0}, 0x0) tkill(r2, 0x3c) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000080)) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 04:50:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syslog(0x2, &(0x7f0000000300)=""/237, 0xed) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)={0x4, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='-pids .io \x00`pu Zrdma +rdma '], 0x1b) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)={0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x9, 0x0, 0x5c55, 0x20, 0xd4c2}) rt_sigprocmask(0x0, &(0x7f0000000040), 0x0, 0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, 0x0, 0x0) 04:50:45 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ad0000005f3f000000000000000000"], 0x38) 04:50:45 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000180)={r5, @in6={{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0x13}, 0xc094}}}, 0x84) r6 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x8, @loopback, 0x4}, 0xff8b) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') 04:50:45 executing program 4: r0 = syz_open_dev$video(&(0x7f00000001c0)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f00000000c0)={0x9, @output}) [ 720.892078] SELinux: ebitmap: truncated map [ 720.933529] SELinux: failed to load policy 04:50:45 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ae0000005f3f000000000000000000"], 0x38) 04:50:45 executing program 4: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r1 = fcntl$getown(r0, 0x9) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) kcmp(0x0, r1, 0x5, r2, r3) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='oom_score_adj\x00') lseek(r4, 0xfffffffffffffffb, 0x0) 04:50:45 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000180)={r5, @in6={{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0x13}, 0xc094}}}, 0x84) r6 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x8, @loopback, 0x4}, 0xff8b) 04:50:45 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000080)={r4}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000180)={r4, @in6={{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0x13}, 0xc094}}}, 0x84) r5 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) 04:50:45 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500af0000005f3f000000000000000000"], 0x38) [ 721.089728] SELinux: ebitmap: truncated map [ 721.094409] SELinux: failed to load policy 04:50:45 executing program 5: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) bind$bt_sco(r2, &(0x7f0000000040)={0x1f, {0x8000000000000000}}, 0x8) listen(r0, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x4, 0x8003}, 0x8) close(r0) 04:50:45 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/\a\x00\x00\x00\x00\x00\x80\x00', 0x80, 0x0) r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x80000, 0x0) pipe2(0x0, 0x0) ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f0000000080)) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f00000004c0)={"814fadeee57a6c90dd383082aa40b72a52317ff5802ccef4f5eb694c86590b86b9bb482f2e636eaf8484289741caa0475ef53303fca328647e972ff6e53cffff267d6c290a655de46aa994691e511f0c198789556201250ed74b09927b0586ca5aad31537966594add4474c5a65360bbae9131fb6c185cb4520bdc1b6ba28bcfe823c6bc276468282298d14ed4793364e0859812dc9496dcaa0d73798019147183468f40082364d9a97a3e3bc38ac3684c01032a9a276b683ddd97c00803e6c77560f9a03f2d386897bd7d3a6fb254e4319d22d0e4263eef9db2f86dd3919437d6748bf05a1ec3d7001f821281eeebb0d8114bb12b38b57ee6015045225eb99bc3f61407172ebe35bec92115d10dace9afee4e993d036b3ce06ae7fa8dafa445a6f8c98988b89738f1f37506f9277a80f060ba0d6991aeb516c6ce3d03bdca167e2bb0d9acfc513e2cd25ed70a12d1be8fc13a0f7893f7d2807b58adf2fe9a13201ce6b2ded73443154f354c6d72153c60c8c439e2611524b41151754c4337daf5f328f8aa6948bda31a1e6d31a9d6337b9b714b4f5a7d85758c7f55163edf846d1c6c16d7f4436d119f1d920b0af3a861f3868a153bc3b027d330a55f729f1130ffcfd4f3cc99c05369921c794428cd8b067a1ad001e3b18e7680a2615a7451475b0b4b702e0344e74bf41c44426f014ec28141cb6521ab361f5cef5fa02112914d4ae2d74f31d44cb3bd2c111ed79154747a7729dd2cc7af9faf58e30d87a5e69174a365369042ad4dfa025a23aa834dabd57e970ca00d769cb2e539593ecc283c0e4daa29893db9076ac3cde35170ce4ace1653dddfb113606d3f84d969520d3caf1f8ae424d40bb1fe03edaa29ec45a01266deadcb292f7f9cbca679f9cff8a9f8f29c501199a9dda8923fed8a95d029f6249cd2cec655d31004a931a8fdb0e7c47bb1ac3ee82f09f69ea6364bf90cf771ce17fc031bb81b32999891d54e56924600f16f85a1f49b99d6f9bf2d4ea361fa3cec5081eccb3085febe051310f151c3a27f3829064960c4551c95be55d6df6ee7e0070bad525ac4743659b4f247dd0389652f3fcb25755b207a22096d139477e40a42b76eb2e474c62ff7e64cf14e15b9a46146c4852cda1f0a37f2b842086259c9a4262ef5a5bbce93ee5b81f7d89b309d5ae3a02df9af33d4250916dd73ee398660a8703f0a4c8c21877f1467e251e54511129d7b35763e4d31c219405cd5ed23f621043ff2ab8bb292efcfe50e299b1f76e5bd1da48595e320faea2fb2b762844b06275f771aac4f0a0309c18102a321ed11fa99b3aa1b167aef38beebf73d0fa87fbf6488b6e99c40496c15f3a950a54c40186bee679f0cadcd35171acc286106933ab24510e51a319a2341cc5aa4a6340d2406ea9db7a795388eac629d13fcfcbe9f92c9b6db94fc192c"}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clock_gettime(0x0, &(0x7f0000000940)={0x0}) ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, &(0x7f0000000140)={0x0, 0x0, {0x8, 0xffffffffffffff2f, 0x1003, 0x6, 0x2, 0x6}}) getpid() getuid() getresgid(&(0x7f0000000380), &(0x7f00000003c0), 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) ioctl$RNDADDTOENTCNT(r5, 0x40045201, &(0x7f00000000c0)=0x1) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) utimensat(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={{}, {r3}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x8000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000014000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000ffa000/0x4000)=nil) syz_genetlink_get_family_id$ipvs(0x0) r6 = semget$private(0x0, 0x4, 0x10) semctl$IPC_INFO(r6, 0x0, 0x3, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000040)={0x0, 0x5}) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f0000000900)={0x2, 0x7fff}) [ 721.303996] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 721.329997] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 721.370757] CPU: 0 PID: 18445 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 721.377743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.387094] Call Trace: [ 721.389681] dump_stack+0x172/0x1f0 [ 721.393401] dump_header+0x15e/0xa55 [ 721.397107] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 721.402212] ? ___ratelimit+0x60/0x595 [ 721.406089] ? do_raw_spin_unlock+0x57/0x270 [ 721.410498] oom_kill_process.cold+0x10/0x6ef [ 721.414987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 721.420512] ? task_will_free_mem+0x139/0x6e0 [ 721.425087] out_of_memory+0x936/0x12d0 [ 721.429061] ? lock_downgrade+0x810/0x810 [ 721.433375] ? oom_killer_disable+0x280/0x280 [ 721.437856] ? find_held_lock+0x35/0x130 [ 721.441943] mem_cgroup_out_of_memory+0x1d2/0x240 [ 721.446784] ? memcg_event_wake+0x230/0x230 [ 721.451274] ? do_raw_spin_unlock+0x57/0x270 [ 721.455708] ? _raw_spin_unlock+0x2d/0x50 [ 721.459846] try_charge+0xef7/0x1480 [ 721.463551] ? find_held_lock+0x35/0x130 [ 721.467607] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 721.472446] ? kasan_check_read+0x11/0x20 [ 721.476594] ? get_mem_cgroup_from_mm+0x156/0x320 [ 721.481431] mem_cgroup_try_charge+0x259/0x6b0 [ 721.486004] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 721.490949] wp_page_copy+0x430/0x16a0 [ 721.494833] ? pmd_pfn+0x1d0/0x1d0 [ 721.498362] ? kasan_check_read+0x11/0x20 [ 721.502499] ? do_raw_spin_unlock+0x57/0x270 [ 721.506912] do_wp_page+0x57d/0x10b0 [ 721.507204] protocol 88fb is buggy, dev hsr_slave_0 [ 721.510638] ? lock_acquire+0x16f/0x3f0 [ 721.510653] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 721.510670] ? kasan_check_write+0x14/0x20 [ 721.515747] protocol 88fb is buggy, dev hsr_slave_1 [ 721.519683] ? do_raw_spin_lock+0xc8/0x240 [ 721.519702] __handle_mm_fault+0x2305/0x3f80 [ 721.519720] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 721.519753] ? count_memcg_event_mm+0x2b1/0x4d0 [ 721.519768] handle_mm_fault+0x1b5/0x690 [ 721.519787] __do_page_fault+0x62a/0xe90 [ 721.559792] ? vmalloc_fault+0x740/0x740 [ 721.563847] ? trace_hardirqs_off_caller+0x65/0x220 [ 721.568872] ? trace_hardirqs_on_caller+0x6a/0x220 [ 721.573795] ? page_fault+0x8/0x30 [ 721.577349] do_page_fault+0x71/0x57d [ 721.581141] ? page_fault+0x8/0x30 [ 721.584671] page_fault+0x1e/0x30 [ 721.588115] RIP: 0033:0x40eba8 [ 721.591299] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 [ 721.610203] RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 [ 721.615558] RAX: 00000000140f25fa RBX: 000000006f5fda93 RCX: 0000001b30a20000 [ 721.622818] RDX: 0000000000000000 RSI: 00000000000005fa RDI: ffffffff140f25fa [ 721.630095] RBP: 0000000000000009 R08: 00000000140f25fa R09: 00000000140f25fe [ 721.637353] R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 [ 721.644628] R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000009 [ 721.655139] Task in /syz0 killed as a result of limit of /syz0 [ 721.663701] memory: usage 307200kB, limit 307200kB, failcnt 3807 [ 721.670415] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 721.678375] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 721.684851] Memory cgroup stats for /syz0: cache:0KB rss:231736KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:231888KB inactive_file:0KB active_file:4KB unevictable:0KB [ 721.707459] Memory cgroup out of memory: Kill process 8471 (syz-executor.0) score 1113 or sacrifice child [ 721.720070] Killed process 8471 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 721.761358] SELinux: ebitmap: truncated map [ 721.770268] SELinux: failed to load policy 04:50:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000200)={0x0, 0x0, 0x1, 0xffffffffffffffe1, 0x1}, 0x14) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0x1da9, 0x4) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) syz_open_dev$mice(&(0x7f0000000240)='/dev/input/mice\x00', 0x0, 0x200000) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$VT_OPENQRY(r3, 0x5600, &(0x7f00000000c0)) 04:50:48 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000080)={r3}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000180)={r3, @in6={{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0x13}, 0xc094}}}, 0x84) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) 04:50:48 executing program 2: io_setup(0x83, &(0x7f00000003c0)=0x0) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) r2 = epoll_create(0x3) io_submit(r0, 0x2, &(0x7f0000000a40)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) 04:50:48 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b00000005f3f000000000000000000"], 0x38) 04:50:48 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x4, 0x11, r4, 0x0) r5 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r5, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r5, 0x0) socket$tipc(0x1e, 0x8de58680707b0d88, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r6, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r6, 0x0) r7 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r7, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) r8 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/mixer\x00', 0xc2400, 0x0) r9 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x80, 0x80000) r10 = dup2(r9, r8) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r11, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r11, 0x0) r12 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r12, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r12, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r12) r13 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) r14 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r15 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r16 = dup2(r15, r15) ioctl$TIOCGSOFTCAR(r16, 0x5419, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r17, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r18, 0x0) ioctl$SIOCAX25DELUID(r16, 0x89e2, &(0x7f0000000140)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, r18}) r19 = dup2(r14, r14) ioctl$TIOCGSOFTCAR(r19, 0x5419, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r19, 0x84, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4) write$FUSE_NOTIFY_STORE(r13, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r13, 0x0) dup(r13) r20 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r21 = dup2(r20, r20) ioctl$TIOCGSOFTCAR(r21, 0x5419, 0x0) r22 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r23 = dup2(r22, r22) ioctl$TIOCGSOFTCAR(r23, 0x5419, 0x0) getdents64(r8, &(0x7f00000002c0), 0x347) ioctl$LOOP_GET_STATUS(r0, 0x4c08, 0x0) 04:50:48 executing program 5: getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000100)=@sack_info={0x0, 0xffff}, 0x0) r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="030000000000000030d3efb4573423e176477865f560c1c4"], 0x8, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000f00f88)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) msgsnd(r0, &(0x7f0000000100)=ANY=[], 0x0, 0x0) msgrcv(r0, &(0x7f0000000080)={0x0, ""/35}, 0x2b, 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) connect$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0x5, 0x0, 0x9, 0x7, 0xcc3, 0x9}, 0x5ce0}, 0xa) 04:50:48 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000080)={r3}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000180)={r3, @in6={{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0x13}, 0xc094}}}, 0x84) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) [ 723.955622] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 723.978056] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 723.986270] CPU: 0 PID: 18475 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 723.993514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 724.002976] Call Trace: [ 724.005784] dump_stack+0x172/0x1f0 [ 724.009442] dump_header+0x15e/0xa55 [ 724.013315] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 724.018440] ? ___ratelimit+0x60/0x595 [ 724.022361] ? do_raw_spin_unlock+0x57/0x270 [ 724.026796] oom_kill_process.cold+0x10/0x6ef [ 724.031405] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 724.037013] ? task_will_free_mem+0x139/0x6e0 [ 724.041536] out_of_memory+0x936/0x12d0 [ 724.045634] ? lock_downgrade+0x810/0x810 [ 724.049803] ? oom_killer_disable+0x280/0x280 [ 724.054448] ? find_held_lock+0x35/0x130 [ 724.058718] mem_cgroup_out_of_memory+0x1d2/0x240 [ 724.063581] ? memcg_event_wake+0x230/0x230 [ 724.067928] ? do_raw_spin_unlock+0x57/0x270 [ 724.072454] ? _raw_spin_unlock+0x2d/0x50 [ 724.076629] try_charge+0xef7/0x1480 [ 724.080452] ? find_held_lock+0x35/0x130 [ 724.084543] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 724.089410] ? kasan_check_read+0x11/0x20 [ 724.089431] ? get_mem_cgroup_from_mm+0x156/0x320 [ 724.098429] mem_cgroup_try_charge+0x259/0x6b0 [ 724.098447] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 724.098463] wp_page_copy+0x430/0x16a0 [ 724.098485] ? pmd_pfn+0x1d0/0x1d0 [ 724.115771] ? kasan_check_read+0x11/0x20 [ 724.119940] ? do_raw_spin_unlock+0x57/0x270 [ 724.124377] do_wp_page+0x57d/0x10b0 [ 724.128214] ? lock_acquire+0x16f/0x3f0 [ 724.132331] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 724.137018] ? kasan_check_write+0x14/0x20 [ 724.141402] ? do_raw_spin_lock+0xc8/0x240 [ 724.145664] __handle_mm_fault+0x2305/0x3f80 [ 724.150091] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 724.154963] ? count_memcg_event_mm+0x2b1/0x4d0 [ 724.159993] handle_mm_fault+0x1b5/0x690 [ 724.164770] __do_page_fault+0x62a/0xe90 [ 724.168847] ? vmalloc_fault+0x740/0x740 [ 724.172928] ? trace_hardirqs_off_caller+0x65/0x220 [ 724.177999] ? trace_hardirqs_on_caller+0x6a/0x220 [ 724.182936] ? page_fault+0x8/0x30 [ 724.186489] do_page_fault+0x71/0x57d [ 724.192123] ? page_fault+0x8/0x30 [ 724.196029] page_fault+0x1e/0x30 [ 724.199487] RIP: 0033:0x40eba8 [ 724.202690] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 [ 724.221695] RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 [ 724.227155] RAX: 00000000ece7b6af RBX: 0000000021bf5395 RCX: 0000001b30a20000 [ 724.234432] RDX: 0000000000000000 RSI: 00000000000016af RDI: ffffffffece7b6af [ 724.241802] RBP: 0000000000000029 R08: 00000000ece7b6af R09: 00000000ece7b6b3 [ 724.249078] R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 04:50:48 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000080)={r3}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000180)={r3, @in6={{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0x13}, 0xc094}}}, 0x84) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) 04:50:48 executing program 5: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) unlinkat(r3, &(0x7f00000000c0)='./file0\x00', 0x0) r4 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000040)=0x7ff) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xfffffffffffffff8) r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0) ioctl$int_in(r5, 0x5452, &(0x7f0000000000)=0xfffffffffffffff8) dup2(r5, r0) [ 724.256453] R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000032 04:50:48 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x10000, 0x0) getsockname$netrom(r1, &(0x7f00000002c0)={{}, [@rose, @null, @remote, @remote, @remote, @rose, @rose, @netrom]}, &(0x7f0000000340)=0x48) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0xa0080, 0x0) r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/status\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r4, 0xc0184900, &(0x7f00000001c0)={0x3e, 0x20, 0x0, r5}) write$P9_RSETATTR(r1, &(0x7f00000004c0)={0x7, 0x1b, 0x2}, 0x7) write$binfmt_script(r2, 0x0, 0x0) connect$unix(r3, &(0x7f0000000580)=@abs={0x1}, 0x4a) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video2\x00', 0x2, 0x0) syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) r6 = dup(0xffffffffffffffff) r7 = getpid() tkill(r7, 0x1000000000015) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) ptrace$getregset(0x4204, r7, 0x207, &(0x7f0000000480)={&(0x7f0000000380)=""/255, 0xff}) ioctl$PERF_EVENT_IOC_DISABLE(r6, 0x2401, 0x8000400803) ftruncate(r2, 0x0) 04:50:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$vsock_dgram(0x28, 0x2, 0x0) readv(0xffffffffffffffff, &(0x7f0000002500)=[{&(0x7f0000000080)=""/8, 0x8}], 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') preadv(r0, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/247, 0xf7}, {&(0x7f0000000000)=""/58, 0x3a}, {&(0x7f00000001c0)=""/73, 0x49}, {&(0x7f0000000280)=""/88, 0x58}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/87, 0x57}], 0x6, 0x0) preadv(r0, &(0x7f00000013c0), 0x1e3, 0x0) [ 724.359962] Task in /syz0 killed as a result of limit of /syz0 [ 724.372941] memory: usage 307200kB, limit 307200kB, failcnt 3839 04:50:48 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000080)={r3}, &(0x7f00000000c0)=0x8) r4 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) [ 724.400307] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 724.415711] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 724.441330] Memory cgroup stats for /syz0: cache:0KB rss:231836KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:231892KB inactive_file:0KB active_file:0KB unevictable:0KB [ 724.479280] Memory cgroup out of memory: Kill process 8808 (syz-executor.0) score 1113 or sacrifice child [ 724.494152] Killed process 8808 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 724.622755] SELinux: ebitmap: truncated map [ 724.629122] SELinux: failed to load policy 04:50:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x81, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x200, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001580)=[{{&(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, 0x0}}], 0x1, 0x100, &(0x7f0000001600)={0x0, 0x989680}) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000001740)={{0x0}, &(0x7f0000001700), 0x20}, 0x20) sysinfo(&(0x7f0000000000)=""/22) openat$vfio(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000054c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) write$P9_RSTAT(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="0a803a15a60b3c09fb5f733668225334976e28f9f11e3941c9158cb25b782a0a0eb612001f3aec29f6ea73a2be13ce7dd5fc33262aa72b8484a6a54d1f163efea5757b592c41edba1e5171e0dc64eaccd523c7591e593b986eb18acf05784424e494140a191a007f9edaa201d86321dc1bc42055a0d8fe4d691c06406a11337f4ff05d52627f4d37979ed50502d94c4cad01c64316773670f21f433c020ce9b88e"], 0xa1) socket$vsock_dgram(0x28, 0x2, 0x0) connect$vsock_stream(r0, &(0x7f0000001780)={0x28, 0x0, 0x0, @host}, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0) r1 = socket$inet(0x10, 0x2, 0x0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00\xeej\x01\x0f\'@\x00', @ifru_flags}) [ 724.707237] net_ratelimit: 10 callbacks suppressed [ 724.707246] protocol 88fb is buggy, dev hsr_slave_0 [ 724.717879] protocol 88fb is buggy, dev hsr_slave_1 [ 724.723245] protocol 88fb is buggy, dev hsr_slave_0 [ 724.728357] protocol 88fb is buggy, dev hsr_slave_1 04:50:49 executing program 4: creat(&(0x7f0000000040)='./file0\x00', 0x334) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet(0x2, 0x5, 0xf6eb) r3 = socket$inet6(0xa, 0x1, 0x0) r4 = syz_open_dev$dspn(&(0x7f0000000080), 0x2, 0x2) ioctl$int_in(r4, 0x208008008010500c, 0x0) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r4, &(0x7f00000003c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="d00000b2e9b70600", @ANYRES16=r5, @ANYBLOB="20002abd7000fedbdf250c00000060000200080002004e2400000800070057f90000080009000400000008000900bb000000080002004e22000008000b000200000014000100ff01000000000000000000000000000108000600010100000800070091ff00"], 0x3}, 0x1, 0x0, 0x0, 0x200000c1}, 0x0) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xbc, r5, 0x0, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip_vti0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x81}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x10001}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ifb0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x100000000}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8b9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}]}, 0xbc}}, 0x8000) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) 04:50:49 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x0, 0x84) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x26}}, 0xc) socket$rds(0x15, 0x5, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040)) 04:50:49 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r3 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) 04:50:49 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x80, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000300)={0x1, 0x7, [@dev={[], 0x2b}, @random="1f107c90b255", @broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @local, @remote, @dev={[], 0x18}]}) accept$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) connect(r6, &(0x7f0000000280)=@nl=@proc={0x10, 0x0, 0x25dfdbfd, 0x1000000}, 0x80) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000340)=0x1ff, 0x4) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000380)=r6) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r11, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r12 = perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r13 = dup3(r12, r11, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x1000, 0x0, 0x1000, 0x2, 0xffffffffffffffff, 0x6, [], r14, r13, 0x1}, 0x3c) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@local, @rand_addr, r14}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x5a03dc44333680c3, 0x0, &(0x7f00000003c0), &(0x7f0000000440)='syzkaller\x00', 0x1000, 0x92, &(0x7f0000000480)=""/146, 0x60780, 0x0, [], r14, 0x7, r1, 0x8, &(0x7f0000000540)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000580)={0x3, 0x5, 0x2, 0x9}, 0x10}, 0x70) sendmsg$can_bcm(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x1d, r4}, 0x10, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x1186, 0x8, {r7, r8/1000+10000}, {0x0, 0x7530}, {0x3, 0xffffffffffffffff, 0x8, 0x7}, 0x1, @can={{0x3, 0x4, 0x8000, 0x7fffffff}, 0x4, 0x2, 0x0, 0x0, "25d3654b0bf395c8"}}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) getsockname$inet6(r0, 0x0, &(0x7f00000000c0)) 04:50:49 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b10000005f3f000000000000000000"], 0x38) [ 724.838568] SELinux: ebitmap: truncated map [ 724.844144] SELinux: failed to load policy 04:50:49 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000440)) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=ANY=[]}}, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) syz_genetlink_get_family_id$tipc(&(0x7f0000000540)='TIPC\x00') ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000780)={0x40, {{0x2, 0x4e24, @broadcast}}, {{0x2, 0x0, @multicast2}}}, 0x108) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$VFIO_GET_API_VERSION(r0, 0x3b64) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:50:49 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r2 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:50:49 executing program 2: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={r2}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000140)={0x2, 0x1, 0x820e, 0x9, 0x747, 0x1, 0x3, 0x2, r2}, &(0x7f0000001380)=0x20) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) write$vnet(r4, &(0x7f0000001300)={0x1, {&(0x7f0000000080)=""/65, 0x41, &(0x7f0000000300)=""/4096, 0x1, 0x5a08859cfb29825d}}, 0x68) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x5, 0x0) socketpair$unix(0x1, 0x80000000003, 0x0, &(0x7f0000000000)={0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000100)=0xe8) sendmmsg(r5, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@ll={0x11, 0x2, r6, 0x1, 0x4, 0x6, @remote}, 0x80, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 04:50:49 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000004001d00bfa30000000000000703000000feffff7a0af0fbf8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000200065040400010004bc0404000001007d60b704000000fe00000000850000002a000000b700060000000000950000000000000000000000000024bc49251437e8db1f5d121c1133f0bf569b11acd30ebeb0ec2ebc9ca43f1483cef0ede90ddeca42e2fb7c2b26fe4af6f8b6fc55625d82252b65bce401e2ae0a549a6c68e7685cdb5bb43cdf609ab90aed7ab59040be35d99f3cf4c20539470241b5727436db54ad6b2c9f3af8ce33df06509aac6954f2515b56bf37f4df7c0f362ec574c592b715bd544dd68d7c4ce198ca14e1aeb767c730ae784d4472fea5cf8083572cd970207ea8f5fcf25f221b798de85d807670374dbcbb69fd6f10e9e8cf1dde2edd528cf6cd6959ce2f670e1e7423b256ae88f008219e7b374b1737d9d3f378"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) socketpair$unix(0x1, 0x8000000000005, 0x0, &(0x7f0000000180)) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x9, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x111801, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x6) socket$nl_generic(0x10, 0x3, 0x10) 04:50:49 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b20000005f3f000000000000000000"], 0x38) 04:50:49 executing program 5: setrlimit(0x10000000002, &(0x7f0000000000)) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000011000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000001000/0x2000)=nil, &(0x7f0000008000/0xa000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f000000f000/0x4000)=nil, &(0x7f0000005000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000010000/0x3000)=nil, 0x0}, 0x68) 04:50:49 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r2 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:50:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xea, 0x0, 0x3, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000280), 0x4) llistxattr(0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000003100)={0x0, 0xfffffffffffffffa}) pipe2(0x0, 0x80000) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) [ 725.136919] SELinux: ebitmap: truncated map [ 725.148516] SELinux: failed to load policy 04:50:49 executing program 4: r0 = socket(0x3dfcf2dfc47f94a1, 0xa, 0x8) write(r0, &(0x7f0000000000)="1f0000000b06ff54c02f333096fd4e00"/31, 0x1f) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r2, 0x5386, &(0x7f0000000080)) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) write$P9_RFLUSH(r2, &(0x7f0000000040)={0x7, 0x6d, 0x1}, 0x7) ioctl$TIOCGWINSZ(r2, 0x5413, &(0x7f00000000c0)) 04:50:49 executing program 5: r0 = syz_open_dev$admmidi(&(0x7f00000013c0)='/dev/admmidi#\x00', 0x200, 0x10000) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001400)='/dev/autofs\x00', 0x80, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000001440)={0x0, r1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f00000000c0)={0x7a, 0x0, [0xc0000101, 0x0, 0x48], [0x3a]}) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$CAPI_GET_FLAGS(r7, 0x80044323, &(0x7f0000001380)) r8 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001340)={r8, 0x0, 0x86, 0x9f, &(0x7f0000000000)="7160be21a460af3867ce6baae3f6725b1ef4c6058ce80379708f8830b25001a3ce6baac7c128aedf3d974bf63250a2b312a28bf96bbe315a2e6a850c102f290e7098b17ca2ac5a28dd6276afcb2a0c21f7964cf1f46c866b2148a88a9f677a6841839cf1db3f194526059e8e71ddcf6df5e46ca820b8fe9bf77a48e2a232456adde56aa8845c", &(0x7f0000000140)=""/159, 0x8000, 0x0, 0xfc, 