfs_unlink+0x510/0x510 [ 248.307055] ? path_init+0x1ed0/0x1ed0 [ 248.310950] lookup_slow+0x57/0x80 [ 248.314492] walk_component+0x92b/0x2590 [ 248.318554] ? trace_hardirqs_on+0xbd/0x310 [ 248.322886] ? check_preemption_disabled+0x48/0x280 [ 248.327901] ? path_init+0x1538/0x1ed0 [ 248.331813] ? trace_hardirqs_off_caller+0x300/0x300 [ 248.336930] ? pick_link+0xaf0/0xaf0 [ 248.340649] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 248.345667] ? set_root+0x42b/0x810 [ 248.349300] ? mark_held_locks+0xc7/0x130 [ 248.353461] ? vfs_mknod+0x800/0x800 [ 248.357177] ? trace_hardirqs_on+0xbd/0x310 [ 248.361500] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 248.366779] ? path_openat+0x220/0x5150 [ 248.370757] ? trace_hardirqs_off_caller+0x300/0x300 [ 248.375867] ? debug_mutex_init+0x2d/0x60 [ 248.380019] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 248.385041] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.390595] ? security_inode_permission+0xd2/0x100 [ 248.395644] ? inode_permission+0xb2/0x560 [ 248.399883] link_path_walk.part.40+0xa61/0x1530 [ 248.404645] ? lookup_open+0x1b90/0x1b90 [ 248.408717] ? walk_component+0x2590/0x2590 [ 248.413056] ? check_preemption_disabled+0x48/0x280 [ 248.418075] ? lock_release+0xa10/0xa10 [ 248.422056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.427608] ? percpu_counter_add_batch+0x141/0x190 [ 248.432658] path_openat+0x270/0x5150 [ 248.436462] ? graph_lock+0x270/0x270 [ 248.440270] ? find_held_lock+0x36/0x1c0 [ 248.444337] ? path_lookupat.isra.43+0xc00/0xc00 [ 248.449096] ? is_bpf_text_address+0xac/0x170 [ 248.453603] ? lock_downgrade+0x900/0x900 [ 248.457754] ? check_preemption_disabled+0x48/0x280 [ 248.462776] ? kasan_check_read+0x11/0x20 [ 248.466924] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 248.472218] ? rcu_read_unlock_special+0x370/0x370 [ 248.477149] ? rcu_softirq_qs+0x20/0x20 [ 248.481124] ? unwind_dump+0x190/0x190 [ 248.485026] ? is_bpf_text_address+0xd3/0x170 [ 248.489526] ? kernel_text_address+0x79/0xf0 [ 248.493975] ? __kernel_text_address+0xd/0x40 [ 248.498484] ? unwind_get_return_address+0x61/0xa0 [ 248.503419] ? __save_stack_trace+0x8d/0xf0 [ 248.507772] ? save_stack+0xa9/0xd0 [ 248.511400] ? save_stack+0x43/0xd0 [ 248.515030] ? kasan_kmalloc+0xc7/0xe0 [ 248.518920] ? kasan_slab_alloc+0x12/0x20 [ 248.523073] ? kmem_cache_alloc+0x12e/0x730 [ 248.527402] do_filp_open+0x255/0x380 [ 248.531204] ? may_open_dev+0x100/0x100 [ 248.535181] ? find_held_lock+0x36/0x1c0 [ 248.539274] ? cache_grow_end+0xa8/0x190 [ 248.543342] ? graph_lock+0x270/0x270 [ 248.547161] do_open_execat+0x221/0x8e0 [ 248.551142] ? __lock_is_held+0xb5/0x140 [ 248.555209] ? unregister_binfmt+0x2a0/0x2a0 [ 248.559654] ? rcu_read_lock_sched_held+0x14f/0x180 [ 248.564683] ? memcpy+0x45/0x50 [ 248.567975] open_exec+0x53/0x70 [ 248.571350] load_elf_binary+0x96e/0x5620 [ 248.575515] ? find_held_lock+0x36/0x1c0 [ 248.579594] ? search_binary_handler+0x12e/0x570 [ 248.584361] ? notesize.isra.5+0x80/0x80 [ 248.588426] ? lock_downgrade+0x900/0x900 [ 248.592599] ? kasan_check_write+0x14/0x20 [ 248.596849] search_binary_handler+0x17d/0x570 [ 248.601460] __do_execve_file.isra.33+0x1661/0x25d0 [ 248.606493] ? prepare_bprm_creds+0x120/0x120 [ 248.610988] ? usercopy_warn+0x110/0x110 [ 248.615064] ? check_preemption_disabled+0x48/0x280 [ 248.620095] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 248.625641] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 248.631185] ? strncpy_from_user+0x411/0x5a0 [ 248.635639] ? digsig_verify+0x1530/0x1530 [ 248.639896] ? kmem_cache_alloc+0x33a/0x730 [ 248.644220] ? do_syscall_64+0x9a/0x820 [ 248.648219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.653756] ? getname_flags+0x26e/0x590 [ 248.657824] ? trace_hardirqs_off_caller+0x300/0x300 [ 248.662956] __x64_sys_execve+0x8f/0xc0 [ 248.666942] do_syscall_64+0x1b9/0x820 [ 248.670832] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 248.676207] ? syscall_return_slowpath+0x5e0/0x5e0 [ 248.681151] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 248.686003] ? trace_hardirqs_on_caller+0x310/0x310 [ 248.691022] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 248.696041] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.701592] ? prepare_exit_to_usermode+0x291/0x3b0 [ 248.706629] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 248.711498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.716696] RIP: 0033:0x7f731c9db207 [ 248.720423] Code: 77 19 f4 48 89 d7 44 89 c0 0f 05 48 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 f7 d8 64 41 89 01 eb df b8 3b 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 00 8c 2d 00 f7 d8 64 89 02 [ 248.739332] RSP: 002b:00007ffdfeb5cc88 EFLAGS: 00000206 ORIG_RAX: 000000000000003b [ 248.747045] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f731c9db207 [ 248.754545] RDX: 000000000181bb10 RSI: 00007ffdfeb5cd80 RDI: 00007ffdfeb5dd90 [ 248.761832] RBP: 0000000000625500 R08: 000000000000177e R09: 000000000000177e [ 248.769125] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000181bb10 [ 248.776395] R13: 0000000000000007 R14: 000000000181b250 R15: 0000000000000005 [ 248.784726] Kernel Offset: disabled [ 248.788377] Rebooting in 86400 seconds..