0x1000, &(0x7f0000000240)="2e2abdfd1d2fbb926f91c774d9d4826ef13022a419c0fdaf210a96c9f5a6b2020217e53ca46dd4a5df58a176ecbc56f814931d1159ece6daae7a6bbb6df0704f50ec92797d2b005303da448198e1a70d741eb60358d1a3a11c3659742d30aa0ec566c79f84db242340b7c016521e269976839b438fb5578294ab26e1aab3dabee88f6983ecc41249410116da3ba174a3e8f6206dc2d6fae2af9c53ff75d0beaac706ee766a52899f9f3d106631b48d41c2e1b086c4c7bbdbd4633e9c028a21d2139a6667ee63fb79a256078f31f60d132d3bf1387ec231129f12a4f90eea85258dd00740e4c2c1decdef10f24b92ce71c4fee06998a9f41f74d2b920", &(0x7f0000000340)="779a69b3ca080848b633f7186b17d8d54208a89c99011e4cbca45943eae0d039454ba1a943b53482bb38577e0437c18ee23bbd93a85201048947b962545e7842fc07316b4dcc91f02be5a04a37f6e54eebeae34cc5ada7ddc8a6c4de67570d247dd7a5f008b3e0515a9e46eed13c44ce16383485677576535c226a6667fae77f95443198a2d33ba42743516b95c670c8fc40536155ba57c26b8aeb3dffa047cef01320109dd559f7639f83c0af84e0484e06526a4055e042fad0a8cd959985e120762ba91b520be436c7e3e5b92374eadff3b7fa15a056326624854d7aea4fead319b924f5b1ee51b9435162a69cdc5630ec4ef8b520225a0cd4ff40b2a55d345a6b30bd12c4c7137a2b8501e22f67b4cbf43d150df2e66abe65ff22248d0e6e2134fc1523052266f44643c1bd532253d63727e1c388db392149aa344d712ca6fb8b5b759244497b4c6be9eca8bf3c5daca48b8d94416c59a04c9bf2ba3581e27d16a8e069f569394d5a6d39b73cda7b16aef94a09c9b08f73653510e478ef47d02d1d702ad54a1c33b5c4e0532451e093296243f18eb91553a2ae0cd88636c019e8d2cdde80baabc545cf6cd6e04855420eca23696f79fa1499f8f8ede02fee0eb5cef2ef1c790482b190be1fb3c01f57a4126e38d1a98e78e2edc4906cfd32d36f5c3be6dab39f73683b60881c5ff3d3c93926e6cbabd101559651d8775b871d37dac46307aac1f94ae4657167339ef63b1cb782d97fa3e7dd6a21046d5039c8655aa40471ee5f0d146d8e531b9a219b5d263493e636350606eb3ccfa8d847e0a63e67c5854aba06115a9c80df409e6afa6cc50e3c3968f01e250ae3c4d9b4f8155856959c89238d98650709930ac4ea26b242e1874225dea79d581987761fc7b7573cff3e4b6cc8cae43947a507d1838ec1c6c22cd9d363ec18183fcb664de7c595af10837ee4fbf3ede603bed522abfc34987a855d83528a2337c4e305c52ce8fed2d649c0d3995a88ca3532ae4527423b3567666fd626ec18f8b907335663883cb4417475d0d2ca4e838a0034f97326d0b1f53e9c1e2a5ea63a01d0ea5006f3dad7fb40c30e70851546d5b8bfa98d6fa11b1a434aa491a2187afff748531521e438098ebdb66acbc223447857302d7f6070455aa355839262e879a3056d3b54811be68237ef79576991d9acfe09342f9ff388e7e0578f05510c42dd149a099bb87e89d550b394752008394a79a5a8362b65497b0748898cba8a9417012cf9e73bd64704ee366c22685aab3bdb4c57ee991bc5db776cb572ff31aa734c035cdf03540a0ca8253f4dd9c0d87c2913f2725229f07ddd1f3197e6a81c84a0523853dd9d8de3bfabddc0c3db739e5f1b732532089c87d83339ce6b6c42247a7f7245b2650ab182a28beacd6b1d0ae7c680c6cc2e43fb89c97380d6260ac1c04de246f3ae31afe96164facb7c1a49252c5fd1164346743ad7a8697e032604a7ce5e5c6191379347cc562260382dc017a0f7288f1d09b21c36985890539042ab2b9f89bb474af8fa16bdbef3ea04d996d937747b68e69153394410a9410934331b400ff402fb32a9d9a2746bc374757c0ad626523b5809783891fe9625758a84410b03db2fd637db155df71b0ea52e399d891f1ccfbc7d3af43d575f38038483bbf395565ea00f967d7e0f0f8011ea12b7fdc8a41190447498446557bc84b13022294ac8e8c67aa06ab8969eef3b26498a78eb95bf25d0099d527a18dd62e9be26d2cb613247e8f3a1fe1d07b3124af5fd0d340b7591e384e58fa3030c378358cf8c1575dcb1c1e085bc6067dae5dfe36b4917de6e338f323ceb87328f601f0f51155ea3ed8d0648d4323134b336d549ce109991c8f7a7696eb96e1b1a3f60177b2934ddd1917f83ee00e6dc1b53c43b1e516f3bb085e617257564f9f4baee299dcc124b76a8aaa0c4be5a577ff9c9ddc18be22a0e4645d73a7cbaee6bbabcc9922cbb5e5bc916bfe3035422db9dcdbab1c16b73208a798c5fa7bfdf94b1ab9c74f10b3b0252f36cb34ca7e938e5018eb7ea9289de4681672583cf1c515d25851b52b6472de7e0f7090d656d9107fd57d95854b01264cec22af6722133073c534272b4c1ddc3130775c0bbd5c4183d3615156be6270ebe54a914fe4fb2275e4d52dc118816813a09c4326863db8961974b42de3f66598fe1111ca208835e85311cbf27b56c52f23b0ffcaf63a52ebf3a837647674074653a82a29d9d77d7b054bc13c3ff9c7a794af55987da382527279741f56220cc1b48f66fd70de6dc14111e64451d6d5f6f487b1f40e1133ddf1b886ee35691ebe281492e3c5e7e84a0973c1dec7361a18d112d5ddcf21c2bd25dc0babbd8680de54c573c93a7b21d48f8593b7cb3bd1884904a1d9ba9e36d4884d4e96c732293a62db1c4f5e8f26d191dcec6df958411ef5a0999ef9290c7da305b42a4f1a03760188808a48be31b8b3e62dc338487493fe31f211181c66241d9dd628e847d5afe0744cc20f4d8499bf929ab6cca8737a43cd3b9237e609c39154b1b8023195bf6d24e298a25e78db984c1950bc705e0faf999a8bb9243aaa810aa0755e6da3c5b908e89148cc58fece50d4ed87aae286807399faa50b0c1cdad62f01f399180ff5ed9985c9412bc7df7b3acb6d114e2aca00557d6b1f2c5bf805b3642b351fd92ab340351d041334d3030e612d0e39834b6b37a62f09553ce6fa8d6afb56a080bfccb9c78f7327c424d86f5988d6ae891d34d3e19aefa7759674ac9772c38a42fa905ae168f63d197e551e634e31bcc346beb0c1b75e2bb4adaa9b0f0eddbc9e82ad6c3885a4d4d906c5c16a000bbb6f6441cdc2a7f28b1d63dffce50540e00d69f8bde00a63271ffb6cbe89d90d671c7b253ecb558dadad753e4bc354a11089ec9c0a2d675dc862155680163ae0af952ffdfb4971c2ce5e492dc16461d2cd3a324f00ccaee9a80fdea825fc832a9ed43d051495fd9a503c602fb793400886c7d111b38ef5c780e0e208a737936bacb89c39142fc381d7453c83992ec1d2aa3c3bebda85f591078f7dc4082ebaf054338a2a7e366f7fe006ed0a7784d524449d3b7595118dac846a88b836cd54b2fe35300555277b01c5aa4da8e7b57b95985318742254bff8b0f8877cb8fe7e48ca8ecabc9468f2acd43ec1f53343dc6cffe4d7d99286b99f9835387f89523528f69db1587b3b6a48620aa512718ef090da0034e81af83dd9d71a930797b810e6c939120bd2688e4147af6d39f385bbf247d9e787649d5a8c5f3f8a519c351ba5c0063a863b035673cb7b67d970cf303e56b12db07833f7a38b824476f109acd666cb7c245028d9050dc5adb4c11e3458da8f5889d713e372240fdf0ae6744bc372ca950ca3eb74ff9b124593c0a969291b09dd8ec1c67e4c6d6f8145e4459f1fe249d5d67783ba304b889a2e39569c6eb61d4c62cbc6f2c87ebe67c1e80f2fb7aac500d5604a2c89b95f40b7ba3a566cb2f422c99b2e7896c9a515886454c6c9b052636de19d73ec54b8fe4ad0e4338e11f5320ae1b16d15e1a741d066504205f04b501f8fc1800edc8f3fb5da84b8e5b9a65a7b2ffabe821c86d3146c0a559f19f74518c9a5e7e54f6d8f4f9f0a8bab29c3c97ced4b5ebb5ab5f47bad41c778b58e88a8591beb76310cea1560ab02d84442b3a6cec0a83b4cc241293380daeb9dbaf2eb83203682b0ef52316c064a9ce3c0b42a146a9bf02509225c3e9a1bab6545a487453c91811f994e2ade3b255c4d5f669f3a1b394d51b068d5ba0b9a18ce4b07d8c843894c9aa69d42aa46185c5a1498d693167d52402a30c01abc812b42f3225108b96142f4deee1f653807a68f8be6b4545601ad7aab67e7ef5d95f3155f2d36f95eb04fdbf638aea736277105fc4e4de3e73e8b7bd27cf6799bd497c1ac1fb04141215d1ccea1c9554b8496932bb0e5210d6e0469553766732f37b71ae9bbafa29afc742c6a2fbac9e79fedf2226b777d89ae98ddd6ea484e0d535629f4705dd5efe832fa2cbb37bf79aec75d9d681b2f02bb83bb697c7377a5c40965f5ab2ee229090a35f1e4c2b82411b4fbd2a30dd3c0fa0d9d53e6f9f98ced13c5f5cc868292abd3af823325e1fa9c53754cdd09149fb8f0c0a9fada6fe9d0e56287d59192808f04b8c989e994ea39e0d9ebfb701ccfe704cedf2d9e5c572c7f17c648e90f6c1b8b17eddf01de5f055bba9b7cf964fc2b8552d3e9c483a10b7a7114889aafc955acbfc03f28915886b10cf2edff0d779b1dbf6d4c2ce4464619caebc2b5d1ae277a141600a65d05fa9aa50e1edb873409a01b849099c874f33f5ba401212f5d872763aa0cf190c99bfaab4db346de1b31c62941e2941f90b1404065905d14e175f341dc21cb3c718b754b6c0f620f42f5c9da3c0d1198018faf02adace7dcbf019802eb2f46f8208b8dafb070db2990bb2591090640cd0dc32bac40eb6cb3cba6396b2ca38604852816e78f62b9c1e15e0699a40de067a96341e1fdf526250015fa0dbabf5b7572c21538162e94524acbdbd709f2cd6a6fd5d7abccc78ea04342a7f421109994a6e4004fdbe05d439b6c40844a4a1dabf9fa7a915f12c236068d4b1e90feb80fb90d58d9d7b3b2a5e916b75d2895e9242b71450c14dbb63286b425c45cbff6630ca2902e53c255cc4ef0679454d61b52de314d8dc76f1784e8770e8f09a3f5d1d02b72bb4258558730faf1c2db81fc4f36ccb159d874bca58e5b1dcc51e099ca4701b74c8eb38434437ce1d5bec29b5711194d215b2c40a330a012988c05525d2c9822dac392dde54ac37aed3a5192763fe796676b6013662614e78fc0c3d0385cfbc55e07b858e6525484105574e18357db521b67ed48a9aa14482344dbbd6a1670c0df5a091428e083d1638a2e26f1497c281ae34500cd6b54f1ddbbccaaf17c14c1aa4edaab4f9a50e00bdb1b1a1681baaa061c5262ffff7f0bd2c7602c08384d6fc76e683751ff074de5196b5ea1e09e6fd0bf69464324eddf80d7022ad36e0c4b20f794e876299b8304e1eb0c4d9f8bca66774cc1c1e7da18457356b47a6829ebd90ac0c403b06dd9d268de3796dd5a9c9743dd082edcedbab1f1f41354c5f7d9a437d78234309c1a7b087ed4e01050dc931f3485225bcd80f7d6652fa151bbce5b3026b384acd0cb972925cdc7505bf3c6dbe4c22b6c623714fa2be26c023a82d42ab23e3e97ec3e297264d360e9ad3c2aee54cd4a5c45a6603210a1631edd16ce1ac9fc9baf73ee84306673bee9b5836e8c31e5d33a7896bc82d116577cc71bd89bbe6ea17890e60ad3fc89b8b4a7b11285bb8e66f5d3cc1caf511f9f4e98a23978d614544df608afd0a7c7d57b7a3f5dbc948d4777e904f8a464e0c16405d6860f53cb910ef0b4d973a46c9aa935b817f876353bc8d18fa4157b8fa3219fcb9646c4805d2e286e628f80f2ae64d2cb4afbcd06da80fb8c6ad110dde0a42624644af672e145943ae347eb284ed60af3ee8fee0a08e86660672afee1e192b08f20657500d422b361e5ddf1b7fde29f4985ba47bb9c0bbb6fc54b2ef7adf2d317361f217c03266e2502a6f67b2928b3846b58d757cc99b5a8801a0c2f1a72a0f9cade629910b74e2b6522dd67c27c5bfe61fa6b6d2d3bb21c7a8982b390470c8047016a272096a565c10e2547563f133e8748af1494b65020a6deb434e6a479f5c8caee91d0cb79f4118190e4777a90a40a26b17fce6896294d8b8e01de464c598966c0bd7dcb495c8f26db562"}, 0x40) 04:50:49 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:49 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b30000005f3f000000000000000000"], 0x38) 04:50:49 executing program 2: r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x81) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue={0x81, {0x81, 0x1f}}}], 0x30) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) 04:50:49 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x3f59eafb4b4b32ee, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 725.405481] SELinux: ebitmap: truncated map 04:50:49 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = memfd_create(&(0x7f0000000080)='\x01\x00\xb9?NP\x81\ns\x04\xe1\xc4\x96\xc9Vo\x04O,\xf2\x19-`\xa5\xc3&\xb7\xe0\xe69\x8f{37r3\xa7\x90u\xe7\x96\xa7!\xb27xw\xfc\xe5x:\xa7\b\x90\xeb\xca\xe9\x0fLW\xe8\xf08\xa5H\xc7S\xbc\xf9\x0e=\xd1\xda\x1b\xd2\\\xb9\x94\x8b\x04\x00\x00\x00\x00\x00\x00\x006\x16\xd2;\xf9\x05\xa6~\xd1\x05@y\x918\xf9\xf9\xa8(H\x12~\xc4\xf3\x8b\x1b_', 0x0) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000003c0)=0x17642c4) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0xfffffe4b}], 0x1, 0x0) sendfile(r0, r1, 0x0, 0x102002700) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) getsockopt$nfc_llcp(r5, 0x118, 0x42d9e06366fff8b3, &(0x7f0000000000)=""/120, 0x78) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x1c9c380}}, 0x0) gettid() tkill(0x0, 0x0) [ 725.487793] SELinux: failed to load policy 04:50:49 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b40000005f3f000000000000000000"], 0x38) 04:50:50 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:50 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sysinfo(&(0x7f0000000000)=""/47) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x0, 0x102000}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x276, 0x0, 0x0, 0xfffffe3d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x73, 0x0, 0x0, 0xfffffdb0) connect$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) accept(0xffffffffffffffff, &(0x7f0000000040)=@ethernet={0x0, @local}, &(0x7f00000000c0)=0x80) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) [ 725.677174] protocol 88fb is buggy, dev hsr_slave_0 [ 725.682443] protocol 88fb is buggy, dev hsr_slave_1 [ 725.693457] SELinux: ebitmap: truncated map 04:50:50 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b50000005f3f000000000000000000"], 0x38) 04:50:50 executing program 2: socket$xdp(0x2c, 0x3, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) getsockopt$XDP_MMAP_OFFSETS(r3, 0x11b, 0x8, 0x0, &(0x7f0000000000)=0xff64) [ 725.779171] SELinux: failed to load policy 04:50:50 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TIOCGSOFTCAR(r0, 0x5419, 0x0) [ 725.827584] protocol 88fb is buggy, dev hsr_slave_0 [ 725.832900] protocol 88fb is buggy, dev hsr_slave_1 04:50:50 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='comm\x00') syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) pread64(0xffffffffffffffff, 0x0, 0x360, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000140)={r1, 0xe9, 0x3, 0xc99e, 0x7fffffff, 0x6}, &(0x7f0000000200)=0x14) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) connect$ax25(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000785000), 0x34a) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [], {}, [{}, {}]}, 0x34, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000500}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) dup2(r0, 0xffffffffffffffff) 04:50:50 executing program 4: syz_emit_ethernet(0x13de, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffff0180c2890302910006008100190086dd6076605113a03afffe80034300050dff00000000000000ffff0200000000000000000000000000012c1b00000000000004013701040000000005025a65c8cee1743d43ba5b2d73b76b6317b44676e6ebfe83224f8d05d1a290baadbef7a869128a2255e2a3f3e33f49ac00000000000000d0275405a336cd232b347a7223a85618fa689a2b65ca21831f49ea8fdc0c6357d61693e2da761118d0ee354f69f76b6d07f0b56dfa01dd25209aef89c3d693fd6fbc9115edac7f00a08f42ca0d1070ad76b2cc0ff71e28aa6919dff8859a405e161534ae1af3c544533e9977d1ccf1318ff15a7989b56138c4bfb8174d66c52c32d7e42bf9099271e624e7e82b544bd4fbabb5a5e2963c0a744c02d60000000012000200000000fe880000000000000000000000000001000000000000000000000000000000016a1fc883de74f41a336566796f850f40ff0100000000000000000000000000017d9bbc5ed6a620dd773b73096857c43e00000000000000000000000000000000ff01000000000000000000000000000100000000000000000000ffffe000000100000000000000000000ffffac1414aa161100000000000007180000000004000008040000000000000009000000000000000300470bcd70cbba61ca4f0dc413149d7d5236cc36903fc5662f8641a0b6b3ec83527ba6158c9514089f02462838b9b7d89ab1f94b27602557ddfbcd21ae75c5997b2670a7457c00276ff0493d076c7ac3a7b910101ab7f81cb55c020d3eecd6055b2b5ca0598c833cd2f0b111ea3b9e220e567e53de385c4317c48d784613028cbe274b147945c9339ba584b3c4ac55638d468c52d41aef90ca0ac1d1e1d0d634e41d497ebed694e3bb434131032f5ecaef72e91451d09a067ecc9c25da4c47fbda97ed8ffb3837175938136781049f301d48a89caa4d5113ba8d3c0cc57deed202964c50895277bb26b5bd1217897b2282bb9b91a0a2c43768f917c2a27e94a7ef7724c24745469770b602c8829540fd4f05f10bfe3fad2f9f0d0a68f287cc09e069eb12ac762bc4e951d6cfa688557c3dff3a9ebef6a89f2bf5e5e91c1cf8018e2e0e085dae727827044fd3c4e542e8c5afa0e3caeed21921d78a75a3d28efde2f0a39fec271a50f3cbefe5e7b4feefd64a60ac0951f7f144c3a61f0bec19c443a9450716b5cb59b2d456a365f293032c4d6a15218ab677aa4d7294aae3d400cca72585d76f5a4ea6df3f70ebd5961b8822b7c14f8bc7c673ad9dbbbab990968faf2a0061b795c73955b0c81fe3dfb8e1fe7ed6ba50840c1205edb84a1840a9a5694a7ef3ec1b59788c949837c31596812121eb2b095c45ffdf1f4cc462f3854fc213a43d0bc18cba466d0bdcd5e3fa215ffc3403fcbc5c7fdb407f643ff417a370e3684772481586644b590c9f99371ae3f66f7c88f337772bd07d500dac7a4e2efce18566148118395ab9171771c7f10c3dce7e97f1a4344706c0064303742fd17d11af8550ae692f9c9e894150e034ae2734dfb28e49d7356ca698d338506a7c5fed411e5997f38aecdfd8c3c5b37505182a8c0e2a9df4af9122b12567f38b790025a67bb9dcb7403ccf8c10aaa9ec7d5dc2dbf146e4c3104ed3c89ab625be88f659dc9eed0d020938befaac8bc6cef6db226f9ddf2c13f81b84831fb196b8b164a07bcef031bb1e98e27ce564395d76690ef8f9b3cb9fe0c2bfed18884011227b222ce2f738d76474d7114058566c485823d0be910feef86c3a1315949243c2840370115f4c0c8db5988603a3c27010d7fb719bce66347fc1f44319ed353ee807cc2f2e35e9bf9c84499d7d7a30fbfd38acbf613f16cf8513c52e625a361089554640527921dc7c505cb4efa973988e25564a314a20c1d3ab0a76779bad05132eed507650a51a1de3e9bd858dd87409fcd1c554e28445531bdbb433ada454baea5b1351bdcb80bf9e643bd3fdf2692f4c8e22896c5d7ca468572080dc9a8ed4325bb1b13ba690cd6145c40c5e5d44ca75101e1f48331519be0417ad81e26a33e96e259cea49423482d2fb2e6d232a639538a1477616b7938ef33123c4a3aa484bff29801c6b8cef6b898560c626fbccdc0cb9bb922238391c099e4a95091f8b2b37dbb2bd10e5a948f046251b824b8edac5ad157ba9caff7ad0f2fe8f375ba7d4ec92f3bcef5260891e3a43f90c82024afa527ef1488efda745d657c3e83cd7d21ca6e1c03b4ad281d021ae3d9bb674c84a5ee4c35c8923ee99723b54f5cda52ebe8e6415418f3e5c9e42eea36b2b5620db679ea44c87a083f86bd6bee7928c206d99b6601f53c4ea0c80e97ab4645afdeecf43233bdc3044ee00a4029990f3709d6f573893915b57f6a1f7b5484027a86aab1c2e9b94d2ebbbddb8974a3c1d8e3ac3935d3da07d54caad6c2e77e7835e757c5039dff9d35733f76321f99d2b883bb35b242d56f3631a03dccdb121070a27f06f64df7cdbc234243c8585aef226b8aba6c9942b71f717b62a116300faae9bd4bbdfd008002dcc10f8bcd434af2f55939d4737c862e2f7b55638ecadc5b5cce545be5bcf14207637c3840a2ffe2577dd4ab7c8ad02d4b8852fae2f3094faa3da38f0ae33b60c94e6b640815d3b78385bbd30cfea3ebc749c16fec406a4a1a05a5ccb4ac15133a0b82f24e253322250099d8764e90bea2075e506b9e5ca38e0cfd8cd2fa46789196fdb208a3dbaa13e404964ffb72c8cf8deaa179b27b649bbceba77f9673d66cd6d3ca4bb5c6f14f8e0fbc149b877bca9406a910c5339ee538fa518a290bb5909fd5b108231d2de71c73a1bba9e98379207f4558b28eabaabc520b8a0d2be4a839adf765c865362bcd92c16f5acde2087408299ca50240244d7f3d9dfade9750fc5380c7b97e968d437be0521b3feca5656141b7afae235f9c4de4d01b14b4b3b9ea5d7fee97fd70b0ade326f6cf002ca1b38cdbb5ccbd6559749d5577ba753ba01398b0f3700254ed667fbcf650faf732c4d5a6cdb903393164c1eaa4b706de4b13ca7e59e2c75cffbe615619050c17839cd4390b7e6dfc18f1317012637abc7ac76d7fe0504ff2304a6ed23a6c6ff3432a0e4405674d720e3fc0738c4dba8bc11a7cf117c4a7c96854848e93c70277fff52239874a7880aefc56b677ac8d9f2780f75dd2fc0aeb5ea75f7eae28738360a8ee57e99872a02fdb44afb29b5ec7a5028b7832ebe0ed907c7aac89899fe3fd8cdd6e8de5fc6d83530795d02b4227bf3aff4fef55fe524709dfff55cbfca8c1c77b912c0059b2bc0370af12d705af0e82c1bea4021b44eb2e12d260d6fc3e25d839872fdc4b585fc039761f9e1c39d147f39c769f79f92346852d58548b70000d66d3b3f8c94c3950d2f5db15cc506ab19fb1f21a8767952721b33cac2a83168bc6ca50a1509bf86c394183649d6f02669fed78b5ac018b13e46ce0ebb1d62082ed312773e60bd53d4912cdf1b621532f7a788e2f6ce33eb2dbe586c6594d7e1f4fb0234cd541a1eea3154d45de60c86b837edd1557660d71f6ad2f19337b412024c307e6e01f719ea2c2477db65e34da5b59bc85455e47af71b8761f723281f0b842698279f0a9b517f228441da69d0e4210fd632ee6cf0d8c135b60cb17e8c75e0c6dd6727203f2b3c982ceec6bfe1a7a0a3cd6ccabce3610ac93cb10a396644b26e4dfcfae164a78e0b4795b0457c28d3bc75419ba95fdbb181d708a6fbaa8f1723303d2e5e98566edda8ae4235675e0e36230f299e7793d885b4c6773f008e4ef5e300f5782a9ebd57d27099a61ae89478b0e948782b77c55e24aa4df229f4255aa261b058618696c27561751e9b943e0b139c8c37244ea3f63b8e8e8f628c638219158ae5800ad809c9da49461488d9992fa99c4f01334cc2a595d61fdac948efd4b0160673ef2090099d5be42aea0152357e91059e070dd2ea760f988432e60b109f7439e08130e0630ab434d0ef1c017115bd2552e33abc92abc1dabbf47d96b75e3dde325b3f3bfd8ffe2a8d025210868b1d119537151f1f6525d04dc726392af76ec8702e5c347e282c5a621ec7e02d5cd502a80f6f26a546d488135310b21b3b19d1dad838b435fa8499aa9e8e0d8216619ffc984bcb9c733b5ead2071cf3cbe3bead6818506f50eb6606c1b798e16984ea75957c5cbc79552f72ab25a913c666f447cc3d9bf3fe847617162bb8e5142f4c4c1b35c1c0a2cacecf509cf7d98a760214453ac555201943aa85eab842a8f8edc589b3ea2cb710bb103802de4ae38682313954c830b7b85fc89d9a1d44995c8c744babd2e4b26ff6312fefc7990963be5d92f34eced4d8b428f2bbac802dfd360679fda9c45f8e29528cbf151cfc62fdb1084380f1a79b84792f3e14eeb2dbf15fd9c2d31cf3544112dd932d17e888337fbc25c8cfa854972760363ee8d80dbe8bf8cb5be2ca1514c66e7455f07cc6670532832f46880afa56d3463e7e50aa809a99b0eeec0e778100f8b656b74a936a1ca383078ba62321d064ec43e3b067b1f4be04bc2b700481da41e8ac68b1079b34fe8620c6077dbce1ffd6fd0d2d80fce202d45b0c8e5e3f2f18885eccc7fa08c3b2f9005cb4d62144b033ff28dc146d7b51cd8601bca4195c9f7538e852007b87b16f310136518259997f9decef7b1949ad9f3712d586daff0ae334335faed2a4edb7d3290c1459bf751090f151dcd5f347d25707b7cddeecef2aed3de8cc5536a3fa8a3768e3ef61d026521fa6c15300f5c46dda4f0989311dbe2b6fe013333041e2d36ce2b196ffb2f2b684f0f8d213e099547030a1dcda45d0f738d02babc6aef6c19c9e0d6213b82e9b674c5f1b9548ee4c59f295a6a99eacb1a4622e8da64e8d70c7ebe120512629becf792bbccd9e0574fdddf3380e42c88ee36aacfeb4da815c9ebe45baa3b6cffb722611321c2bf0e085235ffee212fb08b0ceca9eaa758e17aab4c7f8e917f9508022e1f9d2586fb2d7806ac1034bdd37cb1c8ac1c593a22ce6ed12aadb042866926d4c7611040e1baa5655c42d8f42835443d3b2e577398335975badf11ac3c84852adfafdeabf7885f3cae3aa4c6cea1b7753f11b3e0d2787110b7864c7977d9636c691defa8e27415813f41774be61459639029c65ce052582aed216cb2af2c4bc7c978edc14c785ccd8e2c6ef8a8bcfe8bf5675072f583958e4cacf95f2611536162225b448cb111ab76feed2dd3b87ca4a1013d8d9dff3e5771ec5e7b38b6470537e6779219a641c3d03fdf453319747ac9b78e356d52d52651a983481b156f12938f770367416b3c30c19280cc068488d26649f4b3778802db6c2385169595b4f65285b547a162235c8f19f6eb0ab239d0e9d655feb58fab23b35ff8fb0e832ce8f8fca4fcdaceb6eecfcb3b08117aa0871749734d423181347b4047c5fb0d540c5b5c9c2461193c68ab689799090426b61ade6fb0c2d5c251f93ee3b95b63fd4df42e8b41ed43b2a5807da007fcf96b25e433e2b9f5d92ea6d9d87029b40b0bf72a02b9cd0eabc6d9decf9ff6e52638f118536bf3dd39a268857d7808bedacbeb29e476e27100727d1a9fa733049e18b4cd6204e8023f4fa19300524ece2492d5b05e836a41efd6ea83c8403136b77b383b04a4c9e8d15b33cb6e0bad8329019c07c0247d705df2f3f60693bba9182acffd7fe31c3021415e6b447b3741cc754227f52eb953a0e26d7456ee9f5cb77e8f5b3b5cc1c66074296ff1b4e2e39c6d05a9ca2da5dc94c22b08dfe7e732b9521835a1116ee8bf2a612a3bcaf22b738ec14ad7587b9f78317056aaf0d2d1e8b63eb3b43d17cfad98caf92bfea09b3723c4dca1d99c29c882d286b611606b241019a62f515ab0bf6d5f56c2040a2ed1c1cc3624159d5e5b35717fce01a56ef246394f9e9bed268365a6ea8a0c247c0f06e8cfc34af3521ae8dc0c4c4c19bf341add9e0ab6ee5482b7f8ca94168096710735a4754478fe837f9119dee766a831b4bb9c0c3fd6c36bddf85635776c7cfe81f326fc511c26b56087a1c417c8ac0e1e69ed7ab6a812ffa99fed552ca40f0a7a4c2b420b952edb973f4b991834b4e56d777fb4922ef7aa12cfcbf08fa5e761ef6406ed5503038a30b409b424ce575e652594df37807a02e66baf51fbfd57444ce190390853d924efecf3aa07d176b445f40b3f8acf04a2539e94dbc0866885de08c469fcdf7af30927e4f0170852d4070d9a31a08f2bd4ec35317eb220e3980c08164b2c2c2967ae3c2a92cb1685ce58d816a97158cedf90b0b1c693fdb3c3fea295ecc3fc0663eb110e82231628a3c621c63e740cc9146be11af006a77dbd810f0b2a4ba431062837766a9c13790196ec69872f3a512c2a596a89089b71b428dfbe56da07200000040106f8ff01070000000000000003000000000000008a0d0000000000000710000000000200010151750000000000000401960738000000050c017123010000000000000008000000000000000100010000000000529e000000000000e707000000000000ed2a000300000000000000ff0c000000000000193ee6153944202bc240ef1d781899d3faa5c0d9b1d8c7d77c23ee00f5151866e4d935b042aa28b914eb53c9d877f584f6891390a2af6e2511d00050e65ba299c20400000005040100c910fe8000000000000000000000000000aac20400000040010200000000003c14000000000000003e5d84fc649f657ffa7a75cae43bcecc117e248d95879daa276c2f778eb8ee787e5a4300d0e7303046d41aa86c999dbf5c928443483ea42b3251338c09bd54045f7d4658541520a14b5c64bdf3a72891540f960a280390180e03572b15d9e140fbc6eccb0e789ec4dd56c027b9c7dcf335e65ec13add0eb617c1e7e89c616ea7860ce3339ee71cae8fce3e8c6b0984140c5acdf449a3972d0b6475217c68f088000000000000009d0604030620fdff000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000860590780007080060c5961e000000000304000028000000180300000500000111050000000000000000000000000001"], 0x0) [ 725.937637] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 725.993021] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 726.013912] CPU: 0 PID: 18629 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 726.021231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.030724] Call Trace: [ 726.033497] dump_stack+0x172/0x1f0 [ 726.037154] dump_header+0x15e/0xa55 [ 726.041677] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 726.047014] ? ___ratelimit+0x60/0x595 [ 726.051014] ? do_raw_spin_unlock+0x57/0x270 [ 726.056053] oom_kill_process.cold+0x10/0x6ef [ 726.060668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 726.061038] overlayfs: conflicting lowerdir path [ 726.066498] ? task_will_free_mem+0x139/0x6e0 [ 726.066513] ? find_held_lock+0x35/0x130 [ 726.066535] out_of_memory+0x936/0x12d0 [ 726.066552] ? lock_downgrade+0x810/0x810 [ 726.066570] ? oom_killer_disable+0x280/0x280 [ 726.066584] ? find_held_lock+0x35/0x130 [ 726.066608] mem_cgroup_out_of_memory+0x1d2/0x240 [ 726.081357] ? memcg_event_wake+0x230/0x230 [ 726.089531] ? do_raw_spin_unlock+0x57/0x270 [ 726.089548] ? _raw_spin_unlock+0x2d/0x50 [ 726.089564] try_charge+0xef7/0x1480 [ 726.089579] ? find_held_lock+0x35/0x130 [ 726.089600] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 726.098174] ? get_mem_cgroup_from_mm+0x139/0x320 [ 726.098191] ? find_held_lock+0x35/0x130 [ 726.098208] ? get_mem_cgroup_from_mm+0x139/0x320 [ 726.119834] memcg_kmem_charge_memcg+0x7c/0x130 [ 726.119851] ? memcg_kmem_put_cache+0xb0/0xb0 [ 726.152798] ? get_mem_cgroup_from_mm+0x156/0x320 [ 726.158342] memcg_kmem_charge+0x136/0x370 [ 726.162667] __alloc_pages_nodemask+0x3c3/0x750 [ 726.167337] ? __alloc_pages_slowpath+0x2870/0x2870 [ 726.172598] ? lockdep_hardirqs_on+0x415/0x5d0 [ 726.177202] ? trace_hardirqs_on+0x67/0x220 [ 726.181633] ? kasan_check_read+0x11/0x20 [ 726.185853] copy_process.part.0+0x3e0/0x7a30 [ 726.190532] ? mark_held_locks+0x100/0x100 [ 726.194777] ? __might_fault+0x12b/0x1e0 [ 726.199003] ? __cleanup_sighand+0x70/0x70 [ 726.203240] ? lock_downgrade+0x810/0x810 [ 726.207606] _do_fork+0x257/0xfd0 [ 726.211065] ? fork_idle+0x1d0/0x1d0 [ 726.214901] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 726.219746] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 726.224504] ? do_syscall_64+0x26/0x620 [ 726.228473] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 726.233874] ? do_syscall_64+0x26/0x620 [ 726.238142] __x64_sys_clone+0xbf/0x150 [ 726.242234] do_syscall_64+0xfd/0x620 [ 726.246154] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 726.251394] RIP: 0033:0x459a09 [ 726.254748] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 726.276671] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 726.285564] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 726.294477] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 726.303880] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 726.312699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 726.320786] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff [ 726.356784] Task in /syz0 killed as a result of limit of /syz0 [ 726.370861] overlayfs: workdir and upperdir must reside under the same mount [ 726.381657] memory: usage 307200kB, limit 307200kB, failcnt 3860 [ 726.407454] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 726.415398] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 04:50:50 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TIOCGSOFTCAR(r0, 0x5419, 0x0) [ 726.437542] Memory cgroup stats for /syz0: cache:0KB rss:231852KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:231916KB inactive_file:0KB active_file:0KB unevictable:0KB 04:50:50 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) writev(r1, &(0x7f0000000000), 0x1000000000000285) write$binfmt_aout(r0, &(0x7f00000005c0)={{0x108}, "", [[], [], [], [], []]}, 0x520) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) 04:50:50 executing program 4: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r1) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) setxattr$security_evm(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "26aa8bc375ece42e8e3ca26415089357b3f93cd8"}, 0x15, 0x0) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) bind$unix(r3, &(0x7f0000000040)=@abs={0x2, 0x0, 0x4e24}, 0x6e) socket$vsock_dgram(0x28, 0x2, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r4, &(0x7f0000000600)="f36d25374f71bb69e23a8c5b8364574964bcf83fb269eb434b32ba44fed19e4d58b331bf1b38f9b1498ad29712b1cd688f223837c5ebec2df955bcad7a1f12c4754541edc2ad05625a6c85b68ee2f76b0c53b4779d5107e71ea5101beb788d0f800f4a45c40aef234b4a78bccf2b436ed67d6db779de0292389b6bdd30fcdee9293a79405186bf1e180800da4a84c41857b3c6ded6f88c0a6e40288fe560835378ca26edb825bf75e7ccf353b42b403c7077b5d1ecf0acbbd6db18ae10c3ec93663d0000000000000000000005da6e74983fa4b8eb6caac53f20b20abd48990d231e52916f26bf4dcaf00549440f7ac380f366d5e64f8a522e33a0d7a5f174d42fd55b305d493c4d3dab19183dda49b0139df76e69716aa39f8ddc71769fd2947091690000000000006f6d480ae140555052229181860ae35c5e780e621ad87f6c8dbbc92e73682f0018", &(0x7f0000000140)=""/233}, 0x3ba) 04:50:50 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$inet6(0xa, 0x2, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TIOCGSOFTCAR(r0, 0x5419, 0x0) [ 726.515013] Memory cgroup out of memory: Kill process 18610 (syz-executor.0) score 1113 or sacrifice child 04:50:51 executing program 1: setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000040)=0x1000, 0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={0x1c, 0x0, 0xb, 0xffffffffffffffef, 0x0, 0x0, {}, [@typed={0x8, 0x1, @u32}]}, 0x19}}, 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.origin\x00', &(0x7f0000000100)='y\x00', 0x2, 0x3) [ 726.630864] Killed process 18610 (syz-executor.0) total-vm:72844kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB [ 726.632888] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18652 comm=syz-executor.2 04:50:51 executing program 4: 04:50:51 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 726.772555] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18658 comm=syz-executor.2 [ 726.791959] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 726.803489] protocol 88fb is buggy, dev hsr_slave_0 [ 726.803539] protocol 88fb is buggy, dev hsr_slave_1 [ 726.847187] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 726.873643] CPU: 1 PID: 18628 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 726.880649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.890205] Call Trace: [ 726.892834] dump_stack+0x172/0x1f0 [ 726.896576] dump_header+0x15e/0xa55 [ 726.900412] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 726.905890] ? ___ratelimit+0x60/0x595 [ 726.909798] ? do_raw_spin_unlock+0x57/0x270 [ 726.914384] oom_kill_process.cold+0x10/0x6ef [ 726.918917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 726.924838] ? task_will_free_mem+0x139/0x6e0 [ 726.929847] out_of_memory+0x936/0x12d0 [ 726.933877] ? oom_killer_disable+0x280/0x280 [ 726.938487] ? find_held_lock+0x35/0x130 [ 726.942845] mem_cgroup_out_of_memory+0x1d2/0x240 [ 726.947744] ? memcg_event_wake+0x230/0x230 [ 726.952221] ? do_raw_spin_unlock+0x57/0x270 [ 726.957053] ? _raw_spin_unlock+0x2d/0x50 [ 726.961238] try_charge+0xc4e/0x1480 [ 726.964978] ? find_held_lock+0x35/0x130 [ 726.969169] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 726.974317] ? kasan_check_read+0x11/0x20 [ 726.978833] ? get_mem_cgroup_from_mm+0x156/0x320 [ 726.983887] mem_cgroup_try_charge+0x259/0x6b0 [ 726.988599] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 726.993915] __handle_mm_fault+0x1e50/0x3f80 [ 726.998357] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 727.003514] ? count_memcg_event_mm+0x2b1/0x4d0 [ 727.008536] handle_mm_fault+0x1b5/0x690 [ 727.013056] __do_page_fault+0x62a/0xe90 [ 727.017152] ? vmalloc_fault+0x740/0x740 [ 727.021555] ? trace_hardirqs_off_caller+0x65/0x220 [ 727.026845] ? trace_hardirqs_on_caller+0x6a/0x220 [ 727.032023] ? page_fault+0x8/0x30 [ 727.035648] do_page_fault+0x71/0x57d [ 727.039625] ? page_fault+0x8/0x30 [ 727.043212] page_fault+0x1e/0x30 [ 727.046772] RIP: 0033:0x45c3bd [ 727.049987] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 727.068958] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00010202 [ 727.074698] RAX: ffffffffffffffea RBX: 00007f5e2cafa700 RCX: 00007f5e2cafa700 [ 727.082171] RDX: 00000000003d0f00 RSI: 00007f5e2caf9db0 RDI: 0000000000410740 [ 727.089556] RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa9d0 R09: 00007f5e2cafa700 [ 727.097021] R10: 00007f5e2caf9dc0 R11: 0000000000000246 R12: 0000000000000000 [ 727.104757] R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 [ 727.181917] Task in /syz0 killed as a result of limit of /syz0 [ 727.197237] memory: usage 304832kB, limit 307200kB, failcnt 3860 [ 727.227178] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 727.253665] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 727.265656] Memory cgroup stats for /syz0: cache:0KB rss:229764KB rss_huge:194560KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:229748KB inactive_file:0KB active_file:0KB unevictable:0KB [ 727.292054] Memory cgroup out of memory: Kill process 8829 (syz-executor.0) score 1113 or sacrifice child [ 727.302233] Killed process 8829 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 727.380667] SELinux: ebitmap: truncated map [ 727.385265] SELinux: failed to load policy [ 727.419218] SELinux: ebitmap: truncated map [ 727.425147] SELinux: failed to load policy 04:50:51 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b60000005f3f000000000000000000"], 0x38) 04:50:51 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000001c0)={0x53, 0x0, 0x2b5, 0x0, @scatter={0x34, 0xc1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/193, 0xc1}]}, &(0x7f0000001280), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc070d3f500000000}) syz_mount_image$ntfs(&(0x7f0000000280)='ntfs\x00', &(0x7f00000002c0)='./bus\x00', 0x0, 0x391, &(0x7f0000000300)=[{&(0x7f00000003c0)="fb", 0x1, 0xc11}], 0x400, &(0x7f0000000480)={[{@fmask={'fmask'}}, {@fmask={'fmask'}}, {@fmask={'fmask'}}, {@errors_continue='errors=continue'}, {@errors_recover='errors=recover'}, {@errors_remount='errors=remount-ro'}, {@mft_zone_multiplier={'mft_zone_multiplier'}}, {@dmask={'dmask'}}], [{@smackfsroot={'smackfsroot', 0x3d, 'syz'}}, {@appraise_type='appraise_type=imasig'}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@obj_role={'obj_role', 0x3d, 'keyring\x00'}}, {@dont_hash='dont_hash'}, {@obj_role={'obj_role', 0x3d, 'wlan1vboxnet0GPL^md5sum:'}}]}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000180)={0x100000000, 0x5, 0x10001, 0xedc, 0x5}, 0x14) bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x1, @loopback}}, 0x1e) ioctl$VFIO_IOMMU_UNMAP_DMA(r2, 0x3b72, &(0x7f0000000040)={0x20, 0x1, 0x7, 0x1, 0x81}) 04:50:51 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:51 executing program 2: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5, 0x109040) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x4) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) ftruncate(r1, 0xffffffffffffffff) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) setitimer(0x0, &(0x7f0000000080)={{r2, r3/1000+30000}, {0x77359400}}, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0xce) 04:50:51 executing program 1: r0 = socket(0x10, 0x3, 0x0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) ioctl$SIOCRSGCAUSE(r0, 0x89e0, &(0x7f0000000080)) dup2(r1, r0) write(r0, &(0x7f0000000240)="260000001100473dab09ff0000000000000015e1210000005c61da123ebe7876050003002fc9f93b054db139e491a623c1b33bfb1bfe4b0ba763900ae463326ac4ed5a5e28f1ce5e095d3cf578d118c61d9c5c50f9fe8751bb69a9b3de26ba59936987585b9df69571cbaf4ce0e701ca911be830ddb2284d9b9ebe6699a2ce7889bc392e16179b10403fbeb0596b9895d74be80d79a7fab481467adb2fd8be92942c19074c16b9f92dd26c38b52dad26a066e397086cc6fee815938feb90ff3bc40521ffd572f0eb1beb7fce4149c22dfc33e85da97ca9a18431ca1a9d6a855a000051580ac6d10691176b5ec9b63cb5f8b4d524b766898db32233e3a3", 0x494) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f00000000c0)=0x1, 0x4) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r3) 04:50:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = getpid() perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'nr0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00', r7}) sendmmsg(r3, &(0x7f0000003040), 0x244, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000000100)={'filter\x00'}, &(0x7f0000000180)=0x44) [ 727.655041] SELinux: ebitmap: truncated map 04:50:52 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:52 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000340)=""/246) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000004) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000080)={r6}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r6, 0xfffffffffffffffa, 0x9, 0x2, 0x4, 0xec7}, &(0x7f0000000080)=0x14) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f00000000c0)={r7, 0xffffffffffffff80}, 0x8) ioctl$PPPIOCSMAXCID(r1, 0x40047440, &(0x7f0000000100)) [ 727.747776] SELinux: failed to load policy 04:50:52 executing program 4: openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/context\x00', 0x2, 0x0) io_setup(0x200000000ffffd, &(0x7f0000000080)) 04:50:52 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b70000005f3f000000000000000000"], 0x38) 04:50:52 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 727.899797] SELinux: ebitmap: truncated map 04:50:52 executing program 2: r0 = socket(0x10, 0x2, 0x0) sendto(r0, &(0x7f0000000200)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) recvmmsg(r2, &(0x7f00000034c0)=[{{&(0x7f0000000140)=@xdp, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000600)=""/232}, {&(0x7f0000000700)=""/159}, {&(0x7f0000000000)=""/44}]}, 0x8}, {{&(0x7f00000007c0)=@tipc=@id, 0x0, &(0x7f0000000300)=[{&(0x7f0000000840)=""/113}, {&(0x7f0000000240)}]}}, {{&(0x7f00000008c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0, &(0x7f0000001b80)=[{&(0x7f0000000940)=""/65}, {&(0x7f00000009c0)=""/218}, {&(0x7f0000000ac0)=""/4096}, {&(0x7f0000001ac0)=""/185}], 0x0, &(0x7f0000001bc0)=""/7}, 0x9}, {{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001c00)=""/125}, {&(0x7f0000001c80)=""/206}], 0x0, &(0x7f0000001dc0)=""/42}, 0x4}, {{&(0x7f0000001e00)=@nfc_llcp, 0x0, &(0x7f0000001f00)=[{&(0x7f0000001e80)=""/103}], 0x0, &(0x7f0000001f40)=""/154}, 0x10000}, {{&(0x7f0000002000)=@generic, 0x0, &(0x7f00000022c0)=[{&(0x7f0000002080)=""/9}, {&(0x7f00000020c0)=""/117}, {&(0x7f0000002140)=""/32}, {&(0x7f0000002180)=""/143}, {&(0x7f0000003800)=""/4096}, {&(0x7f0000004800)=""/4096}, {&(0x7f0000002240)=""/92}], 0x0, &(0x7f0000002340)=""/32}, 0x141f}], 0x1, 0x40010103, &(0x7f0000003700)={0x77359400}) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) recvmmsg(r4, &(0x7f0000002640)=[{{&(0x7f0000000040)=@pppoe, 0x80, &(0x7f0000002480)=[{&(0x7f0000000240)=""/158, 0x9e}, {&(0x7f00000000c0)=""/59, 0x3b}, {&(0x7f0000000340)=""/177, 0xb1}, {&(0x7f0000000400)=""/200, 0xc8}, {&(0x7f0000000100)=""/33, 0x21}, {&(0x7f0000000500)=""/14, 0xe}, {&(0x7f0000000540)=""/140, 0x8c}, {&(0x7f0000002380)=""/70, 0x46}, {&(0x7f0000002400)=""/123, 0x7b}], 0x9, &(0x7f0000002540)=""/251, 0xfb}, 0x2}], 0x1, 0x0, &(0x7f0000002680)={0x0, 0x989680}) socket$bt_rfcomm(0x1f, 0x1, 0x3) 04:50:52 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b80000005f3f000000000000000000"], 0x38) [ 727.941569] SELinux: failed to load policy 04:50:52 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000340)=0x1, 0x4) recvmmsg(r0, &(0x7f00000022c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x132, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x100000001, 0x0) 04:50:52 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40104593, &(0x7f0000000080)={0x8001, 0x0, 0x0, 0x0, "954e8000000000000000000000000000000029000000000000001e00"}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x800, 0x0) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000180)=""/46) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/sctp\x00') ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000100)) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000040)={0x1, 0x0, 0x0}) [ 728.062318] SELinux: ebitmap: truncated map 04:50:52 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/sockstat\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r2, r1) 04:50:52 executing program 3: capset(0x0, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 728.097893] SELinux: failed to load policy 04:50:52 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500b90000005f3f000000000000000000"], 0x38) 04:50:52 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x20, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x371308f14d87e3e2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000100)={0x8001001, 0x1ff}) poll(&(0x7f00000010c0)=[{r0}], 0x1, 0x0) r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_DBG_G_REGISTER(r4, 0xc0385650, &(0x7f0000000240)={{0x2, @name="2c00b98495b8dd64187d9d08b5bfbfc5bf9244c7902f845e0d50956cb14c27ce"}, 0x8, 0x0, 0x4}) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$TCSETX(r7, 0x5433, &(0x7f00000001c0)={0x0, 0xfffffffffffffffc, [0xffffffff80000001, 0x1, 0x4, 0xffffffff, 0x4], 0x2}) r8 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) syz_open_pts(r8, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x22400, 0xe3f40ef29a2989f7) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) 04:50:52 executing program 3: capset(0x0, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = timerfd_create(0x0, 0x0) splice(r2, &(0x7f0000000040)=0x4, r1, 0x0, 0x800100000200002, 0x0) [ 728.271202] SELinux: ebitmap: truncated map 04:50:52 executing program 4: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40000, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x1}) [ 728.306661] SELinux: failed to load policy 04:50:52 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(r0, 0x80000000000000bd) r1 = socket$inet6(0xa, 0x6, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_open_procfs(0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) recvmmsg(r1, &(0x7f00000018c0), 0x4000000000002ed, 0x0, 0x0) close(r1) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x8080, 0x0) accept4(r0, 0x0, 0x0, 0x0) close(r1) 04:50:52 executing program 3: capset(0x0, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:52 executing program 4: futex(&(0x7f0000000280), 0x4, 0x1, &(0x7f00000002c0)={0x0, 0x1c9c380}, &(0x7f0000000000), 0x1) r0 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x80000000, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000140)={0x6, 0x8, 0x71, 0xfff, 0x2, 0x5441}) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) fsetxattr$security_smack_entry(r1, &(0x7f0000000080)='security.SMACK64\x00', &(0x7f00000000c0)='md5sum\x00', 0x7, 0x6) 04:50:52 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ba0000005f3f000000000000000000"], 0x38) 04:50:52 executing program 2: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000180)="bfaf", 0x2, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000140)="02", 0x1, 0xfffffffffffffffd) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) ioctl$sock_bt_cmtp_CMTPCONNADD(r3, 0x400443c8, &(0x7f0000000040)={r5, 0x9}) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r0, r1, r0}, 0x0, 0x0, 0x0) 04:50:52 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500bb0000005f3f000000000000000000"], 0x38) 04:50:52 executing program 3: capset(&(0x7f0000000000), &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 728.529541] SELinux: ebitmap: truncated map [ 728.552978] SELinux: failed to load policy 04:50:53 executing program 4: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r0 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x8001, 0x20200) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, &(0x7f0000000140)={r1, 0xffffffffffffffff, 0x1000000}) socket(0x40000000015, 0x5, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x80, 0x0) getsockopt(r2, 0x0, 0x9, &(0x7f0000000080)=""/13, &(0x7f00000000c0)=0xd) 04:50:53 executing program 2: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000100)="24000000100007031dff22946fa2830020200a0009000300001d0400ff7e28000000020a43ba5d806055b6fdd80b40000000140001000029ec2400020c1af34645fd5d74245e", 0x46}], 0x1}, 0x80) 04:50:53 executing program 3: capset(&(0x7f0000000000), &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 728.699706] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 728.783170] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 728.799380] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 728.812192] CPU: 0 PID: 18776 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 728.820222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 728.829684] Call Trace: [ 728.833661] dump_stack+0x172/0x1f0 [ 728.837325] dump_header+0x15e/0xa55 [ 728.841065] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 728.846378] ? ___ratelimit+0x60/0x595 [ 728.850291] ? do_raw_spin_unlock+0x57/0x270 [ 728.854892] oom_kill_process.cold+0x10/0x6ef [ 728.859417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 728.864982] ? task_will_free_mem+0x139/0x6e0 [ 728.869641] out_of_memory+0x936/0x12d0 [ 728.869660] ? lock_downgrade+0x810/0x810 [ 728.869678] ? oom_killer_disable+0x280/0x280 [ 728.869691] ? find_held_lock+0x35/0x130 [ 728.869721] mem_cgroup_out_of_memory+0x1d2/0x240 [ 728.878506] ? memcg_event_wake+0x230/0x230 [ 728.878531] ? do_raw_spin_unlock+0x57/0x270 [ 728.878547] ? _raw_spin_unlock+0x2d/0x50 [ 728.878563] try_charge+0xef7/0x1480 [ 728.878579] ? find_held_lock+0x35/0x130 [ 728.878598] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 728.918059] ? kasan_check_read+0x11/0x20 [ 728.922417] ? get_mem_cgroup_from_mm+0x156/0x320 [ 728.927388] mem_cgroup_try_charge+0x259/0x6b0 [ 728.932008] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 728.937286] wp_page_copy+0x430/0x16a0 [ 728.941466] ? pmd_pfn+0x1d0/0x1d0 [ 728.945585] ? kasan_check_read+0x11/0x20 [ 728.949775] ? do_raw_spin_unlock+0x57/0x270 [ 728.954372] do_wp_page+0x57d/0x10b0 [ 728.958346] ? lock_acquire+0x16f/0x3f0 [ 728.962955] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 728.967830] ? kasan_check_write+0x14/0x20 [ 728.972388] ? do_raw_spin_lock+0xc8/0x240 [ 728.976714] __handle_mm_fault+0x2305/0x3f80 [ 728.981158] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 728.986273] ? count_memcg_event_mm+0x2b1/0x4d0 [ 728.991074] handle_mm_fault+0x1b5/0x690 [ 728.995686] __do_page_fault+0x62a/0xe90 [ 728.999870] ? vmalloc_fault+0x740/0x740 [ 729.004143] ? trace_hardirqs_off_caller+0x65/0x220 [ 729.009358] ? trace_hardirqs_on_caller+0x6a/0x220 [ 729.014688] ? page_fault+0x8/0x30 [ 729.018265] do_page_fault+0x71/0x57d [ 729.022456] ? page_fault+0x8/0x30 [ 729.026019] page_fault+0x1e/0x30 [ 729.029639] RIP: 0033:0x40eba8 [ 729.033001] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 [ 729.052658] RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 [ 729.058315] RAX: 000000001d87aad1 RBX: 0000000057e637cd RCX: 0000001b30a20000 [ 729.066098] RDX: 0000000000000000 RSI: 0000000000000ad1 RDI: ffffffff1d87aad1 [ 729.073582] RBP: 0000000000000001 R08: 000000001d87aad1 R09: 000000001d87aad5 04:50:53 executing program 3: capset(&(0x7f0000000000), &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:53 executing program 4: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x200001000008912, &(0x7f0000000040)="11dca5055e0bcfe47bf070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4c7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SMI(r3, 0xaeb7) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000140)}, 0x0, 0x9f8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2) [ 729.081167] R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 [ 729.088642] R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000001 [ 729.099110] Task in /syz0 killed as a result of limit of /syz0 [ 729.107458] memory: usage 307200kB, limit 307200kB, failcnt 3888 [ 729.114578] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 729.162411] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 729.191616] Memory cgroup stats for /syz0: cache:0KB rss:231788KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:231880KB inactive_file:0KB active_file:0KB unevictable:0KB [ 729.268632] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x40000005 [ 729.275498] Memory cgroup out of memory: Kill process 8894 (syz-executor.0) score 1113 or sacrifice child [ 729.303549] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x40000006 04:50:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x8000000000000802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xd) write(r0, &(0x7f00000001c0)="006c6cca68bc1f8a6690e9c0c2352cfe9179702f800e614322acb3881911acb0dabb9e14578745b80bbc0e017389a34f94b78100f61ec5b12b557b284001350bf40f1e5fbaa9c9269801df799c4e3fdecaa093a126ade82f4824ee425e92aa9faa3df6696d55b5f3803e77b68926ba1035f760cf43910f6b1bd06c07f73920a3c10b902507b235634f4461c4ad8477dc2654c916a1e1bb62ef85f661a947910983d6118e00000000009e091c89b578f9ca61d3aabba71250c754310c733ac675ebb2ea1ea64bdc2cd7d4167eb84ab3701ebacdc4aa15662d8b41833136e3b04c12aa704a11f1f79b1329c96d6f6671d05390", 0x62) ioctl$TIOCOUTQ(r0, 0x541b, &(0x7f0000000000)) 04:50:53 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:53 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r0 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/create\x00', 0x2, 0x0) write$selinux_create(r1, &(0x7f0000000180)=@objname={'system_u:object_r:dhcpd_initrc_exec_t:s0', 0x20, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023', 0x20, 0xffffffffffff7fff, 0x20, './bus\x00'}, 0x72) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) io_setup(0x59, &(0x7f0000000780)) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) pipe(&(0x7f0000000800)) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) syz_open_dev$audion(&(0x7f0000000a40)='/dev/audio#\x00', 0x2, 0x20000) r6 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r6, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r6, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/mixer\x00', 0x80, 0x0) r7 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r7, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r9 = dup2(r8, r8) ioctl$TIOCGSOFTCAR(r9, 0x5419, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000c00)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) r10 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r10, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) [ 729.323064] Killed process 8894 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 729.323756] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x40000007 04:50:53 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 729.419852] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x40000008 [ 729.422275] SELinux: ebitmap: truncated map [ 729.442247] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x40000009 [ 729.453644] SELinux: failed to load policy 04:50:53 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500bc0000005f3f000000000000000000"], 0x38) [ 729.479045] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x4000000a [ 729.507662] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x4000000b 04:50:53 executing program 2: socket$inet_smc(0x2b, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0x1201000000003618) setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000180)=""/92) 04:50:53 executing program 1: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000001040)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000000)={0x0, 0xb, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, @planes=0x0, 0x4}) 04:50:54 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 729.527321] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x4000000c [ 729.546003] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x4000000d [ 729.558464] kvm [18796]: vcpu0, guest rIP: 0xc5 Hyper-V unhandled rdmsr: 0x4000000e 04:50:54 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 729.713635] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 729.792581] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 729.801717] CPU: 0 PID: 18816 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 729.808949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.818456] Call Trace: [ 729.821067] dump_stack+0x172/0x1f0 [ 729.824901] dump_header+0x15e/0xa55 [ 729.829025] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 729.834164] ? ___ratelimit+0x60/0x595 [ 729.838195] ? do_raw_spin_unlock+0x57/0x270 [ 729.842989] oom_kill_process.cold+0x10/0x6ef [ 729.847651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.853218] ? task_will_free_mem+0x139/0x6e0 [ 729.857748] out_of_memory+0x936/0x12d0 [ 729.861769] ? lock_downgrade+0x810/0x810 [ 729.866093] ? oom_killer_disable+0x280/0x280 [ 729.870617] ? find_held_lock+0x35/0x130 [ 729.874803] mem_cgroup_out_of_memory+0x1d2/0x240 [ 729.879741] ? memcg_event_wake+0x230/0x230 [ 729.884084] ? do_raw_spin_unlock+0x57/0x270 [ 729.888524] ? _raw_spin_unlock+0x2d/0x50 [ 729.892694] try_charge+0xef7/0x1480 [ 729.896527] ? find_held_lock+0x35/0x130 [ 729.900613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 729.905640] ? kasan_check_read+0x11/0x20 [ 729.909939] ? get_mem_cgroup_from_mm+0x156/0x320 [ 729.914987] mem_cgroup_try_charge+0x259/0x6b0 [ 729.920212] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 729.925157] wp_page_copy+0x430/0x16a0 [ 729.929053] ? pmd_pfn+0x1d0/0x1d0 [ 729.932606] ? kasan_check_read+0x11/0x20 [ 729.936757] ? do_raw_spin_unlock+0x57/0x270 [ 729.941254] do_wp_page+0x57d/0x10b0 [ 729.944965] ? lock_acquire+0x16f/0x3f0 [ 729.948980] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 729.953659] ? kasan_check_write+0x14/0x20 [ 729.957892] ? do_raw_spin_lock+0xc8/0x240 [ 729.962130] __handle_mm_fault+0x2305/0x3f80 [ 729.966578] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 729.971435] ? count_memcg_event_mm+0x2b1/0x4d0 [ 729.976162] handle_mm_fault+0x1b5/0x690 [ 729.980484] __do_page_fault+0x62a/0xe90 [ 729.984607] ? vmalloc_fault+0x740/0x740 [ 729.988762] ? trace_hardirqs_off_caller+0x65/0x220 [ 729.993999] ? trace_hardirqs_on_caller+0x6a/0x220 [ 729.998976] ? page_fault+0x8/0x30 [ 730.002523] do_page_fault+0x71/0x57d [ 730.006325] ? page_fault+0x8/0x30 [ 730.009933] page_fault+0x1e/0x30 [ 730.013591] RIP: 0033:0x40eba8 [ 730.016869] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 [ 730.036203] RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 [ 730.041564] RAX: 000000001d87aad1 RBX: 0000000057e637cd RCX: 0000001b30a20000 [ 730.048920] RDX: 0000000000000000 RSI: 0000000000000ad1 RDI: ffffffff1d87aad1 [ 730.056204] RBP: 0000000000000001 R08: 000000001d87aad1 R09: 000000001d87aad5 [ 730.063473] R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 [ 730.070742] R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000001 [ 730.078281] net_ratelimit: 11 callbacks suppressed [ 730.078286] protocol 88fb is buggy, dev hsr_slave_0 [ 730.087232] protocol 88fb is buggy, dev hsr_slave_0 04:50:54 executing program 4: r0 = socket(0x10, 0x2, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$netlink(0x10, 0x3, 0x4000000000000004) writev(r1, &(0x7f0000000040)=[{&(0x7f0000001880)="580000001400192340834b80040d8c5603067fffffff81000000000000dca870410cc00000cf64009400058915509da8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0xfea9}], 0x1) 04:50:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000040)={0x7b, 0x5, [0x17b], [0xc1]}) 04:50:54 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 730.088914] protocol 88fb is buggy, dev hsr_slave_1 [ 730.094128] protocol 88fb is buggy, dev hsr_slave_1 04:50:54 executing program 4: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0xfffffd1e, 0x0, 0x229}}], 0x0, 0x0, 0x0) flock(r0, 0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getpeername$llc(r2, &(0x7f0000000200)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000240)=0x10) ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, &(0x7f0000000040)) r3 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x7ff, 0x80200) setsockopt$netlink_NETLINK_CAP_ACK(r3, 0x10e, 0xa, &(0x7f0000000100), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) sendmsg$nl_netfilter(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, 0x0, 0xb, 0xffffffffffffffff, 0x0, 0x0, {}, [@typed={0x8, 0x1, @fd=r4}, @typed={0xc, 0x2, @u64}]}, 0x28}}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') preadv(r5, &(0x7f00000017c0), 0x333, 0x0) close(r0) [ 730.167257] Task in /syz0 killed as a result of limit of /syz0 [ 730.179130] memory: usage 307200kB, limit 307200kB, failcnt 3935 [ 730.220561] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 730.250836] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 04:50:54 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={r4, 0xb, 0x1, 0x8, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8}, 0x20) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xffffffffffffff7c}, 0x0, 0x8) r5 = getpid() rt_tgsigqueueinfo(r5, r2, 0x1f, &(0x7f0000000000)) r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0) accept4$inet(r1, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10, 0x800) read(r6, &(0x7f0000481000)=""/128, 0x20481080) [ 730.281929] Memory cgroup stats for /syz0: cache:0KB rss:231772KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:231880KB inactive_file:0KB active_file:0KB unevictable:0KB [ 730.305125] netlink: 'syz-executor.4': attribute type 2 has an invalid length. 04:50:54 executing program 2: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f00000000c0)=r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r4, 0x0) chown(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) [ 730.375350] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 730.584731] Memory cgroup out of memory: Kill process 9260 (syz-executor.0) score 1113 or sacrifice child [ 730.595773] Killed process 9260 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:50:55 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500bd0000005f3f000000000000000000"], 0x38) 04:50:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x7) ioctl$TIOCSSERIAL(r0, 0x541f, &(0x7f0000000000)={0x3f74, 0x81, 0x8001, 0x6, 0x9, 0xfff, 0x5, 0x8000, 0x59e2, 0x9, 0x800, 0x8, 0xffffffff, 0x31c5, &(0x7f00000001c0)=""/236, 0x0, 0x1, 0x8001}) ioctl$TIOCSLCKTRMIOS(r0, 0x8924, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x1, 0x0) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000140)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000225bd7000fddcdf250400000008000200e7ffffff0800020000080000080003000500000008000600080000f8ffffffffffffff00080006000000000008000300090000001400010000000000000000000000000000000001080006000000000008000500d556cd47"], 0x70}, 0x1, 0x0, 0x0, 0x65a5e781b62308a3}, 0x24000) 04:50:55 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 730.729107] SELinux: ebitmap: truncated map [ 730.744176] SELinux: failed to load policy 04:50:55 executing program 2: syz_open_dev$sndtimer(&(0x7f00000002c0)='/dev/snd/timer\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf24cb08948dd944e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f}, 0x200000800, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) ioctl$KVM_GET_DEBUGREGS(0xffffffffffffffff, 0x8080aea1, &(0x7f0000000140)) socket$inet(0x10, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x1) syz_open_dev$sndtimer(&(0x7f00000002c0)='/dev/snd/timer\x00', 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x800000, 0x10) syz_open_dev$sndtimer(&(0x7f00000002c0)='/dev/snd/timer\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f00000003c0)={'filter\x00', 0x1000, "7371f1460c15c742279c3cd33c89687bdde79aa68f64c82e4090903f49d02927dddd89348205177d91445796a035ba47c643442b4554166bf302ab47251d25d5bdeb032d5f7a4a286e9488b7349428f71d207d94e016365bcbb70992acb8b49a6d83d737356358ebc7de38b37cb06398fbc06183588df1b0c934370b30ae1a195c467ea393ee97a333bc8490c1d716bf319427f9302400d62e66c02e0abfff4953bbd9c35f546cc2eafd6442e79a7c8a2a01dbf993c564ce92833091ef8a466b61588107539aed07cd9f8919cc2453af05a5ce021ab03b95ce49ab8d5fd6c0999a52af6c7fb5a9852032bdef94904be30c514316d8de8f482c2d34eb3258818f747368724bd211d675c2b278f516f04538204dc8e9aa8d874a2f5f6d5d1d72567a99d8af4e7074a5ea7f506c4d9d6bd3a0c0e88e6862be17c86fac6237325599644f24d29bfe693ba5028a8435e21daa5eb96e2b9bbc3b076d4bce57303e19ede54a315d1da781d0cab445e28429fc1685258f767fe1e3cda49bda3a827431872853d428a2d18e5152ac1180fcedc9cbf73879f789cbc8c9064e28bb885abe26408c97c7082285a0ebf11875eb288689d36d4a35a2596866e71d7fd032b2ac3de7e3bde056b3e3d89ac72587807f3ef52bd5d0c5260c60ac60c46005f12d7c9cfef2b04a251adb984c539c153ec2e260831ccb66665907a622cc5c9736557e5a71cf10465e61cdb340c90b9628bb3ecdecd09eb4687998b7eed26f6d660c8faa54bc598738ba278d3c7a2bd459c0aeb2b14bbff4e52194c947df648cf2141d7a39b69336f55d178ebda81c8e7f53f35f8668bc4165a8282bf4afdda1aaa9ca911c50007b4163fe62a3a91f0be099b9f7d47ff0c1c2e6d6c2605bf38fb3ae51d9f30f5a127c975f7412fb327b6f3dbbf7ca6c7e197db93c8253fdf3379e21c286b7fa66d971d4f4375e8e055d50b051db47be2077dd3f7d5057f483c42e9fc3f30daba57f99fa4530441fd0fc81954ba8fe4967156d4864ac0dd2d355359b999a3ba97964b3beaf9469e45522dd08ecad3025ebe16f26f109ff0d81a6d43e0b351c5cdf2bbbd21bf2a3870f4331b2e0a95c4cc9a40cc2305f37705afa206e269f256dd7f14e5680655778eb3b92b9bb944f23bf73387350f6d7e8078baa195a480460b73fa98fa6b5fc05cff81c3ef72acc7ccc6c1484a643bbf1934ee600e268d2efda0814767e9eeda628d2b79bee02b26918e925cfea499203167c2852ef3390ad2f3f31378bc042b0c7402d1f82f19adc9ec3753aaf28e3be5e6aadc4d62046ee3f1a18e7f5e285dd822919bccc214025260195addb61832ce6369b6a9e3725781b3e1f5f0f48049dd708ee2ab649199c2125617cc8e9cc1e595370b21d73fcd27209e6fc99b6581f53cf43fe6690d3b5a1022f7c88b5e2919fdd7c9b2f2c39c7ecf303f4c7ddfa17826dcf5bc7dea36692828523380310235742f6deefc88c1a2c1f57ef9acb275cf7db7a5f645275f633fefeaf03e02ab87ddd680f55ba86ff6de58e130c9c4974fd464d8c7add65d0c71e99b135c982589c054e9b9969fadcc32acee138e70dc687bc0a24cdce3870a34381ac2e6d715c148edf474543bf0bf050a44d5d27c3bed7703cd705a17f50a11560c600d2a0a63dba554a99bca72e1393218dc86cd0ff4cddbda1245d890330a4c24112e992637e2dd2e34de87140a16764940f7f0ba238c6cf546173b71639dd24f52170a3f82c8ab73f04aa5874af9ebcc1f0dae5ff99c9902ca9e7e07aecefc3237eecb44c56f1f005851d8b398e12d624b3e644e8eff08ece7776eb5a3ec93381451ed17edbb00c924fd48948e62b7cca547d22e01fd8d84187ee11f3309a68bc9ba89dfab22d7614faa0fcee5ae6bdad436cc47fda5be555bc86df72e1dc0c801c0ba9cb1ad28458c1963944fb82f0b5a3d850929cceb82e44f6b5c380cfecfe416f5767c1a82a31c4f33c1062f299011286e65d98a6489bdc95667f7f28c4f443340fcb49828997200901378f4aa4067bfcd86f9f59f94d756539739a2717c7d1835d644e33dea00af64c630b441b41dfff90ba3536c9c1e6ff528a2ac6364edea282221e6119bf88f120e6556b14afb663206b3959aa39319e86f63725d86be9d4984469478e664cf0d6209405d6b80603ca37766fadbc26c643b23b23c0b28536132a1e8a5a2c059dee07985e2942c94abba987c9dac3db6871ab6d48a744b4219b7c348f8bf5b583c183fd17970172f4c7f0c9f52cdca5cd559df18a62456325fe645c57f61582f64dcc66e4d1d35d17222c38e92d4b3765fdccc680a629b8b4fba8d493aca8f6d010e2e3d8be87c968cc4f423b078f8339ea6f0e60a19ce23c3e643a01b69e556395d3640d3cd0918da80c11960e047485d9c95529fcdacffe557475edf492b66f41fc9e680950aede4ae5205857ac6f4267efa78cf049af515ca449157d0f04a60b43dace149475a1605a925b381e600741c2fbb5311582560a5d258fa443f5d8cc998a58b2a1d7bad4e52127e9b2c4d6f406c55746e9a2996649654853fba59806e41a9fb8cf3190d84bf1eedebb9fbdb328e4bc534ab26c43e8343e09de6d34dd20492a09981f99203545c4bb35dd96fead73c03a15ee27411ee1bafbb2f93007e3b0c8ae162ca80eed54ea266e8b6d508c96996517f12f96fddc457b7d20c1ade3f7434afba6db941b81add4349608c4407d4b945a2f67637e7db84f012f7f274456cb0ee409a6bc19bf2056722435d576b0708e59dc3b59c3df95eed09baec9d54b45dfa0b32090f1432d1c39886c32c2cb8a674bbf06450c8d4b891b9fab53cae1408e03d095aef54b91b059a46a258a6b9fc358c8856ca9dc1cf25827623ed10da0bcad115ac5a9b71fdc1aa82f4c67c1a2208425351e2318ffc7f3a9103aff4ae09926e832549c802e093afbf72230ab51ed9672b4b3f6ad0aad67acbfa30993f96b09aed3d77d41de783a7df32b14462296f26db8dd8a7dd42b0825b3b692b34a794119b85fb78d8f7622783ce24207707a344c3fd32c78af172c0b7a74e8eabfdb2e62add91dc7b70857e6916c1b2c9e87ff1c4258c8aa0ca38ab7578cc157144c074ff7572c74a995f4cf841c19cfb911720a080b1970b635d96972023b5b8243ec70fe6792ac0ce02535987a9055f26f9754afc86584f0d5130a994f169a8a1231b48b56884795da0d55891b612b83dd70400efae9f6013006bc393e8998a87054e671917e40eb2166de012c93fa097b8cab66cf3b97abb19389ea2bead0cbf2cf62701b3e7b70ac36361000e18c3b29487745d79db2fd3d0de0063afdffbfe56337d20e4552e6280e6eed819fbfc50fed5fb831fd0ce6216d134a8db56df8c46eac419dffb26686efde19b97beaf9331bda8001c4ffe18a1cba7e21fce2bf40abc5248bc41b576ab6e9bfa259a53e0a8e9ba5950d5cd196758cc3b2b6453537a7993d789e8d66418021b5050082922a3a2e901539e6705b8f25d768cce17ecf3d1a18f560049624c146b9ff98d4c099351c07fc44d7288a01e7e37c71d3a0ed1573e8ca4a1259246c1cced9cd612ee44298170ad3409797098c7dce712d3967e717fc28b90a4d74553c92afeefa26014c8f3f3571132fbcbc15a7d678d9d9a92eac3b581268b3e43a00bcacf7753716b1d6a87ca98a058b4be289dbe2221b3ffade263a232f6357e1780691a69cc218aee8a47ceb61443e5071adbf8e407b7220482561e81ce900ca9d60b14f578e7ceaa4cb64b5ff795a2fff1819045c83201c4e2e1d82f3091b8513dcafcc4ed056b25f781b38cec9be17768cc836531047b8627322d7ebd40b1369b7d8f8d9db28a45f77c7f572b86e6733d848b84afbd344f38e47a3c85d92d3cc081a703d5bb21b7ced456e0f1bc2303bbba2e958b0effbe3f524c4fce080709253fea9105b9f0958cbb17556b6e3dbc3a89030e2ae35333aef447f7dd68c668ea9969e2a3eab72ef221698704026ddc73ecd0a713e12714bf7d1e27ef455f2558f372b6a4871fdde75a0dc033ec7eed350d246818868cb3d2c30c43e6412e1d5feea0665008c7f09d81031255f69141bb68f294e0d17fe207a22bdd682ab1c519d41b998bc081e871860f994ce7c8ab4c84b811a4a5edf5abf0ae026abb0904000faa54086cc986126cccf7f3017fb8c4ed9af8c33338d846ebd6e1ef6d82d05f82c88fb62fea77093712fbe0d421f5df76d46f19d49d5e5fc76795cf8a74d80ed5332b27d17aec5f553478453794c52ed05fc307d06784008b160c57ad2abefde154727623e8ba17803809592560c33450a43de47023846d0693edb98360591c9a812c30de964c44f292aefd865b23ef776771df97bc58ae5831a2f95016d97c6d6a1cb0a742f78483ca90b08f53cd5d2010bcc585ee5e6a8c0b33627aae3bdad1d347566ca01e24800715cd66e9f5ea470183fcde7a37b31921a7f9ab5a6a7cba48a504f5aa73d55eb36ec933fc0c427151a9341ebb559df2bc9ad79097d4761bfc0b831fb3587d76894e6b1f7931a1be21cc17f80aabe9c4afb33d7128f011df47671a4e11c3201591fb35d4649dac4876d046e8347ccd27b8d18bed7df7f0f46c5d56e88eda04ab276f3b628a76699f2b0b6d39a66dde37746509fd98d2802b953cc862f66f05c417f2a83914838b81469586f1aa1fec350ef54a1a6c0c40b3de31f07eb61b00ec5dbf64aff6addd981f30e9651dcf20bf3f28881ac31ba5867b3d2d015f8b3d0539236f2c53d293ab02e52bb0657249d0d388a8b788890d37b11666b61b6b1971d176a19036d8c4dde00e2ab9904f127c77d47e93cfc48f4439b56eb3fd7c692ca025aa5787ce474d615c863c1a69e0f37692a41859450fc538062053fc92bfabb2e077468ddcd19a7414821fc3962b89ba7f9f993cd910422471c4dfe8982cecd6f5b9dec2d459147438389a2019755be30a25f7a98e71b7e1f290c8c0a5f2dcb0f5c95498ca8cb90600f334de2adab2bd821a44668a7603f3336826bfc8ca9b2f777679b65db02b145860014b4d4adca607602b09640654010cc56168a3470f30efc96c004b732512f8169dcd15e268821d49e987f58310c3471264517d24552774502cdfe1fc0549730d94855006431190d089eb51b3e82d8909146a8cf271ea3cbe098abcd9a175a5969a4a8861ad6f9afa01f94373560a10dcb0f5d541a52b655ad9b7bf4be6c6094d1b1cabd49acfa975c131043ba16a1203c923aeedab842711f7d5a6751071fd8c1ea2572ebaef155b157258aeb4e1da71322df816229f77e6798f172011d621504f07abb15e94c0a104393f9ea1c9793dd30df56838baac3e1203fbffd36116114c1e6ea8af67888651290ed688c49910b68d5ba163f118a18376084897c00b2b62d2a98d7a5e6cf89f79d83d07822e9681d46b52ecd7ebebd4b8b5bc7d2447e4f9ee25daffe0bcdd4764013fdf7269d09567d1c109c7bd7fc46fe194ae1c2070b8c22fa498ca2171e8ff600d813211d604038b242e45b9c9e51d76e30a8da47ab32456c2016734471a05cb70b7d366145ca54b74cf6cd44ae0bfc6db9286f375fa80269470cda3702de56d35b713e31aac9649b11dce3ec5d9a3c4af3e9685d2793b7d8fc1343ceeaa70d2de2636e8b3a779bbd8f02180b591fe47368eb30c84117130648df70e0bb64e0e6b59c734d55dcb70d851744f2828d2708cf00e5fa5483cfee8eedb6ec4876703b137d9917a0ddece1a6b8feedf043e0aa95"}, &(0x7f0000000100)=0x1024) 04:50:55 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x79) r1 = accept$alg(r0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='/\x02roup.stap\x00', 0x2761, 0x0) r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) write$cgroup_int(r2, &(0x7f00000002c0), 0xfefe) sendfile(r1, r2, &(0x7f0000000240), 0x8000) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) setsockopt$bt_hci_HCI_FILTER(r4, 0x0, 0x2, &(0x7f00000000c0)={0x4, 0x401, 0x100000000, 0x1}, 0x10) setxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x20, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x2, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x76b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="020900090200000000000000000000000021475a2adeaf3e4301889c91de072b67845e1a9daa204ac1c96c47fbea02d3869fceed860e6c97da3254b1cad7cb694664a56d53e150ce9f992673000000000000007e434dd334c740ed6ecaf67bf3626c2c892ad223dc94781e84c8fcae4547822f088407759a41d340000000000000000ac96fc9a04eccb11adc59ba6fafdeac32445119ada8afd12dbc2b805c5339be4c202b0ff1deb2ff5a1e89cdcebcf887eb6fb7c751de4eecbb6aaa3a4b1905e66f705b295da1e63bfe4f1b3574709269ef61022262e27d0ffc687633d226c14c829140a53e5cc3dc31da8a0ed1dbd75d2973dc204acbb4a381ef7c9c30d285184299e4d73752e04fc336f23939842101638a704c4030d40c4cb7683f771fe3f11274f5d0ff9c9b5297de5a2ad9ff1668c62218381c8894803f7a651867"], 0x10}}, 0x0) [ 730.806353] sp0: Synchronizing with TNC 04:50:55 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 730.912534] SELinux: ebitmap: truncated map [ 730.943715] sp0: Synchronizing with TNC 04:50:55 executing program 1: r0 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) connect(r0, &(0x7f0000000180)=@in={0x2, 0x0, @remote}, 0x80) recvmmsg(0xffffffffffffffff, &(0x7f00000015c0), 0x0, 0x0, &(0x7f0000001780)={0x0, 0x989680}) sendmmsg(r0, &(0x7f0000001540), 0x28, 0x0) [ 731.071385] SELinux: failed to load policy [ 731.107180] protocol 88fb is buggy, dev hsr_slave_0 [ 731.112349] protocol 88fb is buggy, dev hsr_slave_1 [ 731.117905] protocol 88fb is buggy, dev hsr_slave_0 [ 731.123015] protocol 88fb is buggy, dev hsr_slave_1 04:50:55 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:55 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000005d00)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000012000800000000000000003187c47df11a078bb7e6d4e8870dede24e567c0814266c8952cf382f4f947c3d9a7a07", @ANYRES32=0x0, @ANYBLOB="00000000000000001000120008000100767469000400020008001f0006000000"], 0x38}}, 0x0) 04:50:55 executing program 2: r0 = memfd_create(&(0x7f00000000c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@discard='discard'}]}) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) 04:50:55 executing program 1: syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@show_sys_files_yes='show_sys_files,y\\s'}]}) 04:50:55 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:56 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500be0000005f3f000000000000000000"], 0x38) 04:50:56 executing program 4: r0 = socket$rds(0x15, 0x5, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = getpid() tkill(r4, 0x1000000000015) fcntl$setown(r3, 0x8, r4) r5 = semget$private(0x0, 0x2, 0x80) semtimedop(r5, &(0x7f0000000080)=[{0x3, 0x3, 0x2be05704e7015ce}, {0x3, 0x4, 0x3000}, {0x0, 0xfffffffffffffd4e, 0x1800}], 0x3, &(0x7f00000000c0)={0x77359400}) ioctl$TIOCGISO7816(r2, 0x80285442, &(0x7f0000000040)) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) clock_gettime(0x0, &(0x7f0000000e40)={0x0, 0x0}) nanosleep(&(0x7f0000000e80)={r6, r7+10000000}, &(0x7f0000000ec0)) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1, 0x2}}], 0x48}, 0x0) r8 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x180, 0x0) sendmsg$rds(r8, &(0x7f0000000e00)={&(0x7f00000001c0)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000009c0)=[{&(0x7f0000000200)=""/190, 0xbe}, {&(0x7f00000002c0)=""/72, 0x48}, {&(0x7f0000000340)=""/138, 0x8a}, {&(0x7f0000000400)=""/128, 0x80}, {&(0x7f0000000480)=""/109, 0x6d}, {&(0x7f0000000500)=""/189, 0xbd}, {&(0x7f00000005c0)=""/133, 0x85}, {&(0x7f0000000800)=""/130, 0x82}, {&(0x7f00000008c0)=""/216, 0xd8}, {&(0x7f0000000700)=""/91, 0x5b}], 0xa, &(0x7f0000000c80)=ANY=[@ANYBLOB="30000000000000001401000003000000", @ANYPTR=&(0x7f0000000a80)=ANY=[@ANYBLOB='\x00'/81], @ANYBLOB='Q\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000680)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="10000000000000001800000000000000140100000c0000000500000000000000580000000000000014010000070000000900000009000000", @ANYPTR=&(0x7f0000000b00)=ANY=[@ANYBLOB="0101000000000000"], @ANYPTR=&(0x7f0000000b40)=ANY=[@ANYBLOB="0500000000000000"], @ANYBLOB="0400000000000000e93e0000000000000800000000000000fbffffffffffffff0000000000000000ff07000000000000580000000000000014010000060000000700000001000000", @ANYPTR=&(0x7f0000000b80)=ANY=[@ANYBLOB="0600000000000000"], @ANYPTR=&(0x7f0000000bc0)=ANY=[@ANYBLOB="0100000000000000"], @ANYBLOB="090000000000000097ffffffffffffff020000000000000007000000000000001a0000000000000048000000000000005800000000000000140100000900000080000000f9000000", @ANYPTR=&(0x7f0000000f00)=ANY=[@ANYBLOB="980b0000000000088bf6e456c7eeebdc505b90dbe5c693bfbb230e252bf609cf82a743b24f2bf137c4710c0d444ff6a1132549a2cf08d3811548036d84ac3344328332e9cdae0ebee3fa608fc58c67e8c02ad611ce532c44122dccaae31b38c6ad0ccabfd3794a1b391d66fdddd7041dae002cf3632125c659c25a71e8bd805bd601ac019e0d07ad824731d3df92574401bdc0c3ac40d62ddc6faaf84cbc3da436eda5d8d72b9fb7a1a4d474347b000a063963022a2984fabed40a30ee72ce833c22a85d"], @ANYPTR=&(0x7f0000000c40)=ANY=[@ANYBLOB="0600000000000000"], @ANYBLOB="0600000000000000d5000000000000000700000000000000010001000000000030000000000000009a6a0000000000001800000000000000140100000c0000000400000000000000"], 0xfffffffffffffe89}, 0x80) [ 731.615343] XFS (loop2): Invalid superblock magic number 04:50:56 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 731.683980] ntfs: (device loop1): parse_options(): Unrecognized mount option y\s. [ 731.784013] SELinux: ebitmap: truncated map [ 731.799851] ntfs: (device loop1): parse_options(): Unrecognized mount option . [ 731.885575] ntfs: (device loop1): parse_options(): Unrecognized mount option y\s. [ 731.927825] ntfs: (device loop1): parse_options(): Unrecognized mount option . 04:50:56 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500bf0000005f3f000000000000000000"], 0x38) 04:50:56 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 732.147170] protocol 88fb is buggy, dev hsr_slave_0 [ 732.147209] protocol 88fb is buggy, dev hsr_slave_1 [ 732.320223] SELinux: ebitmap: truncated map 04:50:56 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r0, r0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) 04:50:56 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c00000005f3f000000000000000000"], 0x38) 04:50:56 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r0, r0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) 04:50:56 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) remap_file_pages(&(0x7f00000a0000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x3) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000140)=ANY=[], 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) r3 = dup2(0xffffffffffffffff, r2) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x200000e, 0x50, r4, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nullb0\x00', 0x0, 0x0) preadv(r5, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0x1a001b00, 0x297ef) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_int(r6, &(0x7f0000000080)='memory.high\x00', 0x2, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x101101, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) r13 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r14 = dup2(r13, r13) ioctl$TIOCGSOFTCAR(r14, 0x5419, 0x0) r15 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x6) ioctl$TIOCGSOFTCAR(r15, 0x5419, 0x0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r8, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x3}, 0x8) openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0xc0040, 0x0) r16 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r17 = dup2(r16, r16) ioctl$TIOCGSOFTCAR(r17, 0x5419, 0x0) write$cgroup_int(r17, 0x0, 0xa5) [ 732.663463] SELinux: ebitmap: truncated map [ 732.707635] sel_write_load: 2 callbacks suppressed [ 732.707641] SELinux: failed to load policy 04:50:57 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c10000005f3f000000000000000000"], 0x38) 04:50:57 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:50:57 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r0, r0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) 04:50:57 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c20000005f3f000000000000000000"], 0x38) [ 732.890917] SELinux: ebitmap: truncated map [ 732.907379] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 732.948047] SELinux: failed to load policy [ 733.183120] SELinux: ebitmap: truncated map [ 733.223291] SELinux: failed to load policy 04:50:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKMODE={0x8, 0x10}, @IFLA_LINKINFO={0x14, 0x12, @bond={{0xffffffffffffff90}, {0x4}}}]}, 0x3c}}, 0x0) r3 = dup(r1) r4 = socket(0x1e, 0x4, 0x0) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x8) r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, r5, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x2c, 0x7, [{0x8, 0x1, r6}, {0x8, 0x1, r4}, {0x8}, {0x8}, {0x8, 0x1, r7}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x167}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8d9fa253b2a3cdbe}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x50, r5, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x10000}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x9}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) 04:50:59 executing program 3 (fault-call:3 fault-nth:0): capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:50:59 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:50:59 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c30000005f3f000000000000000000"], 0x38) 04:50:59 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x802, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="2e00000018008100e00f80ecdb4cb92e0a480e181e0cd300e8bd6efb1200080004001000"/46, 0x2e}], 0x1}, 0x0) r2 = getpid() tkill(r2, 0x1000000000015) r3 = geteuid() r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000004c0)={0x0, 0x0, 0x0}, &(0x7f0000000500)=0xc) r7 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r7, 0x0) r8 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r8, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r8, 0x0) r9 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r9, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r9, 0x0) r10 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r10, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r10, 0x0) r11 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r11, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r11, 0x0) r12 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r12, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r12, 0x0) r13 = socket$inet6_dccp(0xa, 0x6, 0x0) r14 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r14, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r14, 0x0) r15 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r16 = dup2(r15, r15) ioctl$TIOCGSOFTCAR(r16, 0x5419, 0x0) ioctl$sock_FIOGETOWN(r16, 0x8903, &(0x7f0000000540)=0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000580)={{{@in6=@mcast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@local}}, &(0x7f0000000680)=0xe8) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r19, @ANYBLOB="2c747970653da0"]) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000006c0)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r21, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r22, 0x0) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r23, @ANYBLOB="2c747970653da0"]) r24 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r24, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r24, 0x0) r25 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r25, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r25, 0x0) r26 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000b40)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r27 = socket$inet_sctp(0x2, 0x5, 0x84) r28 = getpid() tkill(r28, 0x1000000000015) r29 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r30 = dup2(r29, r29) ioctl$TIOCGSOFTCAR(r30, 0x5419, 0x0) getsockopt$inet_IP_XFRM_POLICY(r30, 0x0, 0x11, &(0x7f0000000b80)={{{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@initdev}}, &(0x7f0000000c80)=0xe8) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r32, @ANYBLOB="2c747970653da0"]) r33 = getpid() tkill(r33, 0x1000000000015) r34 = getpgid(r33) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000cc0)={0x0, 0x0}, &(0x7f0000000d00)=0xc) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r36, @ANYBLOB="2c747970653da0"]) getgroups(0x1, &(0x7f0000000d40)=[r36]) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000d80)={{{@in=@broadcast, @in6=@ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@local}}, &(0x7f0000000e80)=0xe8) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r39, @ANYBLOB="2c747970653da0"]) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000003dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r40, @ANYBLOB="2c747970653da0"]) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r41, @ANYBLOB="2c747970653da0"]) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r42, @ANYBLOB="2c747970653da0"]) getgroups(0x6, &(0x7f0000000ec0)=[r39, r40, r41, 0xee00, 0xee01, r42]) r44 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x5) r45 = socket$bt_bnep(0x1f, 0x3, 0x4) r46 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r46, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r46, 0x0) r47 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000020c0)='/dev/ashmem\x00', 0x80000, 0x0) r48 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r48, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r48, 0x0) r49 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r49, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r49, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000023c0)={0x0, 0x180000, r1}) r51 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r51, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r51, 0x0) r52 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r52, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r52, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002400)={0xffffffffffffffff, 0xffffffffffffffff}) r54 = getpid() tkill(r54, 0x1000000000015) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r55, @ANYBLOB="2c747970653da0"]) r56 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r56, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r56, 0x0) r57 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r57, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r57, 0x0) r58 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r58, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r58, 0x0) r59 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r59, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r59, 0x0) r60 = accept4$inet(0xffffffffffffffff, &(0x7f0000003680)={0x2, 0x0, @initdev}, &(0x7f00000036c0)=0x10, 0x800) r61 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000003700)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@ipv4={[], [], @broadcast}}}, &(0x7f0000003d80)=0xe8) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r63, @ANYBLOB="2c747970653da0"]) r64 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r64, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r64, 0x0) r65 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r65, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r65, 0x0) r66 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r66, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r66, 0x0) sendmmsg$unix(r1, &(0x7f0000003c00)=[{&(0x7f00000000c0)=@abs={0xaed6a561af4d37c9, 0x0, 0x4e22}, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000140)="2ffea2d1371dedc64ecd63f2a22f5db3d0a538e93265a047bc5455297bfce4f051ebfb21f295d7461c1b01bf8e71b12b646692ed0ff13c617e211c3023a435b984f71f822b1160bd85582c545621e61485f67db4a60afb04ce1da939fba9bb94d983", 0x62}, {&(0x7f0000000280)="9bf919da9bab7caa594f8ca259ad33b1586f51b0c62c71d1c13c104838b5e2b52f5289430c69bc4cdf181c9958409c76868394ade8a787956e9209840d44fcac51ba67bd4197f8b33079301844b3963633f0346c62d182515e3afd5d5f1892ae3201d2cd575861e195622b4a9a604c9ac1ca52199bfd9244fb42538a0b539a550afe4f53396b159ffdcf6fafe7fd94f3ea2c456fd26302defa4c42628783cd8290e4f69725f397dc42f8f666b8862ac29677ffa5f627e44e60b8348a6f9d36d65a7cba46af6a29fcaef7", 0xca}, {&(0x7f00000001c0)="dde8b4384150654a85b53bd7cad33ac677d293e5a876909d82328374ab4bfbfe9ab5f38dba565e2804b92380ade7d55d886fbee38abb6c27e86fbbd1440a", 0x3e}, {&(0x7f0000000200)="b0bd07b152551acc97232d5858c90ea813d866f08a03744b5108db5c163cb8204aadd9624d20faf3dee96f33ff9a40f67f10d3d973641c23f2b92dcfa80f", 0x3e}, {&(0x7f0000000380)="232058fe0e2ded94b2aa2f98887db7627081794ead84a8921b4f3d2a7aa466bffc60747e8dc4a8b6bffd701bb42c99", 0x2f}, {&(0x7f00000003c0)="8873ab42cbdb749a05b707747db1675ceed57ea6ced7b2883308c3eb05e935e01a0c37526a57305d1bf736bf958a9a9c4f34de5af2a940414e0f08b41886fa3bb0bedeb9ba508c9a3eab7c20392e7c2f9369f3ba236223184510838bb6c1fb01eac719e75c61dbb47430c4c828c3b6f443", 0x71}], 0x6, &(0x7f0000000700)=[@cred={{0x1c, 0x1, 0x2, {r2, r3, r6}}}, @rights={{0x28, 0x1, 0x1, [r7, r8, r9, r1, r10, r11]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r12, r13, r14, r1]}}, @cred={{0x1c, 0x1, 0x2, {r17, r18, r19}}}, @cred={{0x1c, 0x1, 0x2, {r20, r22, r23}}}], 0xb0, 0x64000041}, {&(0x7f00000007c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000b00)=[{&(0x7f0000000840)="15ed73297aca41388e906ceece2d77db44d09914b04010ef1194eadc2d676746878871a96c3fa0b5c36d435c89e5df1ace059332aa07af6ad216000004e36734e2057ff0dda851c44e9be1c5f950d5c7b58c5c68b1ffbe8797239d085e47e875329f4bbcb486c3d9b76ba9afd31ae71142ac6e30c4580fd16817fba88b2ed59958bafb5475c03db17bd4c277b82dce32e2e25445aff659533eac74b4299119f178ac88cd91bd3940c47ee3ff74d808574b6b67c4b9c9d65f713a8ae0d2f6060bce2ab3c477e940265ef55999a144b7870fe8770ad4274de54374f14531098ad222", 0xe1}, {&(0x7f0000000940)="7ea9bdb2069f0072124231b0775f5ba29cb21df02041a469bf8895a03e4df7ab8c95a2586e98b3342963acb18ccad43dceda5ba982a1e863313dff2a95aab7b78d03d185c0d5f84b7acc62d2e01c13a4086e2794342d99715b89fc13", 0x5c}, {&(0x7f00000009c0)="a593f5088ef72ba9c03251c47dc2a4de53f96c86db291d0f36161f6bf82eec6fe2c9f80579030d3bffd5d6701c9c74fab1f70ca41f19c19ad2ce68ffcbcc0da58cc85a1248a6b785586c711cb98d88fc17be4c8a2071f46958bf63db28c89bd2cac68aa357ddf97bf3bb5fb94d7c69e69189255fdbad71faee60ad7a0efccb431f94fb85d11cf77c92915570e798ccb695b82465420d67eabade825899adb78eb3515713b5d6705fde56a2c80ed2863cf9772155f0df3b38ce04a0e992a54af64697b7d2b7623c7998eb571d16f24fafa629b3c7a1d2511a4ee389579bebf6840465571de375d60df0313e18", 0xec}, {&(0x7f0000000ac0)="b116b081b360147d42", 0x9}], 0x4, &(0x7f0000000f00)=[@rights={{0x28, 0x1, 0x1, [r1, r24, r25, r26, r27, r0]}}, @cred={{0x1c, 0x1, 0x2, {r28, r31, r32}}}, @cred={{0x1c, 0x1, 0x2, {r34, r35, r37}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r38, r43}}}], 0x88, 0x40010}, {&(0x7f0000000fc0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000002080)=[{&(0x7f0000001040)="bc3536b9fda2412b63f6e0ce741f015b078258a8e2a74212b8c76af9db13c2fa20", 0x21}, {&(0x7f0000001080)="a05a1bcd571870a50595eb6ab69af4eece5f4296c23d7db1060ac0e3eb0a38a420ebad21a240de63905407cf595b7321494da3c25d61155bcd7c24a9e43d52308cc1fcbbad143803c299a285ed3fa1ba2bc1116bc0b855915fe25bfe0e01bfa16c0ba37e4a40141768f3119a73ec2e4002063e630ff519098e4a9212429e1dcd1e7498952d12a82c2714a3ebb28dbc7c1961a8029417ac598177da5df3d8d383e8807d5b66af22f2a484b49454c73ac5e447418667111a54e45bc96d9062b58bcc8eb26979c64002615007f029b69c87c657b37338ccc899cd7ee38a486a0baeb1d94797234fac7b7a519a14eafb8844f9f4743ac0a9a96376eae65659f99c1bb991a121a0d88c4aff972d1e2de72a93f14cb1edc6be8f6036316b69a05141bbeb746911a8fd2b3a9b8eec6db85c8df6a46a1fb917da07b517975e2d01dbe7daad908f7901a8c7cf55d78d6fc6fe9eb0a8f87b75a60b4b0ad1a29d3979cbe7167fbf25c599fb5979690ae77f2e033ebe310c480dafd9ac1e3d9026dbdc4262948ab3524c94e11160085aa297539f916161a58ba4b98a6b8d7916a10f625a16d1fb2f90180b0e4b25127f59a8913dfe408721338e33ed8d3867bd484429ded2f9d2f7adbfd2d882df0cf37478d9545ef845bc2f11fbdab5cc7023ae0748c4489bdffc394fa0f598e4525bed73c8b2fd0c04ff26717ddcfe696d418626b99124e92f075c262c0a970eca561dfb93948edb6a706e98cd02131ace90fe562024c026661280aa2497443ff0e2b42244bc684b672f4ba72a4c095df651b0a9a2ef158a99e69582aff8a87bd418f366b05a83ca81efa347416ba2a3e317d2adece64d3f0bc4c6d38d17b150a0bd0d53d46eb9b676c256e70317ac5f8429edd28967a85faade2eea4d8e3d3d72445f7f364f63ace22d76afadaa3ddfdd2c0386d4a5cf1e225e6138b8f18d2e261c9c8e4f031442920d9b51d0619fab076e7e68aa50de6a4b2b9f7ece4705f52c7958bb31571ed4ff115bbcb5ebe2102a9f05b616f6217c6cde515d23a307dde0140f6094054062fc87ffcd664c4e1a5c2db9e04b9b35e58c815a8c209fcfa3ed22d6dbeef3570930708dc337465e7c6a93c3ad5e48205b6a1ddae75f0d04746ad581280cbdac877d1a85b876ed3111bdd46cfc8c506b1924aec66ef6d7c884ae91659ba42b330f7f0d20552b595c1f66ba6f4d604d763d5b2210431fceb5a13b1135ff94167a3f8bbdb28d911d77e8810c26aea51529a52be0d3ffe52f5247ee7197a62f165d4cc9c99746c4544354d4d172615b1e29103d71a77758757a92b66a9cca84735678169ed3074403fc5fd1c4551559371a9302b8d3344d29db09b6eeedac6be90f0f7793384f587b664286525434fd93eca988515def9dc64cea6acc365856a8588322f8830ae78e3181f3812371baabd63c928d9f0bdcb271619ab6d54a1d4adbbd07c0108d7aaed83761356700b9c0ec2901dd30609bb9266b6fdf0b9d01bc4166179a2ed5c214da759818dcc9ec55588b84b66a26ae0fd1836dab4834ae8a5c6f194a20444bf54036c635b81f2cc9146216db334c60c368267583b602e1ef29e1adc9bbdd4533e883323a685624553de0510b67d624d55c68ca362e6b6a0e6190d47787fe4bef8c48999e1a3a9645a1f6335e4c473f6dd0176dc83723bcdfe8ab00e0b9e8e2fa195eaa881888b0d2b2623cdd71611ef6549c1cde17298313ee9155589fd64cfa896032a4c176131348b9eda67e86dd95b8d887e6d28b836140ced6fe010b9adaa529176e520bfe25c67be183303bfc75bd579d90107375ceed694a2ddf706c7b5e79cf181e809bfcb427e9a63eded580a404b0b9f19857d894ec3a5c9ae54b7dc9500b749622942339ae4469f75179c9f1bb89a77971cf2db755138384d072fc292db1268c94d0e46fe9f173d741e41b982e589d10a61384d245d3a49e6a93be3fd2ba3931144b024a93fe87b11beb4aa85359b4637513d0dcbafad7c4dec356e71a3d3732bbbcd528863f9be67ed513743adaff39bf65c954200354b478a09b8c36d2dc159770321c43ce1023d9b7989c5470e088ad9f2a113d1fee6a037e96ded6a8438cbd3fadb81971285885059e4277d1c94af08d7160128385ec43db21ea8daaf9472da9ad717d407d755981146d5c94b338d77e559ddd19b58b753ff8d48e1cf3a56aaa8f62ef211d622c9a48851467bcc48969ab0b2cbb22f6975a3bc22a5605eeef2c44811c3d984c37ac9768341d41cdeccbeca75ba6c874dee0aa4be53dad18341da56a4ae3b38e6083e45dc4e38671aadeaca276a9010152efbc52f963c09dca66ffadd42303043a23b92aafb2c6d633d08d68622d2d5d7430c6bf406c367e4fca6c5c607064fd72ed95d954c6856be145194541d05fdf317316493a70921f6688792c6afb37a1143b08c102ba89dff7869a14ca0d89ee680da01ccf8fd836ac02dc0a634987c58fd9dbffa90cd7aef7cba13d8d90f926a37592e7db16ec04e0352e679370d0cc2bb0ac395755e11c030c9158725dfa6657549b7217e5ac3ce8a930b7dabb8b16aa6b9495f16c331d297d9921b848c1f3ae2624a8b8b82933d79db265f9d239a9d32c13144a10299072506c13581a3fa4e61252c17fa26f4ccb11926788dfd70370549e02e8754d208e030a0eb477c223fbdce25e2cdc02070ca693d38b1de8e0d7d293c003b35558f5a3fbebe830bde850b8ed0a352348e96b570a3cadcb247fd63e228148e7e5a84d7d82c26fe4f535706f17c38b7a52193bc5b50237b5a8a1c34d0c44a2d7803832ea5bbfff0e9aa134d37bdb7c3cec9d2bf9d12d1352bfa5dab3b5f37583f24d497cdf96053b0d6688e5c0f63ce03f926bcdf4277d287677fcb7e9cdc1db50ab69aa8a4e6be725486dc63de30b336a798d3629d5268281d31deff0f0e2f76d59db13bb6ed6c9268e9540496a3e34f9f15dd736b292e0a046f94d689c7982031ac049fdc4e97ebe7c84f416a0bf4357563a1fc2e953d5909825fa80ae5532db47cb20af70813d6a4d4369292c1edc1bb7cb1e65fa30d1d9efbe4461f6c6e9a18c71b8b1bf8eae137f3b1395be1709a1458439251829817cf495e820222776f134b458fe65e375400360808908bff5001ac5f3e8cca5227256b955cddba711ecfcf8e8682cab38b7fa907fa006a862754a9e31982fe20213d5c5edfd2a8d43131f6eb861335b40af33d6a172f560ab014218b6d83f076a3880541ebf14bcc14c21d8841335f8dc07a8eb1200243d54fab634e3d6f449a288398376883f9d94136100274af3e3b071eae0bd0cbf7fba2d195cb81d1fb75e8eb6677040f37715e3f1bdfe14c3438b0744bb8b3544b36686e450efb09135b94bea2d312d6ef5a0605b62cb7734474d3ce7edc06d9794026ec3f0fbd7892c0c5415b8d7ff1a9951f94535643f1d43f1c58815e3ec19aeef1c7929231dab91c857e7ab4e28dfce40991395f14c7d3368256307e7a9a0c597c3bc4647c08745bb79b058fe82717e0c168f1dd0019c4468466e329bb3fab8a919f9a38bbbf44a93198ecd243fa3b9fdbb6aee9a1d81609feb638db3f8324ed52c7e7678f40fff80c08571f822bbdd46534ec09a784724fda0a9f06be14a8f0edb88e78d864aeba07dcbf6f756a3fcbd8c2ca18fa2d603e444bc0cff51057c8a323e5bd1545e45a2554c9d96b18142720877963b4f235ac5c4179b27677cd3b7a84ebeb12591ecb90304fba559f7200311ef8eda3d1c785a01b9b16a1439a1601aed928ca19eb7c8215ad7deb04f8e015b4ad7ac6aae53529ae95602423d4f9243561c6c17d2fee437bfd67e80669bb109ddc227e8062a5045dcdcc2efe7232696d33358dba053c3014b5d8796fed2a0de8edcf5b741c5af08bd1a812aa04d99c4e2ad83ca326e1d5705b2949279e359358ab1544b4aa25e1255a262e257ac5a4240a413b24702dd94804baed51fa93f0ae1d675ded7843f842006fa00e2b1de601941a8671e6a97535afebd47885c7b0bd3704fba3183a29b0e4a96fefe0671082b5e39bf84d816b90aaa0a29df498faaa0f6bc04b09ff4d52ced0f8c112d43b4202d6f7b578e924618365b3c233e1fd880d2d1e71e6ef362ef16fcc9964b1ab945d265ce87bf0194852f3aaab2ceb4c21a14dd7f854e29b30217e39d300abc1bb703f5cb210de208025a96f5ba523383005531305a5e0628f34b0cc233cc22965acc73b91ebf763b720d0931e5888382f99faa8d22ee8fabef0bcb1f2a014164ce8ab47fe34e19c4c195199cc4f247dffa46eca10e2334a66ce89fae406900d35faece00dc13fa45bea3ca41b097466ed831f090e5b027409c68f44e9bb66cfb502996fc2392fef0dc1f896c7fefc76e7de94345ab86b00586f6b1b700317675ae5f2b4304c59d3168328a3ab7fcc1dbf6c57cbb1f23c47946bda23c78b5750d2019ebcc04305f7a472410cb6a58819274bba6b79f542f3b368417a6cb3219a8bf0e591cd2beecbe58e76da0c553d7475ad5753bd26b04bea1848140263c00f31dec693bc527a4765098c965e0a21234b2f2521825e6d1f9a42ac112c971fa8242b17ac31c13610a2499a403e236de1124340a8f3279c12feddd2143d345a2711485414945eb0fe982cdbc1aae2c5c8c3b7bf463d236e8031ac3d756ec56369efb665dbf9ff25bf37deb69054af273de958797d52a2d58d6218193b165d72d1aa1310c91e4a9b2729e23fef3213b94fbd846e1d8c1d39bbb0a5e4a2aba18b4aa1b01b375b4c9ddb5b81a882b9b5a67002603aa76e663d8f2d3cb15e1e7123f027f0a78c3bdfcb845c5f593c2e5b7bf57e496f7c35043b480814125f37c49b89ad31d22c42136a7893af3cc9f03473ded180ec88b9f745afb09eee56ca6365c03a69495f914e8240e69abae6089b6e6a1e9daf019dab9fdd0636025db9224563362216ea9a7b82dea2f0066e550e9497b55149998321076502120623a4efdef23e48a03914f330e475f2788d3118708bd85f105c6976e9e1201666bed256b48148f30461570b43feb5db1b992a920da36f32d96b81da61b4e3e89ad9cd26c89cdaa0840b594a169cbe32bb27839e85927ba4cbf2f7f7354a17e694329f463a063858dc5c426db985c5023fb0e1d01f8aef008a2c298e86f4a9e57c9c9949c2dc7aff5038789e0a997969d0dc6782d811833709a5e74e53d54adba432e7852b310807b921b554e33919f0aaea4e244b736831662cd4ad13c2d7febabccd179bcec4d4451cd503ca5c32d94289c69681253c92250b41dd9626bcb0be82615ffc307bbd4a6f54a393445f5742b8f3314b6cbee08d80dfdd6f4636e47a632176a910889ae306b571ecece378fc0288e26454af959c5d5fc53f1afcbe167af10127b25a9ef2dcaee3be5efabcbcc4b8f389ffa07e2496cfc42aee3151fc38303a4a21ce86ef0b2cc7fb13fe8e28c90d2b07ead02b498722e56d156a9056e85bddc596eadfb96041b8e5dd76e3b84f15651efdcde7af198fb0fdeb31f287ae764539ff4144ec742b4f3dbec35075d13bc077ac24e46ca2eb5e2b6ca18294f729da647234a40017f072658db78acae646a0d4d8c56625354eef00a3defe93568bd96eed237378c17972886f448081747263979e3eff7ba3830292f788e43750fafa86a925d41e60eb1d61e27605ececeded557a89db397f738feb9b5861b67a8d8ebae8ae811cdf944a5602e573ae7aa795558aa165239d0dfb219d8bd1dfb665fea29ebdf8e53dabe21", 0x1000}], 0x2, &(0x7f0000002100)=[@rights={{0x20, 0x1, 0x1, [r44, r45, 0xffffffffffffffff, r46]}}, @rights={{0x20, 0x1, 0x1, [r47, r1, r0, r48]}}], 0x40, 0x4000880}, {&(0x7f0000002140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002380)=[{&(0x7f00000021c0)="e9712f383a4ff73207bfca3f8cb3bf8efb7cdcdfac0643e8ca268af03c9a5831c6ddf86005719412384e34e3663d897157cb22dfbd50a6792575257a1a0459d534762c9e2b192a3f3b9c84fd0e19a9d726164b34bd2db8c667b2c987f2112ba825046e23789c5d13a810a1cbd195d96e82a4c44d60fb74ff6eab50c11d91a62dc02d97418bfe79516616b7e63eaddc77a3d0e2b3baa0dfd2dbf253e3578a5e2ae14eeef673e68f71f73aa518638b664d84ffc06b2fdb8d", 0xb7}, {&(0x7f0000002280)="f2a8f912827ab3656333555d74ab98529640d951f1c3ae2333f311d52ff68a88d128c003e96891bb6bc3e8615c2c49fc84f7f9398ffed5be7c761c39309f894aa9", 0x41}, {&(0x7f0000002300)="2edf029e4c47987c7fd638f9e1f8312a5d7b6139e636293c88dc320258c14a5ddfd9ca8d66fd60157c8d26703905", 0x2e}, {&(0x7f0000002340)="185c3de6489e11e622e9634261aa38f8ff5009ba1f6ae2074e84bc5863b6c2a58e", 0x21}], 0x4, &(0x7f0000002440)=[@rights={{0x1c, 0x1, 0x1, [r1, r1, r49]}}, @rights={{0x28, 0x1, 0x1, [r50, r51, r52, r1, r53, r0]}}, @cred={{0x1c, 0x1, 0x2, {r54, 0xee01, r55}}}], 0x68, 0x4000810}, {&(0x7f00000024c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000003640)=[{&(0x7f0000002540)="786139ad26f8d12ae84ee1d79e4f741e9536a8cd7d56249438221e1c8b403dfc9a4137d413f6a433883f0dc442f7366e5e012297e68affd376e327a5fa236943458374e286599913742b07f03bf515627edd9c5bb57b4f3300bb3293be60f84d9649f828808a4bfe6c1eb63c231d2ff48aa61744eb85a5cee4a816d74c3290340c3a513edc838faa206e6a23fc226bb175fd9703c8a5530963c6c643bee526ae8babf3879bf425f2453972f981b1ebb11b79047eff8aeb5faa1bd6fdebb90f59cf9f57d9c508a89fb47733ab2cf4c2d0af6a3456c1e248f0b528260b4b2f6c17e12fbd7f53f3aec5c97905efc4cf8faef4d49b70f5d6471144d131e784983630e4864a670f8cbbe655c5ffa7a0c99f053358c936a9223c3c42e14a08d88de2fd89f1203cb570934c5c5bd53bc6b5f2740a046457c4d550ec230190d2a2cff6451f80e48762c2e34b4a764f75a7ea9805812c8be7ed16adb60d0aaf17284beb4827a14f3b682d343604f593a95bea62456f03a4429c110e84f66d1c5273b1d8ddf77843f590a653ca526c11f9028ff201cc27c312537114cd0fae343a4b9df9fca0b7a6edc36b04a93d7ca4ebd2f3ade20cefc01e50ff141a1686a3dd5d42f1253a6a3247494fc80621572bd7b2d336abbba4a2827ee4da0914fefe929f4f7525c7624adf0b53420cd9241da6e8205d95a64cbfeaca597a8b4be3cfff1ab156a2e65ecb0a3ae6d796e969009ee21fcd5f1fef3ece3bbcec20be1403d53fdcb0f8b3fb425f56e065aab956052362590ddbe2b565edd23342d0c6d15f056cc50b43d027a7c4e3c08b2405455ea75f62afdb4e02ec2b49b31bfd179b53543a543e1066bbdab1e0bf409604eee14d679d69817fd06fcc928cc26c5823121fe999e7fc87a6d8b738404497c304325f49a92036df1a102a808f7acaad79120b1d6cd33884400a496cec8488f8169e703061ff77da3d125b69129f04646f0f634bcb40442c051840a89cfe8138ccc3c7fa8c367ccb51ae1ecdef1eacae372f7709430843e60de27f050d8efa787f22fbb50a01ea235e6512855e5da6d2a068dc8b0fcfe8419ad35adef04cbfc5bddd50b00663721bebdccb95254682b1bf67ec58f1789cfe77c803d6e35ba197f1c02fca02ac6062e85204419ed01bd3df615153cf70ee0b9f35b8e180f90b4acbc023d5fc73ff186c979d9a2ad1cff6362ce23f95939361996afcb7059971c31743f41eda59726930f183d41cfb83774ff6badb499bf3729f0c243c25d91ec82e5ed9d4dc0ef100ebfe9d8d882c679854d7d42e40ef3fb6c4a173ec63dac440fdeeb9f6b67155641027f85f19a29192a72dc7bb1caa271929787a899d49a3faf8196b4ead11b048d147b451b620f5ee551f3779d2692ef50e473ec520b97019c0313107fc44d46ba91f36f019da9ea9adb96e99ae06a2a1ca4c287e8a089a23778b3bcf39f2dbd801b8245af20a6246699a3a92a22b9ddc4e32251a5d2b67dadc971ac08e9d3340a1f946e8b1ed70a096835f7f3f2874c2adc75d5884aaa93ff0854a71b065173bcb8900125b0c45ef1acadbd52c9e5a5de376d18472c0ba39f6d50f010cf5b3839f67a5b8a4265786c6ed82d1ced20d6eac8f486339c7b4d97d725913e8257da8d88dde587ef69fef2734cb9edf1fde19a8afe15d18ad32adf6fb3737dd1b3e42a3f0eb270761f25f9451290e35c7d8103fc207b7a0b0a78074f59564259d29f789f50b074b09a1c70c17030435a99957208980f4964de4f920b469e0990949480638c7cd3fea67ea2bcb4f9eda34c91575f28c2274a1d3b4471de9cf9926e1e0b326b53b1d8e6d0a33dad607107d1fe1f04160c15873432f0a3195c6c81ef7ee8a6dff153809da9f0954a15dc8d183402320fe5477ab66efc291396a80294bd227bf4cbcb52b7d4aa7cc11594099a6b10f2568f05e1bd202cc6a7be1389eb9453aaf0cf7caf47279a0e32e0179a9f42a4ba33e891445be4946f5b7857d2e35f5c0b0d1e734549a933bcec52984d7301cde916e5f518a416ab04b09c712df384ab0454a0c2ee8a369d9d83bcdcb717dd7ac9fa8f1c079240aa288700368a8300902c29624b32327f6772ed1deff190fc804ad3231e069d2d026e5ebdf1227aa8455bd170821fee639d1f5e3a9d0d9c00dea79252ba8032b64d8e5c205103099da3d6e52a5c506347be20ed90579c0400a592eaf5284c18965249e288418c1c5f029a49317e24d62994e41aa6830f7140536c93220cea9239ad03b5b9da29d3d2d605910182f155513a9312be87023cb151f4f3ed6c4504ef5d5e29c4a4c1c72a76934805afbc1613c9d07fd1e0dd57a087860c9692331ce4e11baa4bc9eadea9524928bef7784e654cca675f7adf2f0e2bc1d095692de948b19863f768e9b12fba6dea3c96b96795b358c2036656d3d1bc182c9bccde8219a3ee9da47c27ef51c3f52584c1718ffebf725593ed57516dd994b26d0ec67fda568d042b9047cc1e855e205b0277f59fa04f184cbfff1405234371a30b653abdc34082dc1c40e1b63fdd5a02c8d9a63bfb601f3f8cce840d89d4525f2566c86a9717773ffa3a3b8c9006436fb5c2588957c27a35e2eb118e57aa9992a65c747834db7224472793f1a3efd97710a36934e661fd936d26cb3b21fec7c85ba03c99c319200c40e52037f3cd58b5b65315b81cface9acc76bfe62e9caf5d9ce3ff06c6d33cdc63c04c4057577750273fdd0d8a2b2186d8e22ed0eb623e7029bdd74a8e60611f521f8c518a209dabe8110283b582ae08010354d21210ece02e43e9946c5b06d58d41fb377cbcd7a93b13f62c27e6dea53f1b6a940c07edb6c92d56146e0afaad76d0a6ad68e6b325b2587fb39732efac79034999f79c442573a68ea0a450eb997aa373bf1977e43491859bd85b570d6f83241e6c803a5c661a5b2a4064826055ba0fdf2429b3469d9167e63fdd842567218b36bbc77339516652ff5ae7b6807b685d8366da392b2ba284b0018783061f21e3287299363293f74359b6c332925e9666b46f0207292428cee7eacab0b987a854f5d5cadeb270f1cef977f20f830026e8c5c27077de2d72631d83ead189cfdbd5109facfa79844ab9698a113fe50ba0bcb4f4e67c63b1617f0f11dda11ee8219ec0ee468e0e09f0fd005fe1ef4742c9c82ddb655a169cac3467a374dc3ce7a2e4f282bd794379dc5808e737d22298900db4ccdd34b6d53f1782a2eed55a658ca5eec27f497c1c439ba1214bfb2a48862a230407e1c8daeedb3c41f9666441e04e853fd74613b11313af4fc6e8fb89876285e261a5bf2dd79a59d9c2ca265dad0b6db8b8dc20456401423ccce1afb5aefda9bc19f7ce3bd96be29faa0003307a7c62a6aa5bec2680ed3283521a6f22601399684fe3490b6dad8f5516e2721f2d2a644e3354665e8af1397ef241e0a3c1e3d185ec0e3e78435a58413a7c3575fb48672d6d1a1a7479e6eb426f6cf5d0e77fc6b48f86618a27a3fe4ffc1ec342227be7e6f3be44cf519e18d23b0dbd6fdd41c6b4ab9f33b46d06a52d5aa08a13b979ae5c6814a7b380ab3b2e86b1a890b7ef2549da34d97aa9b96583126958fb8aceee902f0ba4e093066211034fe4bc7518f778e31ce5643d462f56b3e9f32b5bdafc4514f4c1f72ec86fa89d003be193eb7601ecaeef5ec5194fd726958e3a94f20681fa4f6c884b3dbeb7d4bd67ad3e43b8d69f6c01d2add3c4d96fac8e18c8f887a1485e1d31e2681c86f085997de3fe2b7c2e9e907dbc2cc58dda5f79e2467e801992ac59536687fde3e787382c1efc4e9e0189f1f7b6712106f327a9123ef89f98f9156fa4cb32a54007caf79dd37ebf41569835ccf929e872d5757c27b40fe26ffac21a68dd815ab1828e6d69a8e6dae9fe1cd26d9e4988d392e49555b4c31791936e102583567ea72cddb0a10c8f3c2ed446322a169e2f260010718465c88ed24453b91434033376b2f76509a84fb3d51c92bd166f92284fb22228064b45f74df6e116d6614d9601460b3cbcf389a661af3b917e2b867be474d9f7eed6866e338b3018cba6cdf087a9593e1e4859ced3c6b1149bafddd09d9d3f22f4431d1628101b88457e4f0500d499f51442fbfc9f831138fc1d2eaa05ed54c779cc793df2b2424fa3815b6c8c66d5d90154cc60e1cf51ca30fdb051b0ae0de4d5278ca4f77a21cf560908adedf8a2ed580fd8b4b980c7413910add25f400afb720a3625699d32bec6ba3bad3a8d3497dc4b5d78325333cd78065ce67193f49d8a841d351e4e646b6d5ec7c88b15839867398658f3afd1d6537feba7b9236253abf963aca938eecabc0101e09e92f5e158f43c7d1e58a5ede0c822533f95864987759036b78361621ea47874635d6f82054811faa2ed3aa573ed066ae0b1c02ee636a1e61e8656ef121966b4f2961d6aafddfbd0386854bab2751c4112e10244c8dd26e9eddf6b91a7a211eee3ed71fba80d4a85f935057fc59b9da5b8fac7c540ef4f311184550867b48cc7470629465b65427b2aa1a19104bcd1229311e5006e035b5e5b212bea157eac78367e15bb1328e06344637c047d29cde20d8a86cba640978a0d17ae0923912d34c2d4d988ef6035a243f82da06af37fb9879a0716ee5acb770adebc97240ff440ce08cc20bc86c2ab3698306c21de8fcecba2ce95c75fd92f52190f86a196252baf742b00272aa8a503317eabc3d5e974b6041f2da568e6ac67d0730ebb6212e3e5be02ffe27e507a24d465def0583d5c0747e2c536c86fb39e10fd5038ca6bbd87ce62612b7572c0ba64c87105b0489cb51307a1d0786cde149c1168eec5b883041a561bfd08910c06809c71f149ca51a116157846ee04888cea5bdbd10331aeebb42784b8da95b0e04d15d333fe20613c110e181ce1c375f66aca6d47c2bd58dbec400358c7c22f250c45b789e34f4a0565910a0e203f08735ffbc182cc3edeb6a77f9b1e923d270d2e509a16423b3322279c5355589e38649647c131c66ffc105d63087bbacbad365ca8ed84e461b4eedbeda158493bca25686786753a7c6dc77e801695a01492a0195a38974f68747bba7f9d1a5d40023235f04555ff8323f1ea9beb68f2d1190fabadfb1518589477ea5b8d740fa37eb8894fc33db820b8718ae04a0ecd1163537ff750d0246224e0fa121e6a8f121c09a92f74820790d72fbaf460961cf57b26ba7a02311128e8289a53ed818d3f588f67e2ab2679be2daf10981ac058e8a765b79fcfc8e76e2250abe31dbb5ab0a437473c37fcaaa322f7598bade618b20bee4b158ce25413c049ee3108e08fa1b00e80adfd599bd233377751390748b6384d88dfb16d1061e7d98e6cc08a5dd34eab5236b85e931982495b6df7b8a7c3c8ea16274c8e12f8f30e056dd10bd71926de5236be5c315c9822f486f0ca38ac703da17ce4b0331c89e84e3a26573d2a11ba4e128dd9c4842b4955436efd400f940a6fe66b38d5a91abe09017a463469ebe7bc32d1fb0959169d440b081446aada16e8f571a1bd86ec6b3010a7a9e7ec637c52f698e7054011a90bfa39490334155d7854e35a7b7c56eb3ee8a9d97cc96d4b99c9257443f50ea62b8a465be207642ce536d30363d5c57591d5ded3301c76c86307d89a24a4f5f0c31d0e833e1b6b18ffc831e8353768360efb5c2642e6d6980fb3f4429ae717da9ffa2e11818bb8309b02af3723ed73494cff98170bd133129954a0b49ebf5dac0113159b100ec39bc1356aa67ef4459347637ad98c1dca2", 0x1000}, {&(0x7f0000003540)="f1f4b6bc4ef5e18b698ddf63e331419c0a1ab8b620dc40e9520f9412fc02962ffa0ef11d32167d958c8945437400ae838d014f7b652e5a", 0x37}, {&(0x7f0000003580)="b88742a4231282198c1c96821118d3511e190489099c7b65cce47f27ae553514010d0428e7f6aac1e1b4e5afb56b657be8a9c8cd69b9de84f79cbdc189904968915665b5dbdaae2dd9f7e31772a419caa95c908f984de4dcce87cf8f1a8fe45ff50cffd7cb8749b242c474055dbe4abf4936ff6cfb3e7fd0c4", 0x79}, {&(0x7f0000003600)}], 0x4, &(0x7f0000003840)=[@rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x2c, 0x1, 0x1, [r56, r57, r58, r0, r59, r60, r1]}}, @cred={{0x1c, 0x1, 0x2, {r61, r62, r63}}}, @rights={{0x14, 0x1, 0x1, [r64]}}], 0x80, 0x40080}, {&(0x7f00000038c0)=@abs={0x2, 0x0, 0x4e23}, 0x6e, &(0x7f0000003b80)=[{&(0x7f0000003940)="0ca81ad3cc1b7a7cdd49928fa3a0666473817c369a0e23f2f1661d09f361af63e8f2564ecf8ab1d4e7ddbdeffc9c68c921bd88bda87eda5345f791dbe355dedc6b156e68b69071f637cf322c8ff8362d4b64340148cf65d395d5ffae2998de9674a9147afeba220ee3fbd5eaa2f176584cfe92989969af2ed0f1edcb9fb265ad79b988703392be7a77bb39d922573560e8bd6146afb231194004dd357122cb2304fd9d7aea7cb386d95435d72d1bac46d501e58aa8f3aedc149209464e12", 0xbe}, {&(0x7f0000003a00)="d44c0952b4931f8f16375e4b40383ed2f3b4372174ea173e69bee2eeda862ebbfb939acff6ee534ac15e5127d013bf553ed0a4f32faa3febe2acfdfbf524783ecbce1f05e46aeb2b1f73f5b8a8151d7aa09c3466e8fc6f46615c9107a9", 0x5d}, {&(0x7f0000003a80)="cfaf281a1821d44b6948b957e1f09b435f755380ea85f208ffda598084f9d8c1d74d212ae22d685ba0a111b828b127b2d2a516017847ef1c6ed4f1cef71dfeb2b4aef2af91c89eb6230ffc0806a534d2a04b58d4dadc949982c476884ed6a203f5e9fb2983df8dfd5155fefe5a2a8002b9372566816a2a4f3b39c56afe497ef8859a882c2099756c0b6491f09235610970195e957e0fe2857b64245f9ca91c918412b1e50dd59eeea41e7c1119199eac639d8955404e92a6f4cdaea4a5660ea8125035881c51cd28309eaa8463001fc115be3866bcfd44ce775d351f376f06682a3e2fa42e94ebd20f84c1f10a8a", 0xee}], 0x3, &(0x7f0000003bc0)=[@rights={{0x38, 0x1, 0x1, [r0, r1, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, r1, r1, r65, r66]}}], 0x38, 0x8000}], 0x6, 0x44890) 04:50:59 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c40000005f3f000000000000000000"], 0x38) 04:50:59 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 734.695781] netlink: 'syz-executor.1': attribute type 16 has an invalid length. [ 734.704197] SELinux: ebitmap: truncated map [ 734.720362] SELinux: failed to load policy [ 734.735742] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 734.782375] IPv6: NLM_F_CREATE should be specified when creating new route [ 734.855573] SELinux: ebitmap: truncated map 04:50:59 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="000000008a768a7a2a372d6cfa2896ef3bf5c4ef14ea4d2e3023f4c2453935bf9191ecc521cc6e340189a9f3b3ac74f6c2e1a63dc1a92cccde95b710ce2744803cf6b6bfb650dc3ec4628a1e79017695c152da55e09bce189dea25920bc1eccd4e8ca1320d690335cdb82f8bbec4a2af78dd685bd26f5dea926fd571289c6082e491e46358b6d5530fe1ad89a8593c7f8c53f92529d07030aadf4ca3ade137f6deec6e17b6c3cacddeed3c184768c4c1f8244f34e7056453668c5197ed548b8c5daa79a4ed765512ef7d0551880401a00764091976d858cced2a11021e25f9255be30ec9b5c1ae8f6ba30c6a6747980e58846982f485917129778377ac11d3c86069df7f501a9141892e8d2d99acb80610507c4b4a4120f47eaff03e2940961d0092ae95193ecc0d39ddb0b770a01619aaaf913bb1017c", 0x5c) fcntl$setstatus(r2, 0x4, 0xa1a3f945407a2941) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') syz_open_dev$usbmon(0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0x10000000000443) [ 734.881286] SELinux: failed to load policy 04:50:59 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x2, 0x0) 04:50:59 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c50000005f3f000000000000000000"], 0x38) 04:50:59 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 735.043479] SELinux: ebitmap: truncated map 04:50:59 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x4b47, 0x0) 04:50:59 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x13, 0x10, 0x3}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x8, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x10000000}, [@map={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000440)='syzkaller\x00', 0x5, 0x90, &(0x7f0000000200)=""/144, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x20}, 0x10}, 0x70) [ 735.113559] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 04:50:59 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 735.191771] SELinux: failed to load policy [ 735.201814] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 735.237476] CPU: 0 PID: 19031 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 735.244454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.253810] Call Trace: [ 735.256509] dump_stack+0x172/0x1f0 [ 735.260151] dump_header+0x15e/0xa55 [ 735.263877] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 735.268991] ? ___ratelimit+0x60/0x595 [ 735.272887] ? do_raw_spin_unlock+0x57/0x270 [ 735.277309] oom_kill_process.cold+0x10/0x6ef [ 735.281817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 735.287365] ? task_will_free_mem+0x139/0x6e0 [ 735.291874] ? find_held_lock+0x35/0x130 [ 735.296038] out_of_memory+0x936/0x12d0 [ 735.300040] ? lock_downgrade+0x810/0x810 [ 735.304206] ? oom_killer_disable+0x280/0x280 [ 735.308793] ? find_held_lock+0x35/0x130 [ 735.312878] mem_cgroup_out_of_memory+0x1d2/0x240 [ 735.317736] ? memcg_event_wake+0x230/0x230 [ 735.322071] ? do_raw_spin_unlock+0x57/0x270 [ 735.326494] ? _raw_spin_unlock+0x2d/0x50 [ 735.330654] try_charge+0xef7/0x1480 [ 735.334377] ? find_held_lock+0x35/0x130 [ 735.338454] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 735.343305] ? get_mem_cgroup_from_mm+0x139/0x320 [ 735.348158] ? find_held_lock+0x35/0x130 [ 735.352229] ? get_mem_cgroup_from_mm+0x139/0x320 [ 735.357099] memcg_kmem_charge_memcg+0x7c/0x130 [ 735.361785] ? memcg_kmem_put_cache+0xb0/0xb0 [ 735.366294] ? get_mem_cgroup_from_mm+0x156/0x320 [ 735.371149] memcg_kmem_charge+0x136/0x370 [ 735.375392] __alloc_pages_nodemask+0x3c3/0x750 [ 735.380069] ? __alloc_pages_slowpath+0x2870/0x2870 04:50:59 executing program 4: ioctl$VT_RELDISP(0xffffffffffffffff, 0x5605) r0 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_coalesce={0x28}}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$VIDIOC_ENUMAUDIO(r2, 0xc0345641, &(0x7f00000001c0)={0x1789, "6d8eb02dec307d75d1f183d0e6dc87377a556f9e8f3a99a159408296027c5b9a", 0x0, 0x2}) r3 = syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0x8, 0x48181) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000680)='NET_DM\x00') sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x14, r4, 0x200, 0x70bd29, 0x25dfdbfb, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x4004041) sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x2091240}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, r4, 0x1, 0x101, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000000}, 0x43357d25e9359f0b) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000004}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x40808) [ 735.385185] ? lockdep_hardirqs_on+0x415/0x5d0 [ 735.389780] ? trace_hardirqs_on+0x67/0x220 [ 735.394111] ? kasan_check_read+0x11/0x20 [ 735.398276] copy_process.part.0+0x3e0/0x7a30 [ 735.402813] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 735.408197] ? delayacct_end+0x5c/0x100 [ 735.412184] ? __delayacct_freepages_end+0xe0/0x140 [ 735.417203] ? __lock_acquire+0x6ee/0x49c0 [ 735.421456] ? __cleanup_sighand+0x70/0x70 [ 735.425705] ? mark_held_locks+0x100/0x100 [ 735.429974] _do_fork+0x257/0xfd0 [ 735.433442] ? fork_idle+0x1d0/0x1d0 [ 735.437164] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 735.443053] ? kasan_check_read+0x11/0x20 [ 735.447210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 735.451975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 735.456740] ? do_syscall_64+0x26/0x620 [ 735.460726] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.466093] ? do_syscall_64+0x26/0x620 [ 735.470082] __x64_sys_clone+0xbf/0x150 [ 735.474066] do_syscall_64+0xfd/0x620 [ 735.477879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.484031] RIP: 0033:0x45c3d9 04:50:59 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 735.487230] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 735.506229] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 735.513952] RAX: ffffffffffffffda RBX: 00007f5e2cafa700 RCX: 000000000045c3d9 [ 735.521235] RDX: 00007f5e2cafa9d0 RSI: 00007f5e2caf9db0 RDI: 00000000003d0f00 [ 735.528532] RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa700 R09: 00007f5e2cafa700 [ 735.535808] R10: 00007f5e2cafa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 735.543091] R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 [ 735.550613] net_ratelimit: 8 callbacks suppressed [ 735.550621] protocol 88fb is buggy, dev hsr_slave_0 [ 735.550677] protocol 88fb is buggy, dev hsr_slave_1 [ 735.550774] protocol 88fb is buggy, dev hsr_slave_0 [ 735.550820] protocol 88fb is buggy, dev hsr_slave_1 [ 735.646807] Task in /syz0 killed as a result of limit of /syz0 [ 735.657506] memory: usage 307152kB, limit 307200kB, failcnt 3971 [ 735.664266] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 735.684516] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 735.695018] Memory cgroup stats for /syz0: cache:0KB rss:232020KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:232172KB inactive_file:0KB active_file:0KB unevictable:0KB [ 735.725032] Memory cgroup out of memory: Kill process 9497 (syz-executor.0) score 1113 or sacrifice child [ 735.736527] Killed process 9497 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 735.751703] oom_reaper: reaped process 9497 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 735.754588] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 735.775788] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 735.782077] CPU: 0 PID: 19036 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 735.789030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.798386] Call Trace: [ 735.800982] dump_stack+0x172/0x1f0 [ 735.804888] dump_header+0x15e/0xa55 [ 735.808591] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 735.813679] ? ___ratelimit+0x60/0x595 [ 735.817551] ? do_raw_spin_unlock+0x57/0x270 [ 735.821951] oom_kill_process.cold+0x10/0x6ef [ 735.826529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 735.832053] ? task_will_free_mem+0x139/0x6e0 [ 735.836556] out_of_memory+0x936/0x12d0 [ 735.840527] ? oom_killer_disable+0x280/0x280 [ 735.845028] ? find_held_lock+0x35/0x130 [ 735.849092] mem_cgroup_out_of_memory+0x1d2/0x240 [ 735.853922] ? memcg_event_wake+0x230/0x230 [ 735.858232] ? do_raw_spin_unlock+0x57/0x270 [ 735.862663] ? _raw_spin_unlock+0x2d/0x50 [ 735.866805] try_charge+0xc4e/0x1480 [ 735.870516] ? find_held_lock+0x35/0x130 [ 735.874731] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 735.879591] ? get_mem_cgroup_from_mm+0x139/0x320 [ 735.884426] ? find_held_lock+0x35/0x130 [ 735.888475] ? get_mem_cgroup_from_mm+0x139/0x320 [ 735.893319] memcg_kmem_charge_memcg+0x7c/0x130 [ 735.897977] ? memcg_kmem_put_cache+0xb0/0xb0 [ 735.902469] ? get_mem_cgroup_from_mm+0x156/0x320 [ 735.907307] memcg_kmem_charge+0x136/0x370 [ 735.911549] __alloc_pages_nodemask+0x3c3/0x750 [ 735.918930] ? __alloc_pages_slowpath+0x2870/0x2870 [ 735.923942] ? lockdep_hardirqs_on+0x415/0x5d0 [ 735.928511] ? trace_hardirqs_on+0x67/0x220 [ 735.932820] ? kasan_check_read+0x11/0x20 [ 735.936957] copy_process.part.0+0x3e0/0x7a30 [ 735.941440] ? mark_held_locks+0x100/0x100 [ 735.945670] ? __might_fault+0x12b/0x1e0 [ 735.949745] ? __cleanup_sighand+0x70/0x70 [ 735.953975] ? lock_downgrade+0x810/0x810 [ 735.958114] _do_fork+0x257/0xfd0 [ 735.961561] ? fork_idle+0x1d0/0x1d0 [ 735.965266] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 735.970007] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 735.974758] ? do_syscall_64+0x26/0x620 [ 735.978715] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.984062] ? do_syscall_64+0x26/0x620 [ 735.988742] __x64_sys_clone+0xbf/0x150 [ 735.992717] do_syscall_64+0xfd/0x620 [ 735.996678] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 736.001854] RIP: 0033:0x459a09 [ 736.005032] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 736.023920] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 736.031629] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 736.038897] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 736.046241] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 736.053668] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 736.060921] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff [ 736.069441] Task in /syz0 killed as a result of limit of /syz0 [ 736.075471] memory: usage 304888kB, limit 307200kB, failcnt 3972 [ 736.081767] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 736.088622] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 736.094762] Memory cgroup stats for /syz0: cache:0KB rss:229984KB rss_huge:194560KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:230028KB inactive_file:0KB active_file:0KB unevictable:0KB [ 736.115753] Memory cgroup out of memory: Kill process 9527 (syz-executor.0) score 1113 or sacrifice child [ 736.125632] Killed process 9527 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 736.137922] oom_reaper: reaped process 9527 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 736.307208] protocol 88fb is buggy, dev hsr_slave_0 [ 736.312475] protocol 88fb is buggy, dev hsr_slave_1 [ 736.317185] protocol 88fb is buggy, dev hsr_slave_0 [ 736.322600] protocol 88fb is buggy, dev hsr_slave_1 [ 737.587242] protocol 88fb is buggy, dev hsr_slave_0 [ 737.592399] protocol 88fb is buggy, dev hsr_slave_1 04:51:02 executing program 5: r0 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x7fffffff, 0x400000) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0xff, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) write$binfmt_elf64(r2, &(0x7f0000000840)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x60b6, 0x0, 0xffff, 0x645b, 0x1, 0x3, 0x803, 0x225, 0x40, 0x74, 0x600, 0x9, 0x38, 0x2, 0x2, 0x9, 0xf9c}, [{0x9737fe78df36dd0c, 0x3, 0x8, 0x8, 0x6, 0xe6, 0x4, 0x6}], "f388057546552da9825cc68b721a827edd47d837087b372824a382d08c53beceaad06eb47ac3aee68005d0ec2e83e5cbd024713527a87093cddd3f610aa56dc1e4c7de8afd33a4c54cb1ddb863e6c061d10375ee6ecbc45dab0b0b8204c0d35c1384d90f4ded", [[], [], [], []]}, 0x4de) ioctl(r1, 0x201000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") syz_mount_image$xfs(&(0x7f0000000100)='xfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x2, &(0x7f0000000800)=[{0x0, 0x0, 0x8000}, {&(0x7f0000000580)="9a6f60df17853a3b469301cb2ce6130d151a7ddeb77395329e433ca80a68d66e2308685f390338ec1d8cbfd67bb5c872a2ed3db29b19ed6d208911be5ab8615e9c553883d72895fec1230752465d37619cf4e1952d30a407250cef5ede77d67ffdea560b58550e9d5be644ec2e2258c267d0dfd4fa1ef6578ba040a60accbe5e5dc625ebcf1f926fe205214bcdfb02a0d9b96da357b5a38bbd2b148a1e61cb9e4d828e9da8c3c5dcc780cc", 0xab, 0x7}], 0x0, 0x0) 04:51:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$can_raw(0x1d, 0x3, 0x1) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x3f) bind$can_raw(r1, &(0x7f0000000200), 0x10) setsockopt(r1, 0x65, 0x1, &(0x7f0000000000)="000000006ddcb540", 0x8) 04:51:02 executing program 1: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x160, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000040)="2e360f2b99dc00660f71e0ff0f01c80fe0b41e002e0f01cb0f01cfba4000b860bdef0f58bd00000f01b100000f0118", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/load\x00', 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000000)=@generic={0x1, 0x6}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 04:51:02 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x4b49, 0x0) 04:51:02 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:02 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c60000005f3f000000000000000000"], 0x38) [ 737.726826] SELinux: ebitmap: truncated map 04:51:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001091902efff07000000068100025b0509000200010100ff3fff58", 0x1f}], 0x1) accept4$netrom(r0, &(0x7f0000000100)={{0x3, @rose}, [@netrom, @bcast, @netrom, @netrom, @rose, @netrom, @bcast, @default]}, &(0x7f00000000c0)=0x42, 0xc0800) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x40000) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000040)={0x1, 0x0, &(0x7f0000000180)=""/4096, &(0x7f0000000000)=""/51, &(0x7f0000001180)=""/252, 0x100000}) sendmsg$alg(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000080)="80e54d7fd88851522ee360bcf66c", 0xe}, {&(0x7f0000001280)="1dbaac6f2d68f0877f44f56e7ee46753bb6625066d33494dfa07182e92328a65e9479c9198560ef39ff521ddd1cc4d93f3b04dadc56ec94ccd0d1e84be488801e4a32cf6e4312afcb3de8a8c200e4a94f3cdefb59e31c99ed640c5124236465e0424ce3951e4a23ad75d87f3edffa4845aec584837e93ea2845e0a73c8e8c22a59fbd60c341f76b440170a6b94f4cc53c3ddb57dd56a4d6a15e94398c789c88e030fcdf72e1231e92ee699044634dca16b2e93946337ea15f5e2db767991e45681866bf1cd70a90b916128", 0xcb}, {&(0x7f0000001380)="17340bb9ff20e9eb1b66f05a6d1916c79cf88457a883a1acedebb0e7ef3e745256b91961470fd2a51db0bc640e4a2c5a2c95b1fca01173ec1c8a79f0ade6076294d9e4e019e52735b4540d9c25722bc015723b4877b2d2a56087e2d4dda5f901fe99bdeeb80a204983fb231c6af2cf559d33707ae8c802340c598766af77c540df8b7e403da8f174d1bc9cb6e8cd79d3396b08f12eeba0c60dfd617a3f5d6ea9218edb18919053b45cd96103cda60a0499", 0xb1}, {&(0x7f0000001440)="7c4a51be08f3ab1f1628f8100964ad4c2b1037b7e1b9392b22b2af3e51ab2bf82d7fe9910534e7ab797bb9308e883f050aa0d9e4e8caaec65debf6434cb45179642616a865ace01e9600d62fcf4b3924787e0d8417e84bafa08c221593974560824080d44051af3059815c1975b8da48b0e0d0b669b874c89b51aa1c7496abced5c867636acebf4a112a613b2cf55bc50b2c3c091a68ce15f3311a365b900fd346c753547d9d2a509ad16aaf54d61616ede90b9a384030f90c7061223c6e3980478ddca105e5aacc450e13ddd68381", 0xcf}, {&(0x7f0000001540)="195563f0ba445c1cf23b0cfd452aaf6a11e2fc5000922567b1e026f5d12ef79c1fea14070579a9d290f90e0bd677aa2ae661a7fcce83e19f7258988cc8637d42b81b0ad501c9a4d5708112ed07da420f4262b39597c4b842c1f9d245791baecbb0b22fdc75acbebbb2008f92ad0d3e5b", 0x70}, {&(0x7f00000015c0)="c02736b94aeb9bc7a7a0aac19c0f554bea0aeb915ee8985929470f30ad9e83", 0x1f}], 0x6, &(0x7f0000001680)=[@assoc={0x18, 0x117, 0x4, 0x3}, @assoc={0x18, 0x117, 0x4, 0x8}, @op={0x18, 0x117, 0x3, 0x1}], 0x48, 0x8080}, 0x480d0) 04:51:02 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c70000005f3f000000000000000000"], 0x38) [ 737.767910] SELinux: failed to load policy 04:51:02 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x541b, 0x0) 04:51:02 executing program 5: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x2010, 0xffffffffffffffff, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="953d4e7c229b4f78ccb1beda948e7f9272f80808f415aab2e0e981a872e95a6e9486e5d44d97fa42cda94ea3c4f4d2e53240219ebd1662eda4e8c100a258beb08e7e457def23f31c91adf772d2eb928f3af04f76"], 0x54) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x2, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xfffffffffffffff9) 04:51:02 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 737.939981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2305 sclass=netlink_route_socket pig=19092 comm=syz-executor.4 04:51:02 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5421, 0x0) 04:51:02 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c80000005f3f000000000000000000"], 0x38) [ 737.994536] SELinux: ebitmap: truncated map [ 738.006377] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2305 sclass=netlink_route_socket pig=19092 comm=syz-executor.4 [ 738.031476] SELinux: failed to load policy 04:51:02 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = ioctl$TIOCGPTPEER(r2, 0x5441, 0x5) ioctl$TIOCSSERIAL(r3, 0x541f, &(0x7f0000000240)={0x7f, 0x76, 0x3f, 0xffffffffffffff88, 0x9, 0x80, 0x800, 0x4, 0x80, 0x8001, 0x1, 0x81, 0xd82, 0x1f, &(0x7f0000000140)=""/81, 0x6, 0xb29, 0x4}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$ax25_int(r2, 0x101, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r4 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x200004) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r7, 0x0) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r8, @ANYBLOB="2c747970653da0"]) fchownat(r4, &(0x7f0000000300)='./bus\x00', r7, r8, 0x1400) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) ioctl$VFIO_SET_IOMMU(0xffffffffffffffff, 0x3b66, 0x3) setsockopt$inet_sctp6_SCTP_RTOINFO(r10, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x6}, 0x10) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) r13 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r13, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r13, 0x0) fsetxattr$security_smack_entry(r13, &(0x7f00000001c0)='security.SMACK64IPIN\x00', &(0x7f00000002c0)='/dev/dri/card#\x00', 0xf, 0x2) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) ioctl$FIONREAD(r12, 0x541b, &(0x7f0000000040)) sendfile(r5, r4, 0x0, 0x80001d00c0d0) [ 738.138808] SELinux: ebitmap: truncated map [ 738.184279] SELinux: failed to load policy 04:51:02 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400300) r1 = socket$inet(0x10, 0x3, 0x6) sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000400)="24000000230007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 04:51:02 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:02 executing program 4: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) write$P9_RXATTRCREATE(r1, &(0x7f0000000040)={0x7, 0x21, 0x6}, 0xffffffa6) ioctl$VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x1) 04:51:02 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5450, 0x0) 04:51:02 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500c90000005f3f000000000000000000"], 0x38) 04:51:02 executing program 5: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000780), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x1, {0x7, 0x1e, 0x0, 0x424193ac7601d160}}, 0x50) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) utimes(&(0x7f00000000c0)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) 04:51:02 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5451, 0x0) 04:51:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012000c000100626f6e64000000001400020010000800090000007f00000100000000"], 0x44}}, 0x0) [ 738.550240] SELinux: ebitmap: truncated map [ 738.554842] SELinux: failed to load policy [ 738.583966] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 04:51:03 executing program 5: r0 = socket$kcm(0xa, 0x2, 0x73) r1 = socket$inet(0x2, 0xc, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000003c0)=0x5, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='gre0\x00', 0x10) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) r2 = socket$kcm(0xa, 0x2, 0x73) r3 = gettid() r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r5, 0xc0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0x3ff, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x9, 0x4}, 0x0, 0x0, &(0x7f00000001c0)={0xffff, 0x8, 0x1, 0xb012}, &(0x7f0000000200)=0xaa48, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=0x8}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r3, 0xffffffffffffffff, 0x0, 0x34, &(0x7f0000000100)='ppp1keyringprocwlan0nodev\x97procppp0security.\\vmnet1]\x00', r6}, 0x30) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='ip6tnl0\x00', 0x10) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x30) close(r2) 04:51:03 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r1, r0, 0x0) r2 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000000)=@buf) 04:51:03 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ca0000005f3f000000000000000000"], 0x38) 04:51:03 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:03 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5452, 0x0) [ 738.824199] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19158 comm=syz-executor.4 [ 738.829894] SELinux: ebitmap: truncated map [ 738.872470] SELinux: failed to load policy 04:51:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000007ef8ef50e4f65b2fdff7bff0000000000000000e1ffff07"], 0x14}}, 0x0) 04:51:03 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500cb0000005f3f000000000000000000"], 0x38) 04:51:03 executing program 5: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_OKEY={0x8}], @gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x44}}, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/qat_adf_ctl\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000380), &(0x7f00000003c0)=0x4) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="62be48628ea254cdd1bffa60e9319a637c749e3aae6dfbc1db9a2595d6feac6df8d53f10f0032100b2a96bf4cd2f3cc548a01defe3b69ceb9b4d0c8fc1806c0607d8fb199264bb2afc89f015a6bf5577057db557f489bad38eddf5e06cf7c4475d2f972893b244bffa69e4ef11f989172baeb9f71832b8a1a138214b", 0x7c}, {&(0x7f00000001c0)="2abd57415240752e9c9767c6e67a7581ee53b6feb179f4a0337ba09700c416cea054561239ee2f6ea265566f58bfe88761d6be7ac7d05d45e882ba0d6b2bceaf7115ba9d9999ae577dbfc277193b3d689817c9fea14d85c9b13b1ecfe072f2bc6138351bef6116f44201c37a1f56711790b95b665878e80e90eb550769ba19969a00a6e9dc187d880bb297904054e129824ae526f88ca77dabf2bab286a581b26f3a3dd3410c0c90a10eabecb0b72cb0ab5d5fae90379274b29d86785973eb80c30e9ffc4dbc420f41936f01caa1a3e49d75", 0xd2}], 0x2, &(0x7f00000017c0)=ANY=[@ANYBLOB="18000000000000001701000003000000030000000000000018000000000000001701000004000000ff03000000000000580000000000000017010000020000003d000000e096bda52962084f30f3a8123796cdc842fd36ef73c44641a8310ac1cb10abda7cb6c31e7ae04721fbd503edeb5b8c67740aa23a7d0be4a6ddfcaca00d0000000000000018100000000000001701000002000000001000009b35e6e01226b8bb4b7d69c94719c7161f823811937a661f34e0e9abf8dd3e3ef5d17dd94a0e2cfcc8707944b95ed9058159fec9855e8af0a79e8d715d714b141ca5559043f0f32d563d94feba959f81e713b2f060bd78ae64ca93bfca352ae408de4d87cb4e34fc9154f9657a0698338b9fe75c92519732e1db02e3b2b77e9120b20564fe49907e53f2d33d5822e98713fbd7b9e42c002f3259b2df50c13b290351f56f18e9dd63551dff2d66f4550348fd4c4bf2a61f465cbdb5ee6849642e1170a62cf19da047cf4af1a852a5f074d7052b93a4d5cf01247003981659968071adf2031fb0898ee2c521ed7767fc47278946849ee6e64ffaf6ef9551a78589f0652048f9d382ea239353a029c760a3ee911652d8d66e15eae2a6fd7b8cd8c1800472490b1d9192ceedd801deb07fdf77161d1c411c39e95309c3babae8fb706c473f793e074cdea6a54f0765fea5c6b4b4a61aa6119048846876822d283804d8566b71d8e81e4e6ddf91641c101ead9e154a79567bc04ab72fed9214d18457f603b82399fae9aefcdf7d4f687b68b9b0ef937756bbabc9b36ee235534d64ea4b8e1a2d2bfcbcb98a98b22bc75e51267f0abbb088af84de093ffa18abef00079ad93ea02c1b29692c82b64196e5f456e9c3f64caea40cda84a38cfdb5e346ff20c4b5e3bf55802d60d2003b2b8b0c3407ea0765efa074972edf13dd2f86a88fb62953e72882845ba25abbe32caff9fbcf34242385c32d2ea11e78fccfc205413aab363fb4e0269e0892f5de9349541abfb7f3e60e525f39c4d8afa312898afc963a3598fd893e34be57f7af154750707b0e81bc8423ad2ada53455d947b0f40fb9a94b8405fccdcc6ee32be9bf53e57861168feec3f08522f568b8a415b4e137f1cef9487827788ba3073a7f1edd605b1f4cc3d8224eb904c8950dac1b38f855f0580d6674ae80106476c9ccaf3cf4cfefe7f7beaa3aa21841e577d60f2435905cc9187ffbdab163203a4751e43238ca68235d0f1c34e0a452e6668f814771509ee28f5963f2260cc58e0e4209e6a5afaf87e9a0fbf84b38612b251fc67b40f85fc591f4fcd03c9b52e0c7ad2858af18d0374468e48c8e1195749242d90de0a6c766116c1260afc7993c6caa1bf37dd46653fdb1484e24a0f0c2b0c372ac9c5c8b1bb129697e042ffe5c6260a0ed1b285dcbed37ee3d8392aaded49569bd041d59c577b8f070ed1bd2ef36e25f51ffed112ed6c8faf75b7bf6cebad4a74b6bf5cf95b741c7ed1d7400758693ac03bc52a9c3930b1c06bcb927eeb2e8fed5e434df16e0b45cf0392369c90b6d9667a4439051f27e7f8936d6a7dca9ac402f8a7a36970576409f217011682748d7ea0e26f4f46e802bf0762452096b847a29b198f5fa6cfcbdb724aeac27ecee461ce27049c657eb04108d5cfae8d34318489b5e91526a996cc790f4b393e7ab04d8d331a40ade1ced3ab0c09b046b86ad28c25cacba3a061b8b2f563d099df0922e7c7ce63c210bace018f9f05917bade8be58a1fc48fe3095b1421d10475797445ed0afcf17aab20b2f0f2113c2f6adb39d88dbd9c4e655033f7b93e69119f94f979f75fabfdd3fbd36b0ef352ac2312a3659aa0851a14db64e7e49b54a7ff79f8e76764fdf69c67cb895afefaa6af3c4bcd1ff5f3436b9eff42a228a2d0075df5ed951cfadf32ef2f9dee57cfa2531e8a775dfcebe6086b4d5595b9c3c668f035a7fb80c685c966d5b216e8ca0c4cfdc921fff5ee4cd6a7a48c293b9c788a61ea84c0e5b9c28f4b66cbed43a9d408274e72e2d8572cdc999420f1d3c4a582701d187b46891104d41eefd2da3b69e6cf3a79300abc7ac9e79eade0fad2665fb8d5e33a7ff9c9564b0c2f723ca3992f48037f0b6f658594fdc2ecde87feab11a1842b850209658beb5483855cf6144be4b53e4cd08ef6778b6d5e53d2e8d947b37a42b8b32c1a0291a5b109edf8d6398be364f1f532f1ee459d3dd0abfaad75a03168d68f5518f017888a6eb483ffc8ed61080034abaaf43b600cc8269087dbfe9e366262f005d8a75c182aac164572832627600a7beb87a7615b579c57742adbe33b31a92291fd80fd4849b46203475a94a3dfa3cc4b60cd8eb1f1a51e77888cc3b4e0ffc6b94c6474a87da46c2b678148084db68459b29c6f6da840aa2bdbc398f958ed646da407ee856750461f53e7c67e1f7f748a25b64f076a7fcb921344dac5ac55c06ac8de7d70f5a20a874f024bff6194059f013b018441c0cd617e34694ca6ca6dc2ffea6666d0796a7ee924ece6770d6faacb9a2981ef4c2a83b8c1b75099a58b2fd7c75b41c36a3ce2cce76c92d2537c49471934911914c7e6e257beabe3a23c3de9684e6f867085c6ef62ef0810be113482a6cbc14e1919f2866d9e6cb4e04da59b5d431aeb540c2a97907e814fbd7721e6ed2cc58c60891132740dd158130b6e0cb3d6cc268164d521c72a588b75a0dbd056a29cdd432e6952e35868afb30ecb3ec379b1c4a51aa9181d96e89045d7ab54910c6412669bd3906577d470194fdf48bd431ea9f41dca11cf16f4885820068646e7e5d35d4ddb2c4eb6f95d4f0d52d1e568a225f4e7298eff3ae320f9ab56248c94d6712b59f6180598156637561c77db374e721af2cd576c713fe44b4686fe9c62e0c8bb0e3b54a2f76c21ddc95cee756e21b92dbf1d5c1ffe93ea2dd68cf3ac7cedb1d072a82945f87166e1435f2372832b60539df7f1aec2889382502d38cbce9e285c63b046e93c35532cdd8371264ffb1941882551fbf3236a87dd2c2d9a0854bc7f8f912c91060a6ca4310c8edcf168ba41aed5f1c16a755cb5715f40f59d2e7fa0d42d8a23bc5d4a79cb4e09a1029d4a52e36fc6c3fb689d5b5e03069ed031d8652ce697b653f94b805bb052b0a9370028ac0e56c68ce7eeebf4c786ba189aaaf16838a604fa58adaaea2d97838f21aa45608535b0f296ad298a7e1060976a57346c7fa642b42be2f7a2f7baa935027add56c187501de5cbea8118b8e738ef8f2c36ce90e055ca2d58a8ea9edd11ca410eca52132b1116eba667ef133d8cc8a184bfc25226d5aae9aa989f5b711d729fbc67b1ba75355a156c80448a2506d4fc2dc50c2c5aeb7942f14550179f22af1792cb4ce523dfa332b2c7a91d9ab82f4743c540f7194c8cc8f5a7b4f388dbdbbef9624c789933e85de8fd8825c37e1a8d7228812db07d5e1788e35ac78f55139ef567c390793bdd0b5bbe5df4d57240a6644579cd5530a058eaf0e96049b9cb95d48fc487163793a6c2b2329d7f8635979949ee725497d4faea59f17b6d763f2c1fc689ffc05d85de5e76ba743a206c64c8aec3788e299249bbf4c9418a126c0f61ed849d4d3b4471ca930788c71d476916b0f726ff248dff0bb9d9c5fbf5e2d39ce6588db7e4ee224d5f3f3176c2f5278ee9f690da246e65f90949d47befa2bd88be4ec18d0a069494f0cd2be0478e9de9b28fc7428a9b917b89081fc16378efeefb1c789d9acfc4898833ec7a7feb5a15de2fefec9001810c0fb62e7bcc715cf6512150e5ad26ba9f72ab5160669dbc21a18b82711aaad9913810faa8fede7e2b7a2a2ff03900d077b61c16861d8d6ff2b5bebcccbe8ef9e8df2f8434c08b823e89a765c078ab2826072e8378ae764b1575bc659d109447e7cf411f9ee83077466f4bbfecc9e49a6c499af7088bf5d0003d50bdbc2da80fa9ac805b76c76abf5838659763f6b6fd97cefb6821cbead13c58753ae14676d4cd7ae5b831fe1d60151507bdb3e71379e3d34083de9690d43bd58c5d880092890c6af6c2c0a86d3a98041fb79370c197f06729aa7bd636e72a08649175a8fcfe378cbb6650f2c26bf4ab39dfe5285686229441ef58a0f2a516ad8c0cce67b8187d7417110e44b0fa2467f14af0f37ba7f8fb22f3ab446df61cc8a348269096c1533ece1c6ed2f65a13e36c00c7db301759e5c245f18deb0c333796750b697bf215c7cdab492525103b3faae28c6ff131c191fcca4c6417cf577f70b0b24d4190dfdafaa76f446d6fad51fe55a9757e8d356fe5148db965b2afc79cfc2d3ae17d7dc7012a4c2c1afb47c3cdc9e99928f3be079155cdb77dcf04c205cac8144fa1fe812f4521ed51cf5100df8b6284fd49870018653e6795b6b9f3976c4588d1fdd3e54eae0a1db2b0aab5d55cab1deef10fc6ef20e32d1d35d95b7cadd135ca7d8cb9b8a3cce7e598c4ae95a1ccba1ab7814f157273a85bd91cfbd23904732762400c6a3de53b749f8b6f3b33f1ac8a0577aca59dd3f36c3fd42b08db6f6f6964a132cf9ed35e01f6b45b9a30523d252bc2106abe63fd70e01ca3baae8b636caba051f593a97a6dc9f75fa0341fdb2e057a59a4482b248f4aee5b1f87728df0fd4187b07886bdb11e2078d0665dd907e1137b3c6b1e0d009f1138e46f60444f1fb5466a9e035c27812cc9f78d252e1b592399dd9737d99c1da106709a88689311d2ed8bc6265949ac58ac37c643733c65a91d14a7e3982867350d666cac06ccd508d81fb74d7ededc25f5b384363a234e477edc5739fffdc2edfb73817a531d889d801265f85ddc656e4ee2e0a49823624c8821da7fb7b911e149d976e8438ee83276f75760910860fe24a9861017ed0b35809038d4861fa06517ccc344843596707e7f7646313df443f3d2ac4c30f759dbdaed4b750a353bff18ed0fd94f2b6cb87d86bba13659759b46739fd6d1e99f3fe2415e349c1f8477835c6eabc7f39b79916aa28cdc2ea3b2efa6108afe35e9e8647b6bbce4b3cdd6c3c10706e4aa5b1fe197ab4e145724827d39ac4aa05b98f5878c6c1bee586ab8b33f02e6a1202120f14516bc6ce9c74d5be90d0a799a54a3dfa7c82a3e28a12bc95cea1385141c40a3c483ec5107c5c933630fd22a83f244fdec9d70a3218ea3b2e1d0cf27a7a1054899288344eb4586bbc55d2aa346db802ed5e01d761cd1376409baf4e43a11f36bcd43b7d1770a12c0d54c0bd58d15e85adc25bf0657b2648590ff1ef215c0f0743e9a569736ba663a7477d12375355d6f9f62935377175fc0a1b3d206be8403847eba235aa309da94bab9c9e406bcabdde00a540d1f76616d8f8802fe34299b9a202689b92baaf3b2c75e0b35dd7b482f3f3ea5e91c02cebbbb057ff452e72cb7f34eb9cedb6819710423342c106c6b7aa00b98cef473c83d2bb51fb74c0bfafb1b35e689b85fba58f74eee14a6aa7ac539604b4ba7d8226ce36b9afb66ebdc64483e85eb4c491a0c3fbac31b6627978d1ed280fce018fead92d354213a4948bf8bfff9a8344e489b30170eda80cb3ae2efd0f21f529c5c07464db5bdc529b91bf50c496722658d6f3a5d2e3159e33f0803b0dbe048bc17892d7142c8ba95fdf80219a49dd27db81809c72932405d3fdcdb789a545a24b5d9cbeecafebc12c57fc597b07fb8d55632a1464c0578fb1c355efe61dc6c8443b41ba2fd58dc3923932550ab6c6e0d9b1af39f9ff00969ba3bd2f4aca95990c2b0760bd240cc4de9c795757fd3ed5ff6a167f746774e3eb209f36858fefada710670dd725f88d8d9f2364141f2349fba4bcd029709468bee3c495fd2061e2fd316c79316e1b0203be577b64c79ff5ab7c87d7e59d0e55f4057c0052349a9231ceb0336af6d6686192f285cf6e81162962859ed73bfca3fc0c52ba7de4202fd0177ae26b82f0ba1bc8009ac3debe6afe8450440c7501278f960e42f3a62084e3eea594dd2324d9a86f39bf001e3b601ef7a890f9bc6bb0f83ea9572ccc61c763099f8c8fed0d355a5c"], 0x10a0, 0x20000000}, 0x6804) r2 = socket(0x10, 0x80002, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) getsockopt$netrom_NETROM_IDLE(r4, 0x103, 0x7, &(0x7f0000000400)=0x400, &(0x7f0000000440)=0x4) sendmmsg$alg(r2, &(0x7f0000000080), 0x492492492492751, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x23, &(0x7f0000000300)=0x8, 0x4) 04:51:03 executing program 4: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/status\x00', 0x0, 0x0) ioctl$KDENABIO(r2, 0x4b36) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000080)='./file1\x00', 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r4, 0x12, 0x2, &(0x7f0000000240)=""/163, &(0x7f00000000c0)=0xa3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$VIDIOC_S_PARM(r4, 0xc0cc5616, &(0x7f0000000140)={0x9, @raw_data="52c26204e79f1506088a967a2578378797c87f0eabeb8f9abd06bdd9d6558de6e4b7bdd2fbff54c0c3570bfabeaa3cdd9bc528728391bf1526be7de607c3ad29236a863db4bcc15507df4a73a4743de09f501fa8e164a84e2f9def553286fb60aaa7f382455a3398089ca9087470b5b0fca67fcfffb65a41f61482df6948322d63bb384e96d308fc07bd091a4e54757de48d3110ad2ce5b412d92495c23ccfc49d77efb3b9d0eca9cbd9b4c21b49d5a9dc37a3f6904b75f89bb46fd44bed1b014d0e4939de139572"}) dup2(r0, r1) 04:51:03 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5460, 0x0) 04:51:03 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:03 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x54c9, 0x0) [ 739.137798] audit: type=1804 audit(1569214263.522:5135): pid=19184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir227841956/syzkaller.iaiIf3/677/file1" dev="sda1" ino=16820 res=1 04:51:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1100008912, &(0x7f0000000040)="11dca50d810bcfe47bf070") r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x40000) ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000080)) r2 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r3 = perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000380)='/dev/loop#\x00', 0xda, 0x81) r4 = dup3(r3, r2, 0x0) syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x7f, 0x4800) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x1000, 0x0, 0x1000, 0x2, 0xffffffffffffffff, 0x6, [], r5, r4, 0x1}, 0x3c) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@local, @rand_addr, r5}, 0xc) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="08010000", @ANYRES16=0x0, @ANYBLOB="08402dbd7000ffdbdf250200000008fd9336c31805c4250a8a1e869dc930c533f7b9b09502000000000000000ec52cbe2c5fe6dd123a4982d99a9936edea2b45df40f250990077feec665ea9b60cf002d5b7de94434c49ebca2425c71ab5d80badfb036888ea74aa802206a2400000100929dc1972a79446488ab8b6fe8cff7d4d0000000000000000", @ANYRES32=r5, @ANYBLOB="ec00020038000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004000100000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400929a000038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000600000040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004009c00000008000600", @ANYRES32=0x0], 0x108}, 0x1, 0x0, 0x0, 0x800}, 0x80) [ 739.211230] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 04:51:03 executing program 4: gettid() r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000540)='/selinux/avc/cache_stats\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e22, 0x8f15, @rand_addr="b60c4dcabb3c2b565b507643e0fe7d3d", 0xffffffff}}, 0x3, 0x0, 0x20, 0x5, 0x20}, &(0x7f0000000640)=0x98) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000680)={r1, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x400, 0x8001, 0x7fff, 0x8}, &(0x7f0000000740)=0x98) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x84000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000780)={@remote, @dev={0xac, 0x14, 0x14, 0x17}, @multicast2}, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r4, 0x0) syz_mount_image$reiserfs(&(0x7f0000000040)='reiserfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x6, &(0x7f0000000400)=[{&(0x7f0000000100)="dd7c710a02f5a2d2043554f5e023cb636c135927d710787f", 0x18, 0xfffffffffffffff8}, {&(0x7f0000000140)="9d7deabd9fbb5e9c97042520fb7c3b54f2795d78c7de80253ea4c30f7908c63572d7219fbf600a4974982db2cf649a1aff62315879cf12f4f942ef78715bd3190d8b3a7e8bab6779adbe889cc55dc2326f97e5b7d693192fd065d7c0764b21a22752f4f10ccd090f04b81aafcd5129664dc6cc5aee84f4d34a0c82f4eefc56da1e6f3021ebd8bae00487454d25e8d28d6da2", 0x92, 0x6}, {&(0x7f0000000200)="0fe4ed143e3d5749fbc0c61f", 0xc, 0x4}, {&(0x7f0000000240)="4a5eeb4b49323c108dffdb2ff6c8dfd519588a37dd2551a851d0385f2a4980718fbb25251d8636cf57b74d2081a2155d801455c00d84d8fcd6a42a0bb73129941e304b5cc923a940d14444458fc0f5fbbbb6abce50433af0b852498933d2d9539878386595b9b1eb46a76845a5be2c3f1b2e9069cd8c8de9fe3cb37887469f383e06e143c6be6374622164f1e8899e363d", 0x91, 0x9bf}, {&(0x7f0000000300)="df89dcad7e2e35aa6e9b711f36497d6379027e4bf3d15781dcab75817cfe059cc08f7bfd7ef3312866d57b175b930bbecbc50e218f18c5cedb8ba76bab0e2cd538f35bb291de5189601ad0dac8df5b003b37204deacef147fd22520e7b62d9ec546750da01971da79f7b29248257cee21d4fe6594f53793a9fbfb0219dbf0f895bdb7cf1af3eed4c74adeaee1f4083f23017f34c4a447d406ff3301306fbaddd6cf69ab012efe9a0ad2886260b1fdd091f4ca4329fd3e975a016e21f2b", 0xbd, 0x3}, {&(0x7f00000003c0)="0da5d995b392f2cf", 0x8, 0xb907b28}], 0x2020, &(0x7f00000004c0)={[{@noacl='noacl'}, {@hash_tea='hash=tea'}, {@hash_tea='hash=tea'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}, {@usrjquota='usrjquota'}, {@barrier_none='\xca\xcf\x97Z!\xfa\x16\xfc\x00'}, {@acl='acl'}, {@balloc_hashed_reloc='block-allocator=hashed_relocation'}], [{@fowner_gt={'fowner>', r4}}]}) read$char_usb(r0, &(0x7f00000007c0)=""/207, 0xcf) futex(&(0x7f0000000080), 0x18b, 0x0, 0x0, 0x0, 0x0) 04:51:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000107, 0x6031, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='ns\x00') r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000180)={0x2, 0xffffffffffffffff, @loopback}, 0x10) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)}, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = socket$inet(0x2, 0x2, 0x0) fstat(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) fstat(r5, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, 0x0) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) fstat(r7, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r8) bind$rds(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0xffffffffffffffff, @loopback}, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)}, 0x0) fstat(0xffffffffffffffff, 0x0) fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000280)={{}, {0x1, 0xa}, [{0x2, 0x7, r2}], {0x4, 0x4}, [{0x8, 0xd, r4}, {0x8, 0x0, r6}, {0x8, 0x2}, {0x8, 0x4}], {}, {0x20, 0x4}}, 0x4c, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, &(0x7f0000000040)) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r10, 0x54a2) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2000000000002) syz_open_dev$sndtimer(0x0, 0x0, 0xa2a4c225cd30e6f4) [ 739.269937] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 739.315037] CPU: 1 PID: 19180 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 739.322018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.331380] Call Trace: [ 739.334001] dump_stack+0x172/0x1f0 [ 739.337649] dump_header+0x15e/0xa55 [ 739.341381] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 739.346505] ? ___ratelimit+0x60/0x595 [ 739.350407] ? do_raw_spin_unlock+0x57/0x270 [ 739.354842] oom_kill_process.cold+0x10/0x6ef [ 739.359357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 739.364911] ? task_will_free_mem+0x139/0x6e0 [ 739.369432] out_of_memory+0x936/0x12d0 [ 739.373419] ? lock_downgrade+0x810/0x810 [ 739.377592] ? oom_killer_disable+0x280/0x280 [ 739.382099] ? find_held_lock+0x35/0x130 [ 739.386186] mem_cgroup_out_of_memory+0x1d2/0x240 [ 739.391056] ? memcg_event_wake+0x230/0x230 [ 739.395397] ? do_raw_spin_unlock+0x57/0x270 [ 739.399858] ? _raw_spin_unlock+0x2d/0x50 [ 739.404024] try_charge+0xef7/0x1480 [ 739.407750] ? find_held_lock+0x35/0x130 [ 739.411831] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 739.416724] ? kasan_check_read+0x11/0x20 [ 739.420916] ? get_mem_cgroup_from_mm+0x156/0x320 [ 739.425782] mem_cgroup_try_charge+0x259/0x6b0 [ 739.430564] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 739.435513] wp_page_copy+0x430/0x16a0 [ 739.439414] ? clock_was_set_work+0x30/0x30 [ 739.443743] ? pmd_pfn+0x1d0/0x1d0 [ 739.447322] ? kasan_check_read+0x11/0x20 [ 739.451474] ? do_raw_spin_unlock+0x57/0x270 [ 739.455911] do_wp_page+0x57d/0x10b0 [ 739.459644] ? lock_acquire+0x16f/0x3f0 [ 739.463659] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 739.468347] ? kasan_check_write+0x14/0x20 [ 739.472609] ? do_raw_spin_lock+0xc8/0x240 [ 739.477064] __handle_mm_fault+0x2305/0x3f80 [ 739.481505] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 739.486566] ? count_memcg_event_mm+0x2b1/0x4d0 [ 739.491264] handle_mm_fault+0x1b5/0x690 [ 739.495434] __do_page_fault+0x62a/0xe90 [ 739.499509] ? vmalloc_fault+0x740/0x740 [ 739.503581] ? trace_hardirqs_off_caller+0x65/0x220 [ 739.508604] ? trace_hardirqs_on_caller+0x6a/0x220 [ 739.513554] ? page_fault+0x8/0x30 [ 739.517107] do_page_fault+0x71/0x57d [ 739.520924] ? page_fault+0x8/0x30 [ 739.524474] page_fault+0x1e/0x30 [ 739.527939] RIP: 0033:0x40eba8 [ 739.531142] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 [ 739.550239] RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 [ 739.556144] RAX: 0000000081709a19 RBX: 000000009cf730e3 RCX: 0000001b30a20000 04:51:03 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x40049409, 0x0) [ 739.563430] RDX: 0000000000000000 RSI: 0000000000001a19 RDI: ffffffff81709a19 [ 739.570713] RBP: 0000000000000000 R08: 0000000081709a19 R09: 0000000081709a1d [ 739.577996] R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 [ 739.585363] R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000000 [ 739.592673] ? trace_hardirqs_off_caller+0x19/0x220 04:51:04 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 739.627277] Task in /syz0 killed as a result of limit of /syz0 [ 739.634586] memory: usage 307200kB, limit 307200kB, failcnt 4007 04:51:04 executing program 4: bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x28a) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000100)={0x0, @in={{0xa, 0x0, @dev}}, 0x7f, 0x0, 0x0, 0x0, 0x1}, 0x98) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r3, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nullb0\x00', 0x0, 0x0) preadv(r4, &(0x7f0000000040), 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc01a00, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) openat$cgroup_procs(r8, &(0x7f0000000200)='ceB\xf3[\x1f\xfeU\xf9\xf9\xcf\xc6n\xd2\xe3\x87?c\xb1\xc4w\xd0\x9d\xb4j\xa5\xe7_1\x81\xa0\x84\x00\x00\x00\x00\x00\x00', 0x2, 0x0) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4\x02\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r9, &(0x7f0000000080)=0x1a001b00, 0x297ef) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz1\x00', 0x200002, 0x0) mbind(&(0x7f00006b4000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000040)=0xf15, 0x8, 0x0) openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r10 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='hugetlb.2M\b\x00\x00\x00\x00\x00\x00\x00in_bytes\x00', 0x2, 0x0) write$cgroup_int(r10, 0x0, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) [ 739.793315] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 739.974667] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 739.981688] Memory cgroup stats for /syz0: cache:0KB rss:232172KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:232224KB inactive_file:4KB active_file:0KB unevictable:0KB [ 740.003299] Memory cgroup out of memory: Kill process 9782 (syz-executor.0) score 1113 or sacrifice child [ 740.018812] Killed process 9782 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:04 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500cc0000005f3f000000000000000000"], 0x38) 04:51:04 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x40086602, 0x0) 04:51:04 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x0, 0x402) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000080)={r4}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000180)={0x6, 0x1, 0x6, 0x8, 0x3ebf, 0x3ff, 0x401, 0x7, r4}, &(0x7f00000001c0)=0x20) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={r5, @in6={{0xa, 0x4e22, 0x9, @local, 0x6}}, 0x800, 0x7, 0x10001, 0x10000, 0x22}, 0x98) ioctl$VIDIOC_S_FBUF(r1, 0x4030560b, &(0x7f0000000100)={0x30, 0x3, &(0x7f0000000040)="5b6b1420b07ac76e62a44b0c0700de3ee3e33ad02ed2a158ddde5a6733c8b6bf18db1ab35c455f26236d038c653c898b167b057e5b76bbac62fe7b9d514042e2dfd384c1948ce0c8e2f98357e4cb597d5d71846fc3a57c197399303d9376048faf91c645d4561aa30e034c75c01aefd9178090881457103fb966ad1e489c15c4", {0x7fffffff, 0x462, 0x31324d59, 0xf, 0xffffffff, 0x1, 0x76475362e36b831, 0x1}}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) read(r0, 0x0, 0x0) ioctl$VIDIOC_DBG_G_REGISTER(r1, 0xc0385650, &(0x7f0000000140)={{0x3, @name="e7b2cac3855f203e60b09c839199fcc8794ffec23cded21777439b601328f4fb"}, 0x8, 0x8, 0x2}) 04:51:04 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$RDMA_USER_CM_CMD_ACCEPT(r0, 0x0, 0x0) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000540)={0x6, 0x0, 0x3, {0xa, @sliced={0x6, [0x80, 0x2, 0x0, 0x7fff, 0x401, 0x10001, 0x41c, 0x8, 0xfffffffffffffffa, 0x80, 0x4, 0x8, 0x401, 0x1, 0x0, 0x604, 0x0, 0xef, 0x4, 0x8, 0x7, 0x0, 0x10001, 0xffffffffffffd1e4, 0x1d000000000, 0x5, 0x0, 0x9bc, 0xfff, 0x80, 0x4, 0x6, 0x0, 0x3, 0x0, 0x6, 0xffffffffffffff3b, 0x7, 0x1, 0x80000000, 0x1, 0x6, 0x40000, 0xc0a9, 0x1, 0x8, 0xd9, 0x20], 0x7}}}) setpriority(0x0, r1, 0xffff) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f00000000c0)={0x0, 0x0}) sched_getaffinity(r1, 0x8, &(0x7f0000000080)) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) ioctl$DRM_IOCTL_NEW_CTX(r2, 0x40086425, &(0x7f0000000640)={0x0, 0x3}) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', 0x0, 0x0, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000780)=[&(0x7f0000000100)='!\x00', &(0x7f0000000740)='!\x00']) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000001c0), &(0x7f0000000040)=0x10) 04:51:04 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 740.046822] SELinux: ebitmap: truncated map [ 740.051777] SELinux: failed to load policy 04:51:04 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x40087602, 0x0) 04:51:04 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500cd0000005f3f000000000000000000"], 0x38) [ 740.157651] input: syz1 as /devices/virtual/input/input32 [ 740.161919] Invalid argument reading file caps for ./file0 [ 740.173806] SELinux: ebitmap: truncated map [ 740.182379] SELinux: failed to load policy 04:51:04 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 740.429798] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 740.451350] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 740.490189] CPU: 0 PID: 19251 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 740.497155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.506510] Call Trace: [ 740.509118] dump_stack+0x172/0x1f0 [ 740.512753] dump_header+0x15e/0xa55 [ 740.516471] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 740.521588] ? ___ratelimit+0x60/0x595 [ 740.525488] ? do_raw_spin_unlock+0x57/0x270 [ 740.529911] oom_kill_process.cold+0x10/0x6ef [ 740.534420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 04:51:04 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") sendfile(r2, r1, 0x0, 0x207fe) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000000000)={0xfffffffffffffe51, 0x3ff, 0x40, 0x3, 0x2, 0x1}) 04:51:04 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x40000000000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x40000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) ioctl$EVIOCGUNIQ(r4, 0x80404508, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r3, 0xc0385720, &(0x7f00000000c0)={0x1, {r5, r6+30000000}, 0x7f, 0x5}) r7 = openat$autofs(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x14d114775de95e04, 0xfa00, {0x1, &(0x7f0000000140)={0xffffffffffffffff}, 0x200, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r7, &(0x7f0000000a00)={0x8, 0x120, 0xfa00, {0x4, {0x0, 0x3, "a11fd9bb777ed6d2de013aa84c1780812dde64019c3679140f98742d991c188999137e2c0c273c01ce5ee4a98e9a5f9621977495adc63b5e42cfed5f869c9b9c3762653da39cff6f836d3d8c2f820218e7f36d69edfe4f612f003ba171580d5d229a27995ec89a2ae6ea35537a994f882cb14b30ea1e81f4ffce42d406d795b1667439abc3912178aa17fed740c80915b5df43ad2e40db2e0c07023314ebb582148f97bf4b7f329a3f160dfa8dc19707f955096b143bd08da435072e87ba883dfc7fec35c82353166a54e432bd274068adc33e99bed553bae5b0410241e3d969c47980bfb66acc42eae3297dadf62b3f5d48f2bbbae626416b7f89ba77f540b4", 0xb9, 0x4, 0x0, 0x2, 0x100000000, 0x1, 0x3}, r8}}, 0x128) r9 = openat$full(0xffffffffffffff9c, &(0x7f0000001440)='/dev/full\x00', 0x1000, 0x0) ioctl$DRM_IOCTL_RES_CTX(r9, 0xc0106426, &(0x7f0000000180)={0x20000000000002fe, &(0x7f0000000100)=[{}, {0x0}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r3, 0xc0086423, &(0x7f0000000c00)={r10, 0x3}) ioctl$DRM_IOCTL_RM_CTX(r2, 0xc0086421, &(0x7f0000000080)={r10}) r11 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x8, 0x6100) sendmsg$inet_sctp(r11, &(0x7f0000001400)={&(0x7f0000000240)=@in={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f00000013c0)=[{&(0x7f0000000280)="3710cc99fabcc8a70ccc548709949099e92de3be1fd8ca38df1b264c80ad0ec747cc4b684b5a632203b7fdc7f01330b11699f020af373868d67dc2edae99fcca996f479c5f18", 0x46}, {&(0x7f0000000300)="e5f1339d69d04dff9cb8cb17d9f5734d1dbdba404d", 0x15}, {&(0x7f0000000340)="854b198b316fa9a16a7c6ba661fedee6f1bfca77e37e20d8be5cedb3ab17faa8411adf85a150d744305a9d9fd7ce5d82feaa452935cbd6978ff7122e0efacc92de4df1a74bc904e0e8e56aa284f7bcd547fced108cfa1726a02273fa95345cd42741964abbda90f99a0b89c298d52467cfdd07772217c446f4a55fc62593dd4e355d90b10cba6649b4b5c389bee75e0de80ae48a5e8b054fe047d26c151cfe711a49c5cdd25894e22e8b67fbeb346b0b781a1f5e13ef68dfa3136d331ad6a2766ed492f216028aaf1de508d215a69a70e1813340bda23538ddec01542cf43d3a08a4eeba05391394ca233d407cb991dba974b238db488a3f004a358a6bfef552fdf679e5b932e271ed7c3fdf13359cf27f7c9c6265ed0f8f804087cf096807ad442ccaca067867b428a5aa427ec92304a8c26e2b1613345e4771c76aef31a38c690857c61af94cadd2a4c714cd37f75a46843d7aff0ac33ec18abb009841fc3108c2092365febaef7a49b3f3870996b42fd785dcd4e03c8a759df8b456da55565062a5736b90fe00207f33c8cbca034eba8760a2adc666abc735ac33eac36243d0794a074e33089f41e1921523e11ea75805024ed0d3a6bd3a5f2327144b9174405164ccb886808ec2030d47b384037ca4a34e6d20b8c1a4137b8109f85d968b443612276b3d04f5f1bd97f3f73f287985e370e53987a3bab8f15405fdc2f1a2a7436e6e01825457938854c91a05e72236bb1551aff112fd983afcecedda7d693ee8c8f7c588f0c68d48309bffbb7fa19e64dc01036f4ee4761553433e4863924b4421876c74291a507a0f303b3d314044342030bb8e47696b8ce5147c90027ca5600f6feaa9ab2ebb2c311dfe7727eef0d239eda186d7784b68fd5f0b81b2d7ce0f5c262cac256ce5133dd083b45d5300968bdb3f41278df732ad41c2985de19cab2fac6cb2a64e9132d8302ba698aa40bd8ad7016659a9c2b4dc274980b646e9ee4fbe2961cd41c9c421bbfc38b2615248c886e37ccd753321ca32db90d338d935555b288702755ad70540f0566a7e9628c170b3708ce53cc429ad10f5b043c24ab0423ece6ad14520ed403a68cd69bdc7a1825e6a62f76a01bc6ea0bd7c55f7c8ae2b5439a130e2a10c1292874a5eeb71298599fbc0ceb38e9c5d903cf587458c1fe23a17031808b456d0fcd0240c06fd7dfdcff7b42a6585047b2e308f2f36be19d9639d0034e6aa6bf84a188381f841c2755cf9382c6e43fc3b8506246b1bba9d3f65093aff1df5aa7b282e865a9a3d3a733a610a6cdeac7e2c012640c65b585ca6d48beff932bf477b78b9f2a366d9262fb630f068d84c33717128d7a06c49e0efd6bb55d3f275a86330e035e61d6eca239f65ec43dec1787895518f03c4f8bb3316e17deef467ea95fddfde8dc03ad703228e32c9aa060bef03539a3bf8e12f0fa3bb10cdc7cfd94d8e2f9d0848c5998116e48ba4316947018bccdd0eba21945909def825fb78496ff2a33a20f94636cfe415deb4ab63aa046f29138f95fd9894c29ef0b28c4a82939cb8b67a6ab5725969ded1bb0a5cb95393ed73cc50756b7f80244e47b3b94f1f801553c5eb4c10c9cb759b996fe29759d3c782c16ac03987fd4dbfc6749fdefcf604a8c2d0f8bca1aeb4edb1147139e8c48cc1d19ebcc5a7e8637b5ae6edddb96a336785fb7b8818351cf55a8617d4c30c7a359703764910d8625eac95096a31e89916c873a5378276ad34a03cf0d4b3e5e2b704f57a95f7cfc4d2d1571b92fc2cf2a5909a4fd3fb743e6f7520a2a8ac2e5ac07a39f0e743b5c9dcc3fc833636959bfddaf882b83175fc64d382a3f622cd457586f79884c3e2e42554685324433a3d2d305682a778d6d6542c47c6aa24ffc6dc14554ea15e56e68a388cb1a39b5bdaa8a9b7566d4c054f842d76b6f793894dfc79c51bf8b028d4b017dcf79cf3bc61573094f1f7c9e9e21cb9486f27efddfd6b4b8e997864036ca57d3a7bf529e01e266d329346d282bd1c725410fc6f39eb8ced4ff0daf6b8b2cdf5666a4236b9e998c8cf1cb9949e9c8ee0e0eb680beaf9629d431555ecb63551db05f2101edc8ffc2ed9c5eba509118ecdef9144ef380d05328310e59d8bb1ac5296e66cfde26b3d514130edcf58da30b07ed54894236cb900e8f7f6a8866438a134671e216520fe27545f209d74a631b50f2ff4a85e6d3c6a24d9728eeccad057482b072702022b93f5c2bc2329cf280316e1cbba95c941f12812b5be5a53c44993315ba703de539d4f2d51c4ed88af353f97a0a6eef515a08be7661008161d4bfc4f0386c22756453f5f9d0e95b378e18023f927bf9a6f1152294b00a8e108183192df1a93171e6491c4685c7ae22151e0e47f6553f3adbb6acb2709717370a9bdd7a49927f066f7a3c24944d58a6ed7521fbed5232cb6e83e3b9b3ab9ece3419a2f0ae9213dbf4dea54df216151cec0be9c4be3e55e5166ef124de8f3c8d7026dce8e3bf4e0d0d52a3fb194517962c1c3d0cf3189a33ddc0e06d7d533d435179d5b8fb2c78af2b47c710f2bc47cbfbeb8082b2b9c9bb8029d9d70f9ffd252c7bf7961dc417535af0f5c5ce83b216b0d481ddeed0aba06200d8aba8ce7fba17f1fa9ddf8ac3a5adb41fc0d2afcc9c9e5ec3cdd8901c4598d8d3671078dca4babb875ce3542ecd00e234318dc0d6de99feff372d1cc37ad4eddc3227ff3ba08e134a5673465edcac694faa121d7fd0d4fdedbb6dee06f2c73b33323be42051aad02847fdb3ffb9d6512d7172c58f5a0e65fb46a2ee724692c139c72711885a14acfee137a367a5d4bda3604841dd5a62cb0c11fe8e68c894de762b8e28d07ce093bb3c52c020bcb83f936e5cfa6103b2c136a3dc72680ce1fc505366a461e6fc82c0506881b226b0cf8c79b7571c1b51502056779ac2a2836c9d25dc5611557c4b1c92607bb98ca91c88843790a8da04258046999e946a8b8c0f4f9e899e77302f3b51bc159470c4850fb59126618ac1f55673d0065663b42d337a5948f346afd4d0a5d43aa00ebaeecadd3e5adbf7f5bdbac1e2ca27e56f4e895d205a6dec431caf61a75d4f7cba31099e64b4f1bbe1fc3ff5ffcfea6dff3d84ab8fc759c46a1803a83b9bd340c7ba105f71047f23a5a45a22a6ed0559c284c79e8204275419d35623b2c553d69a88bb0aa07259166226dc915d315a68caf742536ad6625eed7be8fdcb2ff04f11a114fbe32c5af59afedbb181920afc7364f213f574316b9f804b80365b78c7772e10f490bf4b4f6c1e8eadb2ab4d10ba9479402556255024f450dee89b76b78128aa8f3be1730d61560fdac0c650cffbaa315713742e2900e10e73f5d7ab91cd2f772894a61fca936d2c3e7a56496231a4f27d08de79b2f4a7be41a058b571ab8b3e26369104ef323067836f9df6202894b5da6d3b800863fd53c8960a2d82d6651457d0d2612eb0d4fa9e3252fda17d82dca25ce47f09bdec8a0f80c36588221efe575b5c53e8132dd5dc4857d17c19ab1120d84db929ef3cf13d86d5aa164bf6c6555f68d2c153091a7340764038c466cae309dc22e729bc7d5fd7ac1df6c21a916470eab7474ccb2756ebd212c78a54e350e0137e05c5c346d965814bd14da0d674e974ce4fc19ad6ee6eb8921b98b0e5481619196fec6affc6511a4111de5df4c181f2b0882b31164f5d51640b85f74428b81c6e63911c92529ae183190f9f089e517477d0fa4784daf65de49d9e2d72edccf69d1c4d53cd84b03c7d0a31be2eb9d424e9cb13250e35ec730b38de48a10a8c47f6712a5ec2c7ff192a9f4cb118fd6b1615842df433ed573a74a90ee5b4a2d16f59914dfc36a6a3d6c3c2368d387dd8ce6f30ff04506a15d72729b5558947904ea303cce3d3ba06e8569c5ae4785f8ba445bee79a0ee407bebb1964d553e6afcd5525de027ac1d08ff2fa69ddf52f97fb9804d359b27d2fc21a0d2446b6212bcabf115f406352e2cf12da719ab454655f3723aa2ff5fdb67aeb1e66053f687900d8e81327be99b3c29f2ca443bb95ca7f2f7b86c8fc5cf7ab831c1910b16fa7f4419e04143ee16f5d9085bcaaf33755030209526cce23e495ee067df1a2fe0282d0176135c7cb367f256bbbbf12139d0846092adbf170200d4d37aebafe440009851ecf63f3f6c1532a8c5188d7dcfbff4557d72a29939e4fd916497e083c61994f26653c6829c502dc31d8860e4958f129ed0e6a2aa0fcfd38f567390a415c528163d8bd5600c2cb48d2a4e38bcfe8952de534247733580d188f2110bee59b0baca9ac3b52a4ee2531917e792d24c900ec05fad890bd14ce21608d4670521416f545e16d693340854a4c1c22ae017d8fb2d24f351cabaac43b3c7592cb8ca21e891660ab5d7cc3608127152c6a8ed14bc22bf13dab0f10040b53936f26b561ed5659380428d40905a24526ba75225a5f4b8e593b6b1ab372152adaaffbd34ad318d7cc994633a530672ba754768c72d0c2a1a238243673c88abe1c9107383ca66832642a92529a712f2b95a38c8036b091a04fe5b35148256eb08395a18ff96a52d674698cb4751168d8a5421c69a0e96a496dfa175e87b9906a6f5b63db4ff60d7730cbfeeadd79f77ab395e2de76362d9488d6e33273ce04271b45fe0807ef164833f6fc664c729c55304a0e2a0ba09fca9dd028b9df62ce3077231bfe9412a22a02318f4483d88067fdc5c459107357f44a41d78f0a67beff91a57a3e4010838fc612ef239401508610fdf24730f7cd60b07f8f653b7e79e5fc69030a4c2661a02e6bff7b8f02fe7521889ecea109f239b2ea7148961312c69becdba0fd0970aadecc8e5dd9c65c96b59ef4513271f6b2f7b2870cae905edd30d6bcef9d4bb8e5c960c1e80902f53f01c826c1a76c21ff0b60879a0e1d9d383c47132484884e95c48ec712aee8bb2b5b76dd0692fb63b543429d715a6327d6da58301eec7100db7f35b54dddad254c29816f00e395ff3853324c1ee82ab19625a1d9e2e7fb54ed088ccdb495ae5a55afe322fa075d46ed726d8a8ab62598e5d338767fb35ad6f4f70609fdbcab9496c6856c64efce0fa0942ce28c31cccdf790f80710ab91e720a1a0529a5a433a53e32d6562d37e05b7a43d564720ac808196dfe38d42dd91799c03147d8a6d1ff85f299dcc1b282c6c88cf290439b0638bbba1eaa2e5a64fe3972c1db1dde06f3ef939ee5920bfdbbfdffb68392204f2d239812ba67fbb98675e553f5a6d2fb763f99b658e2b6f77ba13646fd1ec045688ae388d98bf0db559f3243480afa062b3f2b1796d83c016a7c13f997a94c40385cb574a17d9abc3205e997632b1c19ecf2b40d4b2efaf12a303a36c2906686b31ed20b99bb75bc85352e584d69007564749b23210a3799ba4c2bbde15ea046eddfb51731c545a33bb56ff220fac1efe4e27ef9217592d9434ff0e6481a75d15f3e23a50bc6afd45307c8307cff63937818d73c67d56c936700794e2d6585e7a55a9e1257d51f9c639be909392b9ccf1b0cb94f9ff3dd2a83f59c4cce3d058ad971b6b2821eebd522e9e0803acdcca186141800afb263d9a9a357eab18298cd000e473783e79a43f91d2cf1efc4a729b13d03bd85c9e4d1c48d6edba6ad8e705b3cd0ca5a1a49d1fa61602dfeed4ea7988114cf73ea2b1376844746cdaa3b276fe90ce527676f46ae5645f8d7340f16ac924cfb87c89c05ecae2e59614d3009ecfa5e82071fea894ec13d59b653c0b976d0a13e250f7e94ac3b3ea8f92f42d4f829e5", 0x1000}, {&(0x7f0000001340)="8f21f602399de8cfe952fba44c8580617c80f86fde4707c62c3e5d89667fe8e9859f9136aa45c323edc993f85513b34425a259872b8a1fffab7df6d336766be78abb63efcd5598884a2b41a38ccdb2cda98d738a7392b49c842a2c4f93214ad4a04d7af3553b2799f74f", 0x6a}], 0x4, 0x0, 0x0, 0x48000}, 0x18000) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0) [ 740.539967] ? task_will_free_mem+0x139/0x6e0 [ 740.544474] out_of_memory+0x936/0x12d0 [ 740.548456] ? lock_downgrade+0x810/0x810 [ 740.552611] ? oom_killer_disable+0x280/0x280 [ 740.557115] ? find_held_lock+0x35/0x130 [ 740.561193] mem_cgroup_out_of_memory+0x1d2/0x240 [ 740.566130] ? memcg_event_wake+0x230/0x230 [ 740.570469] ? do_raw_spin_unlock+0x57/0x270 [ 740.574889] ? _raw_spin_unlock+0x2d/0x50 [ 740.579047] try_charge+0xef7/0x1480 [ 740.582770] ? find_held_lock+0x35/0x130 [ 740.586851] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 740.591704] ? kasan_check_read+0x11/0x20 [ 740.595852] ? get_mem_cgroup_from_mm+0x156/0x320 [ 740.600724] mem_cgroup_try_charge+0x259/0x6b0 [ 740.600746] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 740.600765] __handle_mm_fault+0x1e50/0x3f80 [ 740.600784] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 740.600812] ? count_memcg_event_mm+0x2b1/0x4d0 [ 740.610295] handle_mm_fault+0x1b5/0x690 [ 740.610317] __do_page_fault+0x62a/0xe90 [ 740.610332] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 740.610351] ? vmalloc_fault+0x740/0x740 [ 740.610367] ? trace_hardirqs_off_caller+0x65/0x220 [ 740.610382] ? trace_hardirqs_on_caller+0x6a/0x220 [ 740.652328] ? page_fault+0x8/0x30 [ 740.655892] do_page_fault+0x71/0x57d [ 740.659702] ? page_fault+0x8/0x30 [ 740.663257] page_fault+0x1e/0x30 [ 740.666715] RIP: 0033:0x40cd1b [ 740.669915] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 75 67 ff ff <83> 05 e2 32 55 00 01 80 7c 24 59 00 74 0b f6 44 24 18 01 0f 84 01 04:51:04 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x4020940d, 0x0) 04:51:04 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 740.688924] RSP: 002b:00007ffc40f2ec80 EFLAGS: 00010207 [ 740.694293] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000459a09 [ 740.701574] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000075bf28 [ 740.708855] RBP: 000000000075bf2c R08: 00007f5e2cb1b700 R09: ffffffffffffffff [ 740.716234] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 740.723543] R13: 0000000000000003 R14: 0000000000000000 R15: 000000000075bf2c 04:51:05 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 740.807027] Task in /syz0 killed as a result of limit of /syz0 [ 740.813885] memory: usage 307156kB, limit 307200kB, failcnt 4037 [ 740.824746] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 740.832818] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 04:51:05 executing program 5: r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) r2 = dup3(r0, r1, 0x0) bind$rose(r2, &(0x7f0000000000)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x40) r3 = open(&(0x7f0000000040)='./file0\x00', 0x400040, 0x8) ioctl$PPPIOCGIDLE(r3, 0x8010743f, &(0x7f0000000080)) [ 740.839473] Memory cgroup stats for /syz0: cache:0KB rss:232256KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:232220KB inactive_file:4KB active_file:4KB unevictable:0KB [ 740.945718] input: syz1 as /devices/virtual/input/input33 [ 740.958954] Memory cgroup out of memory: Kill process 9823 (syz-executor.0) score 1113 or sacrifice child [ 740.999887] Killed process 9823 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:05 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x80086601, 0x0) 04:51:05 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000000)={0x1a, 0x1}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) close(r0) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mISDNtimer\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r0, r5, &(0x7f000000f000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffa5) 04:51:05 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='umask=00000000000000000000000,disable_sparse=no,case_sensitive=no,dmask=00000000000000000000000,case_sensitive=yes,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030da02520392934b2f3030303030696c6500007965732c646d61736b3d303030303030303030303030303030303000"/90]) 04:51:05 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 741.101574] SELinux: ebitmap: truncated map [ 741.150949] SELinux: failed to load policy 04:51:05 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ce0000005f3f000000000000000000"], 0x38) 04:51:05 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$describe(0x6, r0, 0x0, 0x0) add_key(&(0x7f0000000040)='.dead\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000200)="77a250d6d916a79780ce434d23d62b3323dbb3a579c404d62ce539bbbd51638990e9be4cd11582f25bf2c0a813d27245f497c8ab4a26f4a9d81eb17c7d183641e990ca22de646c716c8c9bb4b7cfbda201a69981ac3d79f8c0c3677a59d7f8a6e490429f2979989b2b2167c4320fda9598cd8c321763fadefe061668665b162e4ddf3dd9177bb3c9335f9af63d6a561803dc0bb442e80d07b205176aa11bfc7517c545c993898a984cb84129910ffe43b1dbce2544b10a9ea8b61f27ad4eb1092b3b679a5287f977bb0f8018515c9eafe7e1319b8f74e8029834b342fe6cd8e90a5f9f80707c24dd212a654f38bb935e", 0xf0, r0) syz_open_dev$video(&(0x7f0000000140)='/dev/video#\x00', 0x5, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x400000, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@mcast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@local}}, &(0x7f0000000400)=0xe8) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6769643da346259a2020e636b7cb698ec34c37f20ec47925c08d4dbea1d2ee45ab7e198326bdc631bcce9fb361ab222e11323b2ca53049f5811d6b15505957125f", @ANYRESHEX=r5, @ANYBLOB="2c747970653da0"]) lchown(&(0x7f00000000c0)='./file0\x00', r4, r5) ioctl$VIDIOC_S_TUNER(r1, 0x4054561e, &(0x7f0000000180)={0x0, "246f46a8f3891ef8d3ac2649f847fad06d8095f49e5399bfccd875823d530073", 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5}) 04:51:05 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x80087601, 0x0) [ 741.188733] ntfs: (device loop5): parse_options(): Invalid mft_zone_multiplier option argument: 0x000000ÚR’“K/00000ile 04:51:05 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:05 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0xc0045878, 0x0) 04:51:05 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500cf0000005f3f000000000000000000"], 0x38) [ 741.415590] ntfs: (device loop5): parse_options(): Invalid mft_zone_multiplier option argument: 0x000000ÚR’“K/00000ile [ 741.440067] hfsplus: unable to parse mount options 04:51:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) shmctl$SHM_UNLOCK(0x0, 0xc) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth1\x00', 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000180), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setreuid(0x0, r2) socketpair$unix(0x1, 0xa24aa2790c851452, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) mknodat(r5, &(0x7f0000000100)='./file0\x00', 0x100, 0x40) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000240)=0x1, 0x4) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000280)="1b", 0x1, 0x4008010, 0x0, 0x0) sendto$unix(r0, &(0x7f0000000040)="8c", 0x1, 0xf4c039dc4da7666d, 0x0, 0x0) 04:51:05 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r5, 0x0) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r6, @ANYBLOB="2c747970653da0"]) chown(&(0x7f0000000280)='./file0\x00', r5, r6) mount$9p_rdma(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x2, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@common=@access_user='access=user'}, {@rq={'rq', 0x3d, 0x80}}, {@common=@noextend='noextend'}, {@sq={'sq', 0x3d, 0x6}}, {@timeout={'timeout', 0x3d, 0xffff}}, {@rq={'rq', 0x3d, 0x22a}}], [{@obj_role={'obj_role', 0x3d, ')'}}, {@euid_gt={'euid>', r1}}, {@euid_eq={'euid', 0x3d, r3}}, {@seclabel='seclabel'}, {@smackfsdef={'smackfsdef', 0x3d, 'fuse\x00'}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}]}}) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) r8 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x3, 0x4000) ioctl$VIDIOC_SUBDEV_G_EDID(r8, 0xc0285628, &(0x7f00000001c0)={0x0, 0x7fffffff, 0x14, [], &(0x7f0000000180)=0x1}) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000001780)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00\x00', @ANYRESDEC=0x0]) read$FUSE(r7, 0x0, 0xfffffe82) removexattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@known='trusted.overlay.metacopy\x00') 04:51:05 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000180)=@updpolicy={0xc0, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1}, {0x0, 0x0, 0x0, 0x0, 0x1}}, [@ipv4_hthresh={0x8}]}, 0xc0}}, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "d1ad57cb9916ea45", "859bc5d949cfa0b1b056dc423ac440409073d78453cdf8e1053d8e63786a7aaa", "744a1380", "d7d57c65055bba8a"}, 0x38) 04:51:06 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0xc0045878, 0x0) [ 741.685916] SELinux: ebitmap: truncated map 04:51:06 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d00000005f3f000000000000000000"], 0x38) 04:51:06 executing program 5: syz_open_dev$dri(0x0, 0x1, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]) socket$bt_bnep(0x1f, 0x3, 0x4) r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x0, 0x0, 0x26}) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x4, {0x9c10, 0x6c, 0xff, 0xb84, 0x8, 0x100000001}, 0x7, 0x7fff}, 0xe) [ 741.738672] SELinux: failed to load policy [ 741.747571] net_ratelimit: 14 callbacks suppressed [ 741.747598] protocol 88fb is buggy, dev hsr_slave_0 [ 741.758188] protocol 88fb is buggy, dev hsr_slave_1 [ 741.764157] protocol 88fb is buggy, dev hsr_slave_0 [ 741.769769] protocol 88fb is buggy, dev hsr_slave_1 04:51:06 executing program 4: mknod(&(0x7f0000000180)='./file0\x00', 0x1421, 0x0) r0 = open(&(0x7f0000000600)='./file0\x00', 0x2, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000100)='cgroup.type\x00', 0x2, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = dup2(r2, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r6, 0x84, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r4, 0x84, 0x19, &(0x7f00000000c0)={r7, 0xc00000000000}, 0x8) ioctl$int_in(r0, 0x5452, &(0x7f0000000400)=0x2) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r8, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") dup2(r1, r0) 04:51:06 executing program 1: r0 = socket(0x18, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000880)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) munlockall() r4 = accept4$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x1c, 0x80000) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, &(0x7f00000000c0)={{0x0, 0x80000000}, 'port1\x00', 0xfe, 0x1000, 0x3ff, 0x7, 0x2b, 0x80000000, 0x6, 0x0, 0x3ec59934c8ca1ae3, 0x6a2}) ioctl$sock_SIOCDELDLCI(r4, 0x8981, &(0x7f0000000080)={'team_slave_0\x00', 0x7}) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r7, 0x0) r8 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x800005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x802b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfff7ffffffffffff, 0xffffffffffffffff, 0x0) r9 = perf_event_open(&(0x7f0000000300)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r9, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r8, 0x2405, r9) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r11, &(0x7f00000001c0), 0x10000026f) read(r10, &(0x7f0000000200)=""/250, 0x50c7e3e3) r12 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r13 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r13, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r13, 0xae80, 0x0) r14 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r14, &(0x7f0000000040)=ANY=[@ANYRES64], 0x0) 04:51:06 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:06 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0xc0189436, 0x0) [ 741.987978] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 04:51:06 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:06 executing program 4: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x4400, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) r1 = socket(0x30002000000010, 0x2, 0x0) write(r1, &(0x7f00000004c0)="fc00000049000703ab092500090017000aab07ff03000000000a769321000100ff01000a0005d0000000800009039815fa2c1ec28656aaa79bb94b59fe100000bc000200000d6c6c256f1a272f2e11a4a6f9607668bf043eaa2a911e98cc3f8a2fcb5d7bd5afaa8934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d90dada46e5633a8f02c83170e5bba4a463ae4f5566f44660da80b76b6825bbd5b95dbcc037816460e63941591cf190201ded815b2ccd243f295ed94e0ad91743f2e87abd43cd16b17e583df150c3b880f411f46a6b567b4d50000000000000000000000b6a1", 0xfc) [ 742.042952] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 742.052603] CPU: 0 PID: 19367 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 742.059597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 742.068995] Call Trace: [ 742.071603] dump_stack+0x172/0x1f0 [ 742.075253] dump_header+0x15e/0xa55 [ 742.078982] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 742.084106] ? ___ratelimit+0x60/0x595 [ 742.088003] ? do_raw_spin_unlock+0x57/0x270 [ 742.092424] oom_kill_process.cold+0x10/0x6ef [ 742.096943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 742.102497] ? task_will_free_mem+0x139/0x6e0 [ 742.107010] ? find_held_lock+0x35/0x130 [ 742.111099] out_of_memory+0x936/0x12d0 [ 742.115085] ? lock_downgrade+0x810/0x810 [ 742.119250] ? oom_killer_disable+0x280/0x280 [ 742.123760] ? find_held_lock+0x35/0x130 [ 742.127854] mem_cgroup_out_of_memory+0x1d2/0x240 [ 742.132708] ? memcg_event_wake+0x230/0x230 [ 742.137030] ? do_raw_spin_unlock+0x57/0x270 [ 742.141435] ? _raw_spin_unlock+0x2d/0x50 [ 742.145577] try_charge+0xef7/0x1480 [ 742.149292] ? find_held_lock+0x35/0x130 [ 742.153351] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 742.158185] ? get_mem_cgroup_from_mm+0x139/0x320 [ 742.163020] ? find_held_lock+0x35/0x130 [ 742.167076] ? get_mem_cgroup_from_mm+0x139/0x320 [ 742.171922] memcg_kmem_charge_memcg+0x7c/0x130 [ 742.176582] ? memcg_kmem_put_cache+0xb0/0xb0 [ 742.181073] ? get_mem_cgroup_from_mm+0x156/0x320 [ 742.185910] memcg_kmem_charge+0x136/0x370 [ 742.190929] __alloc_pages_nodemask+0x3c3/0x750 [ 742.195588] ? __alloc_pages_slowpath+0x2870/0x2870 [ 742.200597] ? lockdep_hardirqs_on+0x415/0x5d0 [ 742.205190] ? trace_hardirqs_on+0x67/0x220 [ 742.209498] ? kasan_check_read+0x11/0x20 [ 742.213639] copy_process.part.0+0x3e0/0x7a30 [ 742.218135] ? mark_held_locks+0x100/0x100 [ 742.222363] ? __might_fault+0x12b/0x1e0 [ 742.226417] ? __cleanup_sighand+0x70/0x70 [ 742.230642] ? lock_downgrade+0x810/0x810 [ 742.234791] _do_fork+0x257/0xfd0 [ 742.238245] ? fork_idle+0x1d0/0x1d0 [ 742.241956] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 742.246699] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 742.251442] ? do_syscall_64+0x26/0x620 [ 742.255408] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 742.260778] ? do_syscall_64+0x26/0x620 [ 742.264757] __x64_sys_clone+0xbf/0x150 [ 742.268720] do_syscall_64+0xfd/0x620 [ 742.272514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 742.277691] RIP: 0033:0x459a09 [ 742.280879] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 742.300463] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 742.308169] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 742.315428] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 742.322695] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 742.329951] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 742.337213] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff 04:51:06 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000001600)='bbr\x00', 0x4) getsockopt$inet_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f0000000080)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x200, 0x0) ioctl$PIO_FONT(0xffffffffffffffff, 0x4b61, &(0x7f0000000100)="9fe686ce834d8b3263f8f335602dc37c7afaf7f3a4447432d57f63b54197828cfa54a935ab71ad3cf8ade1d170ebe888d15ffe9790b5523483f61eea6fe3ab53126075003092abc7669cd0e3765cac2c5209e85070ab96c84d57ff63b6820675b88448fade52240ab674bbb6c2e2f8fa14db119078ef217eff1081109f053ca15131373bc4c772648064a78543f584464cc43842ec1a0365162312935019fc24e9afa459716aa8120e6463703e8fc8e84f11a99f5796e164f67843d82d97a2f3b8dfa850337b5ceda7fd8682679f26ebfd89c8c2465e644cdf0fd875") r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r2, 0x8, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='bbr\x00', r1}, 0x10) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhost-vsock\x00', 0x2, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000200)) 04:51:06 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0xc020660b, 0x0) 04:51:06 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close(r0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x200280) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$VHOST_SET_VRING_NUM(r4, 0x4008af10, &(0x7f0000000080)={0x2, 0x5}) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r6, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x30a0010}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r7, 0x4, 0x70bd25, 0x25dfdbfc, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x4}}, ["", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8840}, 0x10) openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) r13 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r13, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r13, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r14 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r14, 0x84, 0x1d, &(0x7f0000000300)=ANY=[@ANYBLOB="e2ffffff92110fd1a36f1f5a8373bce2dfe2a29a3d47539fbc436d10be9b598d14d18e0bd6acd72d3a2d50dde20df0fe6cd0819d01c82e5252aaaa66539f3a", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r13, 0x84, 0x11, &(0x7f0000000080)={r15}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r12, 0x84, 0xa, &(0x7f0000000280)={0x8000, 0x7, 0x4, 0x80000000, 0x6, 0x4, 0x80000000, 0x4, r15}, &(0x7f00000002c0)=0x20) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) syz_open_pts(r10, 0x400000) r16 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r17 = dup2(r16, r16) syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x7, 0x400000) ioctl$TIOCGSOFTCAR(r17, 0x5419, 0x0) ioctl$TIOCSLCKTRMIOS(r17, 0x5457, &(0x7f0000000200)) syz_kvm_setup_cpu$x86(r0, r8, &(0x7f000001a000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x0) [ 742.460489] Task in /syz0 killed as a result of limit of /syz0 [ 742.482404] memory: usage 307200kB, limit 307200kB, failcnt 4076 [ 742.494761] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 742.512831] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 742.520111] Memory cgroup stats for /syz0: cache:0KB rss:232244KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:232268KB inactive_file:0KB active_file:0KB unevictable:0KB [ 742.547195] protocol 88fb is buggy, dev hsr_slave_0 [ 742.552302] protocol 88fb is buggy, dev hsr_slave_1 [ 742.557191] protocol 88fb is buggy, dev hsr_slave_0 04:51:06 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x80000, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2239cf391711c5a3}, 0x0, 0xffffffffffffffff, r1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$inet6(0xa, 0x8000008000080003, 0x5) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket(0x10, 0x802, 0x0) write(r6, &(0x7f0000000000)="240000001e0025eaa87865f51e86041b0004000200bff20182a90001080008000b000000", 0xfa) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000013003586000000040000000007000000", @ANYRES32=r4, @ANYBLOB="00000005000000000c000c000400020000000400a06e3dce2de4f41561f8"], 0x2c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_PTRACER(0x59616d61, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000004, 0xca}) ptrace$setregs(0xd, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x3, 0x0) [ 742.562547] protocol 88fb is buggy, dev hsr_slave_1 [ 742.569951] Memory cgroup out of memory: Kill process 9911 (syz-executor.0) score 1113 or sacrifice child [ 742.617674] Killed process 9911 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 742.678401] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 742.694589] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.701060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 742.709620] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 742.715357] CPU: 1 PID: 19356 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 742.722290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 742.731649] Call Trace: [ 742.734254] dump_stack+0x172/0x1f0 [ 742.737902] dump_header+0x15e/0xa55 [ 742.741630] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 742.746747] ? ___ratelimit+0x60/0x595 [ 742.750637] ? do_raw_spin_unlock+0x57/0x270 [ 742.755149] oom_kill_process.cold+0x10/0x6ef [ 742.760610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 742.766154] ? task_will_free_mem+0x139/0x6e0 [ 742.770666] out_of_memory+0x936/0x12d0 [ 742.774655] ? oom_killer_disable+0x280/0x280 [ 742.779155] ? find_held_lock+0x35/0x130 [ 742.783236] mem_cgroup_out_of_memory+0x1d2/0x240 [ 742.788090] ? memcg_event_wake+0x230/0x230 [ 742.792417] ? do_raw_spin_unlock+0x57/0x270 [ 742.796825] ? _raw_spin_unlock+0x2d/0x50 [ 742.796844] try_charge+0xc4e/0x1480 [ 742.796861] ? find_held_lock+0x35/0x130 [ 742.809731] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 742.809746] ? get_mem_cgroup_from_mm+0x139/0x320 [ 742.809763] ? find_held_lock+0x35/0x130 [ 742.809780] ? get_mem_cgroup_from_mm+0x139/0x320 [ 742.809802] memcg_kmem_charge_memcg+0x7c/0x130 [ 742.809815] ? memcg_kmem_put_cache+0xb0/0xb0 [ 742.809833] ? get_mem_cgroup_from_mm+0x156/0x320 [ 742.809850] memcg_kmem_charge+0x136/0x370 [ 742.809870] __alloc_pages_nodemask+0x3c3/0x750 [ 742.826327] block nbd1: shutting down sockets [ 742.828504] ? __alloc_pages_slowpath+0x2870/0x2870 [ 742.828523] ? lockdep_hardirqs_on+0x415/0x5d0 [ 742.828539] ? trace_hardirqs_on+0x67/0x220 [ 742.828552] ? kasan_check_read+0x11/0x20 [ 742.828572] copy_process.part.0+0x3e0/0x7a30 [ 742.878483] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 742.883590] ? delayacct_end+0x5c/0x100 [ 742.887566] ? __delayacct_freepages_end+0xe0/0x140 [ 742.892596] ? __lock_acquire+0x6ee/0x49c0 [ 742.896840] ? __cleanup_sighand+0x70/0x70 [ 742.901070] ? mark_held_locks+0x100/0x100 [ 742.905312] _do_fork+0x257/0xfd0 [ 742.908764] ? fork_idle+0x1d0/0x1d0 [ 742.912652] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 742.918526] ? kasan_check_read+0x11/0x20 [ 742.922663] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 742.927406] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 742.932150] ? do_syscall_64+0x26/0x620 [ 742.936197] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 742.941546] ? do_syscall_64+0x26/0x620 [ 742.945513] __x64_sys_clone+0xbf/0x150 [ 742.949478] do_syscall_64+0xfd/0x620 [ 742.953272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 742.958448] RIP: 0033:0x45c3d9 [ 742.961631] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 742.980871] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 742.988569] RAX: ffffffffffffffda RBX: 00007f5e2cafa700 RCX: 000000000045c3d9 [ 742.995826] RDX: 00007f5e2cafa9d0 RSI: 00007f5e2caf9db0 RDI: 00000000003d0f00 [ 743.003084] RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa700 R09: 00007f5e2cafa700 [ 743.010339] R10: 00007f5e2cafa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 743.017608] R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 [ 743.031788] Task in /syz0 killed as a result of limit of /syz0 [ 743.038683] memory: usage 304864kB, limit 307200kB, failcnt 4076 [ 743.045155] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 743.057981] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 743.068591] Memory cgroup stats for /syz0: cache:0KB rss:230144KB rss_huge:194560KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:230108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 743.090711] Memory cgroup out of memory: Kill process 10491 (syz-executor.0) score 1113 or sacrifice child [ 743.102551] Killed process 10491 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 743.123416] SELinux: ebitmap: truncated map [ 743.128227] SELinux: failed to load policy 04:51:07 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d10000005f3f000000000000000000"], 0x38) 04:51:07 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:07 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000280)={0x7ff, 0x10001, 0xf3, 0xf5c0, 0x2e7, 0x6}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r3, r3) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x3, 0x8, 0x128}) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) prctl$PR_GET_SECCOMP(0x15) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) r5 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r5, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r5, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc, 0x110, r5, 0x0) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr={0x5, 0x0, 0x0, 0x2, 0x2}]}}, &(0x7f0000000200)=""/37, 0x26, 0x25}, 0x20) r7 = socket$isdn_base(0x22, 0x3, 0x0) r8 = dup2(r6, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r8, 0x111, 0x2, 0x0, 0x4) 04:51:07 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)="2e00000027000500d25a80648c63940d0124fc000c00044001ff0000053582c137153e370306320fa7182d8ae8bd", 0x2e}], 0x1}, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x400000, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) r13 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r14 = dup2(r13, r13) ioctl$TIOCGSOFTCAR(r14, 0x5419, 0x0) r15 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r16 = dup2(r15, r15) ioctl$TIOCGSOFTCAR(r16, 0x5419, 0x0) ioctl$TIOCGSOFTCAR(r16, 0x5419, 0x0) r17 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r18 = dup2(r17, r17) ioctl$TIOCGSOFTCAR(r18, 0x5419, 0x0) ioctl$KVM_CREATE_IRQCHIP(r18, 0xae60) r19 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r19, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r19, 0x0) fcntl$getown(r19, 0x9) r20 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r21 = dup2(r20, r20) ioctl$TIOCGSOFTCAR(r21, 0x5419, 0x0) ioctl$sock_FIOGETOWN(r21, 0x8903, &(0x7f0000000100)) r22 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r22, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r22, 0x0) syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x7, 0x800) r23 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r23, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r23, 0x0) sendto$llc(0xffffffffffffffff, &(0x7f0000000280)="37309027cd4f12537f919a3186e5ace7edc18c98368bff28e0de6476697bfd8d517689d0328d7355622db8dd87a6f1c5989e5c99003f9cb7f265199e04b7e8e42543e639ac2fa7e22274006f90ccede7125b4523feaae0c40a2f8ea63b28d094af496ad0661ac38dc0ad8aa9cc17057318ff5f219d176f8bf9988640a46ca59fd0eff3c62ef138237b31556f41e8d8b6640db961d5a937d4a531061af06d7e962a01acce7aa13f23111df99817bf251e28a93812e35c51776e8932ca39aaf2d2db5f5908552429d75b4dd3425ca7817d24dc98359abf719a94774dd0aca366f1e7fd360bcb28dbd183f18dfc6a8cc6626ff0b88869f574989038", 0xfa, 0x40000, &(0x7f00000000c0)={0x1a, 0x6, 0x98, 0x3ff, 0x9, 0x2, @broadcast}, 0x10) ioctl$RNDADDENTROPY(r4, 0x40085203, &(0x7f0000000380)=ANY=[@ANYBLOB="09000000e00000009a7ad01ad583d695ece0ab31dd45e57c5849e546b03de538914998cd66455e46723a4ea1420a748d6ed46343cc6a3d411b6832502a6584714ff371e9bc63e147aa0d1b4a2eb63f8c12c9649c6c8e1b7d0898e0dab7df7f3dcde8aa93b206e485382158759aaba0ba771974b5e89a4e58dbbe61223bbf14f14b4fdc66c40654a5770004000000000000edcce958b9f21a7ce9438ce9d1809a8aa7f971cf0ebe988d2564e075e2e89eb94ac2a4b9371f01f7bba6211ab9456f54318e9065c26aebabdb456ed5d33c4fdaacb881898ba730c4fc3f75114fd1785711a5588c508c3b786a238a3548a09a5bab4aab282e8d00d9fe2825225d0a8c3f54aed857ee4180ad0292805ceeaebf97e63899cf434f11aaffaac384dbc114c25efabb332427a33430d7188128be8e9f89a445007d9417afadb0a061d96e9904166b924bf0576e9bc3a1bbaf1fde3bf7bfee90177579a17b83278ca6059f0d0f7c3222fbee196681532759447b4e3ba101865dfc33c098e140337fe3cde5db08963f00"]) epoll_create1(0x180000) 04:51:07 executing program 1: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x4, 0x100132, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000000)={{0x100000080}, 'port1\x00', 0xd3}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f00000001c0)={{0x0, 0x1}, {0x80}, 0x5}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x0, 0x0) getsockopt$inet6_int(r0, 0x3a, 0x1, 0x0, &(0x7f0000000080)=0xffffffffffffffc1) [ 743.193325] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 743.201725] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 743.252502] SELinux: ebitmap: truncated map [ 743.270313] SELinux: failed to load policy 04:51:07 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d20000005f3f000000000000000000"], 0x38) 04:51:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x800, 0x0) syz_init_net_socket$rose(0xb, 0xa, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000280)='/proc/capi/capi20ncci\x00', 0x46cc0490b34b8389, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e20, @local}}, 0x0, 0x7}, &(0x7f0000000340)=0x90) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getgid() pivot_root(0x0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000001180)=ANY=[@ANYBLOB="09381218b434c8ff952f4e8c7b4f7fb4a1e420bae533bd4e32d59a00343ab2f398f6ba3388da8f61aa9b68eeec3341869f0452ad71070695ae07a97616fd38e87cd15b5bdb83c016015240419d1af75cf7d4a9ee673b74e9a91adfbaaf6535c829d4a4da461064fe651ec6fcb4f3bb71f89ee13f1e5c450d036ce1fe036eaa5cf45dff8c3db54de0ae2c29e7987a982d58541d8859ee591eaa70f4e196a2744ccbd55def020d9c255e40cc33d236dfe96df0096168e6c3803e2b4178ddb97a931ee813ca94a5b91e1197c983107e5d4585569c38f7730726c218d03bb6a61deb2c7f4c6d68d8c954c1a129062e911275ac0b10d42c88eeb1f09c5ff1c1a878d18d2c266caf2b98d29226922ef37134d4c7278745e9aebf8765c32a87ddd2969970b542e35612708e6c502c9478991d6b943934ed3c89f1b6d6652d9b028ccbd1813bd4c7aa7728483c29b438a91735fa677aec9bcfd92342fd176bbef5efe22368bc1552230b805e2f19d610d70bd0e2ef985d88f963acf6e1bd6e8cf901fd713b518310f5760690bb5874564a34136ac8e07d2dcae7d27ddca24b14778f189b352125477fa969d7534001d7e825a0ebac4345e0eca8e973dbecad7c4485ab3875a7194268b09d9c2fad06ecca9921764aadbaf3fcd49064aeaa8f41d83373a82023163bf61012dd238c668271756e56d79f503e9ad7758ac97b56542bb278c71a475de80becbce66d29bd17a67585b37b6b122c3272e37c4fb12b312ae86810156ef5cb1a521d05980f3917b5e8aa7ed105239a0b228dbbbd29e46eca8d37a088d79bb407b391537ef7a0a7d1e1f70d654d52ee3330329b72c08ef9cb25593e337a93a1d098d9b9714ca4e70e75a384088977fa86e159b233c9190b4b89fe69d9a9cbe66388c456914aac5bbf3a879c768dfff417fc0cb49865cf8b54831d903b233b58b18afed4d01ce4e92e6eec1070de0f8c83f39213f132fab03d1eeecabf511e8bf050a64f91a2e8626ffff6a3d756e6389eaebda10911ab0a5a74f516d34a39f8a849b53e91d89228bb7061ccfc3eab70294f2fbd4d186efd25e5c13a2b348f534c36fdd3cb95af288a0b9ce6b824a9c6cecf6cfa12aea19bd02109a39b8f35a7d2eb90f41318353bb0882ded66b1a7ed3e2178e01d684befbed3d3d6fe1d728c72d5764e5de72f1300dc02e3ac99acc73df56481f0dee8625049b384398cb90219cc02c4c205ef826b00f92166babf7c5090203e7c9cd481b9a40f13394b6dcd0cf670c5025f5e91a568f592a20e97086f543e9abbbfe6aee78b0b09d84b54a96c3f4449de4c9e78a2897e840b28bf0b32d5cdfbec3bdbdad8119255cc853033970352c22cc743d1bc0d00dd621dda17ee9c46880c002ee1636c7131f55a66dcafa53f79fa7d68f63e6edfbef6507804e07bc791e1dced09b7d40c96ee21852b19932683fd4fef5622c6d06e7d71157bfb35a9d9c07811f3ad3543118dd16612766c6b9ca7189a6b34f29754505683317c62503f9fa3590d6e23304e117dec9dfe51ff9c6c84ebbc652c29ab754e5c0d64e7603fcab33b5bc678a31d2b0981b7b3f9dcd2aaaef58fd8d5fc2fef4cb9eb75fd485176ed37196ad4100f905b85d9cf6d95b84eb6b3896a6322e0195de578f099b22defe7ce291fdc097d6a3ec29ebb00a8bd915c67b790de9871562b3988d99edbb7096d466a9dfcc8b1fe9eca8fa30c8e3e489022e9507c959ade447fb615f1b6868b46d28f5bba76d9872e033ea0b2f2d8d3b95bee1ceb09e8bff44f7ed9bb5ad7dfc908bc795bff1ae132a9298fde5097aec6c61c77a4e47c74feae081eaba617b6f7002c7411908fbf9cfd05cca2843b7ba9da81f3a4d91b67740905c1340e75ad5323f5e02a086a9e8a4f2c7b31a1e11831cb157ed0ef2d8cbced16ec2d0e4db4db8110a1266655df05a1a84361bb2bd57adcc666625e5b41d5cf508720f4ee814c49c6b0e27998be25f48bd706f15b6aab28e7a198c177c03749c3fb484db32199a6715c3e3920fe8ce9574d67e80f151efbcf0622bfb5161606ff942082999c7abfb7014463d1fe0f2d5354dc629dbdf8efb16a971e2e6cbe1b1a20c44a0adb1c12dc8e5f90cee54b128cad85b7b8e5ead777f7504d19e81f367392df4dae97b968427a28f4e133139ebbbd1d0438247d41ab45f7e00b43a13edcfe5cda3cd389a09e2d09f9b102a431450c716ed3def9c9bc3974eff3ad9ab4eba2132b913baa8a3eee65d6ce75ce51b8aa00ae08f2154a6164bfe8ffbb178f2fa843c382be053a82e98a66dd4f12e706a913b00b9ca431a4d77195e4c6f4819ddeed3a7ca3e66d8afcaa73ec2da7e846bcf2bc9c071bb87eb84737caef415770ee274590fec3b9970ad1e7d2f4add44715fbe5ba370c550b9e85e9af6f5a994d3fada7b2c35079c148aa3febbf97ceb9f970f32d479209978dfe73531db7fba3509d2ed88af4125a867ba6ae8af198ea87b57d98c08fa67c3fb040a92bcac402255fb3a6a0b413f75301cdb758aabef2743b9ddf0bfe71f821129a4a0d6d9c785a98d50ea66ae7dfa80ea9dfa90d31e1e88c9b22cdf673f01ac3a4d7f6815b4736c2f7fa19b1882576b04e7621b0d8549e95ebfe4b9699a729f74d95c3c54c2a7405d78dd1fbd2c3bd63d9ca3164401f0ef8db72498421b226ce07dadbfd1b06b2502a66039cd0a5b567015581c3fa4d3f6328b6257e68612ed5c5db6037aca97acb676af02a1198a8c0b2d5543f6ed2a28f095dc2c9d93867faff748fe2c3c07423489a95b91df73205dbc9b41103ddaffad97c2ca017e023a70681c08ee755daed5f74799158ba7a069732791142d3a942f89884b3dcb3f347f266e5d4b59433d5689e31660102ba78d13e351522126a0d6fc8c49b831a1913b6e3ce5eaa5213f6d4395acab6733d85e4985a3ac0f154bc369207961c5276c63d159dc52751a63297773fdfd20150aa918923080e09cced7bdde4f1288075c3ca379658246b33ec4383b8b3d913cf1dd981a862810a48793dfb0b13a718bb9e6e1d6b6f413f7ce835aefce9234ebc207f097f0d42277821230960cd580a1aa45baeef35af9c616bf56360b0bc56c604a43ba9b1ef57a928d35a803a8c755791bf6dece46f16166612c763fc4cc2c3cdd84e8777e86cd4252fe43ec65df569c7eaa2be36aee1caea767d639a2a138a97933329a8d4a448968a669031101001b1d08773d08231faeed2f65c3d4ae685db1ae714b91bca8f188fa0ab87719f88a3284198ce6361c011c033193e5dccc458fe757b9c18a4c306231ccb64614371b0d8014f55dd118e8295c18719f1a2cd1c74c80635b0af0723cb5706e55b11b29154bd54e70b336880931b92f8e87c81437b22e2544a98a6d0cc4e8229acfa266a67e7ee45dadba21d87e466f3f25026647d182a9d512acc170b02a56fda3e1260f8768bdb5479e96f1b3cbae9f2cfbb691b7c5fc78a4e314d6a40faf957e64e13996800f6db645c81b6a45652fd4ad9315bf1d22d037d0ef1d85b4b84ae7391caa8b34ba27e9bbcfe8b32810e6c135d6a1c6c65b883ee44f2a09cfccbfb58e95072f46ad6514f6fb0017a91a1c9b8d1b38725c6e1a324c0034c94c03576b2e18450aac9d77a90eed7b22559c97ea4a5636ddd529cab125c998dedd3311f8073cadabe0462f2f292237b9dad241edb4909e2521392288753861b197463cce5eac0835a9cbcc9e38470c1fdbe07e8158a84cf89d376fa7541d84858b716120190382749808ca75e8f7a0a2718389de97f0a02c221af362f98d9b08e7a8246681663791ade52eef85d638f4be277712be8a3ea1b7e9ae42166644d002de369689285a0b2d48433bd3b75d022f4d30d2703289442cb810023dd9a7cc2b7fd6ab9e8484ec661136c7f6644a0d4456ed36b9311d428c18dc9f6bcdf07ec00d91987b8b8190ca11555e5593a56014cb922c15d8d8b1ba55a2dfb78420b81b41d17214a9021730a36f8b98ad2cbaf910cf83980b9d2d721b2434eb51dbcf0ecb7bee76b90052b13007d76fdd316f188fd44aa1806fe0367d9073b891c8a0bcebd35208d1a90562296c32375267d7757bf4a51c005"], 0xb5e) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f00000002c0)={0x9, 0x0, 0x40}) sched_setscheduler(0x0, 0x5, 0x0) mq_timedreceive(r1, &(0x7f0000001d00)=""/4096, 0x1000, 0x1000, &(0x7f00000000c0)={0x77359400}) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x24) sendmmsg(r2, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000001001000001000000770000f200000000a6ff17b91c3b0d873722b41a1100008f2cd6cc62e13f10a5f31a26f4233e3ba1ff40e062a43f80b1baf272a416e63e58afdf284732bd1e1970000000009f313c4957c67a08676517ba1300000000858003ffffffffffffffff3e26b5ca26b5434dbd533925db8b54b33da7b9c7aefca1f9c49c6400000000000000000000000061e2448f23a7e40000000000d5c33d3cc0b2eeedde5233ac82d4f7de00c26cb542f13b5bc18adcfb59dfb5edff90d0a500a0fafa7af4fea59c878c765f6a084b83a0c37596366d369187f4440000"], 0x18}}], 0x1, 0x4048000) recvmmsg(r2, &(0x7f00000071c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x1e0002, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f0000000140)=ANY=[@ANYBLOB="1f0000000000000000000060050001000000e7fc4b0900000000000000b787"]) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)={0x1, 0x2, [{0x38d}]}) 04:51:07 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000000c0)='cgroup.procs\x00', 0x2, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f0000000040)={[{0x10001, 0xd847, 0x0, 0x3a28, 0x3, 0x80, 0xeb06, 0x1, 0x7, 0x7, 0x1, 0x101, 0x5}, {0x2, 0xbbed, 0x580, 0xfff, 0x100, 0x7, 0xfffffffffffffffa, 0x0, 0x400, 0x9, 0x5, 0x6, 0x2}, {0x35ebe5f5, 0xffffffffffffff80, 0x4, 0x2, 0xbf4, 0x0, 0x4, 0x81, 0x3, 0x4, 0x9, 0x4, 0x8}], 0x964}) sendfile(r1, r1, &(0x7f0000000100)=0x4c000ffc, 0x2411) 04:51:07 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r2, &(0x7f0000000180)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @rand_addr=0x3fb9}, @ib={0x1b, 0x4, 0x100, {"cbb9ea219110fe91622cc87d478a8a81"}, 0x9, 0x8, 0x81}}}, 0x118) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) execve(&(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)=[&(0x7f00000000c0)=']lonodev)\'%\x00', &(0x7f0000000100)='/,\x00'], &(0x7f00000003c0)=[&(0x7f0000000300)='/dev/dri/card#\x00', &(0x7f0000000340)='GPLproc\x00', &(0x7f0000000380)='@{security&[bdev\x00']) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$EVIOCSCLOCKID(r4, 0x400445a0, &(0x7f0000000040)=0x101) r5 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) 04:51:07 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:07 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)={0x0, 0x0, 0x2}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:07 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x88, 0x40) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000300)='/dev/uinput\x00', 0x802, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xffffffffffffffdc) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={r6, @in={{0x2, 0x4e20, @remote}}, 0x8, 0x5, 0x88, 0x906f}, &(0x7f00000000c0)=0x98) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000100)={r7, 0x7fff}, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x7, &(0x7f0000000140)=0x7, 0x4) ioctl$sock_ifreq(r8, 0x8992, &(0x7f0000000240)={'bond0\x00\xe1\x03\f\x00!!\x00\x01\x00\x01', @ifru_names='bond_slave_1\x00\x00\x00\b'}) r9 = accept(0xffffffffffffffff, &(0x7f00000001c0)=@l2, &(0x7f0000000280)=0x80) bind$vsock_stream(r9, &(0x7f00000002c0)={0x28, 0x0, 0x2711, @reserved}, 0x10) 04:51:07 executing program 5: r0 = socket$inet6(0xa, 0x801, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f00000008c0)='./file0\x00', 0x0, 0x0) r5 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r6 = syz_open_dev$sndseq(&(0x7f0000000640)='/dev/snd/seq\x00', 0x0, 0x6) r7 = dup2(r6, r5) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00', 0x1f}) write$sndseq(r5, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r4) listen(r0, 0xffeffffefffffffb) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @random="192bce5e2dfb", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000580)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x20, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x0, 0x1}]}}}}}}}}, 0x0) [ 743.543582] SELinux: ebitmap: truncated map 04:51:08 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d30000005f3f000000000000000000"], 0x38) [ 743.582090] SELinux: failed to load policy 04:51:08 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)={0x80, 0x0, 0x20000000000000}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f00000000c0)=0x6) r1 = memfd_create(&(0x7f0000000080)='#e\xa7x\xc3\x17DQx\x88\xca94\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x400000, 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[], 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) r5 = dup2(r1, r0) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) [ 743.705841] SELinux: ebitmap: truncated map [ 743.755205] SELinux: failed to load policy 04:51:08 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d40000005f3f000000000000000000"], 0x38) 04:51:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xff, 0x104800) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f00000000c0)) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r2, 0x4030ae7b, &(0x7f00000001c0)={0x79}) [ 743.813058] syz-executor.5 (19462) used greatest stack depth: 21152 bytes left [ 743.827202] protocol 88fb is buggy, dev hsr_slave_0 [ 743.832362] protocol 88fb is buggy, dev hsr_slave_1 04:51:08 executing program 3: r0 = memfd_create(&(0x7f0000000200)='vmnet1nodev[user,em1/-\x00', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000080), &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r0, 0x0) r1 = fcntl$getown(r0, 0x9) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0xc) capset(&(0x7f0000000000)={0x24020019980330, r1}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x672}) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) [ 744.001268] SELinux: ebitmap: truncated map [ 744.006646] SELinux: failed to load policy [ 744.022627] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 744.036742] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 744.089084] CPU: 0 PID: 19480 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 744.096093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 744.105462] Call Trace: [ 744.108069] dump_stack+0x172/0x1f0 [ 744.111718] dump_header+0x15e/0xa55 [ 744.115459] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 744.120580] ? ___ratelimit+0x60/0x595 [ 744.124472] ? do_raw_spin_unlock+0x57/0x270 [ 744.128876] oom_kill_process.cold+0x10/0x6ef [ 744.133364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 744.138888] ? task_will_free_mem+0x139/0x6e0 [ 744.143491] ? find_held_lock+0x35/0x130 [ 744.147543] out_of_memory+0x936/0x12d0 [ 744.151509] ? lock_downgrade+0x810/0x810 [ 744.155659] ? oom_killer_disable+0x280/0x280 [ 744.160157] ? find_held_lock+0x35/0x130 [ 744.164218] mem_cgroup_out_of_memory+0x1d2/0x240 [ 744.169050] ? memcg_event_wake+0x230/0x230 [ 744.173365] ? do_raw_spin_unlock+0x57/0x270 [ 744.177774] ? _raw_spin_unlock+0x2d/0x50 [ 744.181924] try_charge+0xef7/0x1480 [ 744.185645] ? find_held_lock+0x35/0x130 [ 744.189712] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 744.194544] ? get_mem_cgroup_from_mm+0x139/0x320 [ 744.199378] ? find_held_lock+0x35/0x130 [ 744.203432] ? get_mem_cgroup_from_mm+0x139/0x320 [ 744.208291] memcg_kmem_charge_memcg+0x7c/0x130 [ 744.212951] ? memcg_kmem_put_cache+0xb0/0xb0 [ 744.217445] ? get_mem_cgroup_from_mm+0x156/0x320 [ 744.222283] memcg_kmem_charge+0x136/0x370 [ 744.226518] __alloc_pages_nodemask+0x3c3/0x750 [ 744.231179] ? __alloc_pages_slowpath+0x2870/0x2870 [ 744.236196] ? lockdep_hardirqs_on+0x415/0x5d0 [ 744.240766] ? trace_hardirqs_on+0x67/0x220 [ 744.245076] ? kasan_check_read+0x11/0x20 [ 744.249218] copy_process.part.0+0x3e0/0x7a30 [ 744.253707] ? mark_held_locks+0x100/0x100 [ 744.257941] ? __might_fault+0x12b/0x1e0 [ 744.257967] ? __cleanup_sighand+0x70/0x70 [ 744.257984] ? lock_downgrade+0x810/0x810 [ 744.258008] _do_fork+0x257/0xfd0 [ 744.266377] ? fork_idle+0x1d0/0x1d0 [ 744.278380] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 744.283127] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 744.287872] ? do_syscall_64+0x26/0x620 [ 744.291840] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 744.297193] ? do_syscall_64+0x26/0x620 [ 744.301159] __x64_sys_clone+0xbf/0x150 [ 744.305126] do_syscall_64+0xfd/0x620 [ 744.308920] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 744.314097] RIP: 0033:0x459a09 [ 744.317309] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 744.336201] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 744.344424] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 744.351692] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 744.358948] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 744.366559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 744.373825] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff [ 744.395258] Task in /syz0 killed as a result of limit of /syz0 [ 744.412383] memory: usage 307128kB, limit 307200kB, failcnt 4108 [ 744.418805] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 744.425719] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 04:51:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x5, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x400000, 0x0) 04:51:08 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:08 executing program 3: capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:08 executing program 4: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0xfffffffffffffffb, 0x20000) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000040)) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0) ioctl$TIOCMBIC(r1, 0x5417, &(0x7f00000000c0)) ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f0000000100)=""/201) r2 = dup2(r0, r1) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r2, 0x110, 0x3) socket$bt_rfcomm(0x1f, 0x1, 0x3) r3 = add_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$restrict_keyring(0x1d, r3, &(0x7f0000000280)='user\x00', &(0x7f00000002c0)='.,\x00') r4 = dup(r1) openat$cgroup_procs(r4, &(0x7f0000000300)='cgroup.procs\x00', 0x2, 0x0) r5 = fcntl$dupfd(r4, 0x406, 0xffffffffffffffff) ioctl$PPPIOCGFLAGS1(r5, 0x8004745a, &(0x7f0000000340)) ioctl$PPPIOCDISCONN(r2, 0x7439) r6 = syz_open_dev$cec(&(0x7f0000000380)='/dev/cec#\x00', 0x0, 0x2) write$P9_RXATTRWALK(r6, &(0x7f00000003c0)={0xf, 0x1f, 0x1, 0x80}, 0xf) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) futex(&(0x7f0000000400), 0x82, 0x0, &(0x7f0000000480)={r7, r8+10000000}, &(0x7f00000004c0), 0x1) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000500)) r9 = syz_open_dev$mouse(&(0x7f0000000540)='/dev/input/mouse#\x00', 0xffffffff, 0x400800) r10 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200040}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x34, r10, 0x300, 0x70bd2b, 0x25dfdbfd, {{}, 0x0, 0x4101, 0x0, {0x18, 0x17, {0x7, 0x7f9e, @l2={'eth', 0x3a, 'lapb0\x00'}}}}, ["", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000) prctl$PR_SET_FPEXC(0xc, 0x1e0000) r11 = syz_open_dev$sndpcmc(&(0x7f00000006c0)='/dev/snd/pcmC#D#c\x00', 0x1ff, 0x0) r12 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r11, 0x89e2, &(0x7f0000000700)={r12}) setsockopt$inet6_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000740)=@gcm_256={{0x303}, "24113f96dabf158a", "f1bf7d91270237b01a10f5bb90a3fa9c81c4617597e617f1a51e21b232cc5155", "ab41da91", "c24bd5d91a754a43"}, 0x38) ioctl$INOTIFY_IOC_SETNEXTWD(r5, 0x40044900, 0x7ff) r13 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000780)='/dev/vga_arbiter\x00', 0x41f9c2477a19d75c, 0x0) r14 = gettid() lstat(&(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r13, 0xc0286405, &(0x7f0000000880)={0x6, 0x1f, r14, 0x0, r15, 0x0, 0x6, 0x8}) 04:51:08 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0xf, 0x4, 0x4, 0x400, 0x0, 0x1}, 0xf) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x80000, 0x0) ioctl$TIOCCBRK(r1, 0x5428) write$binfmt_misc(0xffffffffffffffff, &(0x7f00000000c0)={'syz0', "52f9acb91b3b163b9b9b5cbece9ed72f537d9c5d63714299c054c4e43acca517beef4762135da1732fee0f74c5236d14c37940a81ea06a746c401afb9a81"}, 0x42) accept4$x25(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x80000) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000200)={0xfe7d}) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ashmem\x00', 0x3bafc829160e5d1b, 0x0) r2 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x3f, 0x12200) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$RTC_WIE_ON(r4, 0x700f) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000240)={0x7, 0x0, 0x6, 0xd249, 0x6, 0x9379}) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000140)={0x7, 0x1291}) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, &(0x7f0000000100), &(0x7f0000000180)=""/91}, 0x18) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) setsockopt$inet6_MRT6_ADD_MFC(r6, 0x29, 0xcc, 0xfffffffffffffffe, 0x0) [ 744.433063] Memory cgroup stats for /syz0: cache:0KB rss:232144KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:232280KB inactive_file:0KB active_file:4KB unevictable:0KB [ 744.467348] Memory cgroup out of memory: Kill process 10662 (syz-executor.0) score 1113 or sacrifice child 04:51:08 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) io_setup(0x1ff, &(0x7f0000000040)=0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) io_pgetevents(r2, 0x5, 0x4, &(0x7f0000000080)=[{}, {}, {}, {}], &(0x7f0000000180)={r3, r4+30000000}, &(0x7f0000000200)={&(0x7f00000001c0)={0x7}, 0x8}) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 744.515699] Killed process 10662 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:09 executing program 5: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f00000000c0)=0x3f36533f, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x10) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 04:51:09 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d50000005f3f000000000000000000"], 0x38) 04:51:09 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8040fffffffd) 04:51:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r1, 0xc0345642, &(0x7f0000000080)={0x7, "d68f2f7d590c0107e9c9bf542bb98f80585a9c0dff901b5c2aa071ee16660da7"}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r2 = socket(0x40000000015, 0x5, 0x0) getsockopt(r2, 0x1, 0x8, &(0x7f0000af0fe7)=""/13, &(0x7f00000000c0)=0xffffffffffffff2a) 04:51:09 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x5c4, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4309, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x81}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nullb0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc000f0, 0x0, 0x0, 0x0, 0x2000000000002) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000000)) 04:51:09 executing program 3: r0 = getpid() tkill(r0, 0x1000000000015) capset(&(0x7f0000000000)={0x24020019980330, r0}, &(0x7f0000000040)={0x0, 0x1, 0x400000}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x3, 0x80000) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:51:09 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000040)={0x0, 0x100000, 0xffff, &(0x7f0000000000)=0x2}) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) mq_timedreceive(r4, &(0x7f0000000140)=""/4096, 0x1000, 0xffffffffffff5ea1, &(0x7f0000001140)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r5, &(0x7f0000000040), 0x3a3728, 0x0, 0x0, 0xffffffffffffffbf) 04:51:09 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8040fffffffd) [ 744.905048] SELinux: ebitmap: truncated map [ 744.932720] SELinux: failed to load policy 04:51:09 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000280)='cpuset.effective_cpus\x00', 0x0, 0x0) write$FUSE_LSEEK(r4, &(0x7f00000002c0)={0x18, 0x0, 0x6, {0x4}}, 0x18) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0101000000000008000001000000140001000800080042ca2b0a0800050000000000"], 0x28}}, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$SIOCRSSCAUSE(0xffffffffffffffff, 0x89e1, &(0x7f00000000c0)=0x2) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0xfffffffffffffffa, 0x280) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) getsockopt$inet_sctp_SCTP_NODELAY(r8, 0x84, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x3}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000140)={r9, @in6={{0xa, 0x4e24, 0x1f, @ipv4={[], [], @empty}, 0x1c1}}}, 0x84) 04:51:09 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d60000005f3f000000000000000000"], 0x38) 04:51:09 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8040fffffffd) 04:51:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f00000000c0)='\xd4\xb5\xe1\x9eO\v!\x17\x00', 0x5, 0x292001) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)=0x0) ptrace$setopts(0x36c2132ae58a4544, r2, 0x7, 0x8) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$CAPI_GET_SERIAL(r4, 0xc0044308, &(0x7f0000000100)=0x800) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}}}, &(0x7f00000001c0)=0xe8) stat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$bpf(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x800000, &(0x7f0000000480)={[{@mode={'mode', 0x3d, 0x7ff}}, {@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x7f}}], [{@subj_type={'subj_type', 0x3d, '\'GPL'}}, {@fowner_gt={'fowner>', r7}}, {@fowner_eq={'fowner', 0x3d, r8}}, {@appraise='appraise'}, {@seclabel='seclabel'}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@obj_type={'obj_type', 0x3d, '\xd4\xb5\xe1\x9eO\v!\x17\x00'}}]}) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000200)={0x8070, 0x3, 0xfffffffffffffffe, 'queue0\x00', 0x8001}) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x475d0d4722f7d56, 0x10, r1, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x20011, r1, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f00000002c0)=ANY=[]) [ 745.238357] SELinux: ebitmap: truncated map 04:51:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4008ae93, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000040)=[@in6={0xa, 0x4e20, 0x3ff, @remote}, @in={0x2, 0x4e23, @local}], 0xfffffffffffffd47) 04:51:09 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:09 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d70000005f3f000000000000000000"], 0x38) [ 745.313945] SELinux: failed to load policy 04:51:09 executing program 1: shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000080)=""/213) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$ASHMEM_SET_NAME(r3, 0x41007701, &(0x7f0000000200)='!\x00') ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f00000001c0)={'lo\x00', {0x2, 0x4e24, @multicast2}}) syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) r6 = syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0xe3af, 0x2) ioctl$SG_GET_NUM_WAITING(r6, 0x227d, &(0x7f0000000040)) [ 745.524348] SELinux: ebitmap: truncated map 04:51:09 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$P9_RREMOVE(r1, &(0x7f0000000180)={0x6e785e3d1cb434ee}, 0x14df) r2 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x1, 0x20001) ioctl$TCGETS(r2, 0x5401, &(0x7f0000000080)) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0xa001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r1, 0x0, 0x4000000000000}) [ 745.563207] SELinux: failed to load policy [ 745.671604] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 745.772078] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 745.811125] CPU: 1 PID: 19573 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 745.818117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.827490] Call Trace: [ 745.830088] dump_stack+0x172/0x1f0 [ 745.833727] dump_header+0x15e/0xa55 [ 745.837542] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 745.842664] ? ___ratelimit+0x60/0x595 [ 745.846568] ? do_raw_spin_unlock+0x57/0x270 [ 745.850994] oom_kill_process.cold+0x10/0x6ef [ 745.855505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 745.861052] ? task_will_free_mem+0x139/0x6e0 [ 745.865555] ? find_held_lock+0x35/0x130 [ 745.869632] out_of_memory+0x936/0x12d0 [ 745.873612] ? lock_downgrade+0x810/0x810 [ 745.877769] ? oom_killer_disable+0x280/0x280 [ 745.882268] ? find_held_lock+0x35/0x130 [ 745.886481] mem_cgroup_out_of_memory+0x1d2/0x240 [ 745.891336] ? memcg_event_wake+0x230/0x230 [ 745.895671] ? do_raw_spin_unlock+0x57/0x270 [ 745.900174] ? _raw_spin_unlock+0x2d/0x50 [ 745.904334] try_charge+0xef7/0x1480 [ 745.908057] ? find_held_lock+0x35/0x130 [ 745.912131] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 745.916979] ? get_mem_cgroup_from_mm+0x139/0x320 [ 745.921828] ? find_held_lock+0x35/0x130 [ 745.925899] ? get_mem_cgroup_from_mm+0x139/0x320 [ 745.930764] memcg_kmem_charge_memcg+0x7c/0x130 [ 745.935436] ? memcg_kmem_put_cache+0xb0/0xb0 [ 745.939949] ? get_mem_cgroup_from_mm+0x156/0x320 [ 745.944796] memcg_kmem_charge+0x136/0x370 [ 745.949028] __alloc_pages_nodemask+0x3c3/0x750 [ 745.949044] ? __alloc_pages_slowpath+0x2870/0x2870 [ 745.949061] ? lockdep_hardirqs_on+0x415/0x5d0 [ 745.949076] ? trace_hardirqs_on+0x67/0x220 [ 745.949087] ? kasan_check_read+0x11/0x20 [ 745.949104] copy_process.part.0+0x3e0/0x7a30 [ 745.949122] ? mark_held_locks+0x100/0x100 [ 745.949145] ? __might_fault+0x12b/0x1e0 [ 745.949164] ? __cleanup_sighand+0x70/0x70 [ 745.949177] ? lock_downgrade+0x810/0x810 [ 745.949200] _do_fork+0x257/0xfd0 [ 745.996531] ? fork_idle+0x1d0/0x1d0 [ 746.000238] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 746.005009] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 746.009770] ? do_syscall_64+0x26/0x620 [ 746.014076] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.019463] ? do_syscall_64+0x26/0x620 [ 746.023528] __x64_sys_clone+0xbf/0x150 [ 746.027505] do_syscall_64+0xfd/0x620 [ 746.031663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.036840] RIP: 0033:0x459a09 [ 746.040038] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 746.058937] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 746.066651] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 746.073908] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 746.081167] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 746.088430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 746.096309] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff [ 746.112800] Task in /syz0 killed as a result of limit of /syz0 [ 746.128772] memory: usage 307192kB, limit 307200kB, failcnt 4136 [ 746.135303] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 746.142518] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 746.149184] Memory cgroup stats for /syz0: cache:0KB rss:232248KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:232276KB inactive_file:0KB active_file:0KB unevictable:0KB [ 746.170865] Memory cgroup out of memory: Kill process 10706 (syz-executor.0) score 1113 or sacrifice child [ 746.180808] Killed process 10706 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 746.193288] oom_reaper: reaped process 10706 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 746.196860] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 746.219178] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 746.225215] CPU: 0 PID: 19569 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 746.232138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.241490] Call Trace: [ 746.244071] dump_stack+0x172/0x1f0 [ 746.247705] dump_header+0x15e/0xa55 [ 746.251405] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 746.256496] ? ___ratelimit+0x60/0x595 [ 746.260369] ? do_raw_spin_unlock+0x57/0x270 [ 746.264780] oom_kill_process.cold+0x10/0x6ef [ 746.269291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.274849] ? task_will_free_mem+0x139/0x6e0 [ 746.279347] out_of_memory+0x936/0x12d0 [ 746.283314] ? oom_killer_disable+0x280/0x280 [ 746.287806] ? find_held_lock+0x35/0x130 [ 746.291863] mem_cgroup_out_of_memory+0x1d2/0x240 [ 746.296693] ? memcg_event_wake+0x230/0x230 [ 746.301005] ? do_raw_spin_unlock+0x57/0x270 [ 746.305406] ? _raw_spin_unlock+0x2d/0x50 [ 746.309539] try_charge+0xc4e/0x1480 [ 746.313246] ? find_held_lock+0x35/0x130 [ 746.317305] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 746.322132] ? get_mem_cgroup_from_mm+0x139/0x320 [ 746.326971] ? find_held_lock+0x35/0x130 [ 746.331191] ? get_mem_cgroup_from_mm+0x139/0x320 [ 746.336038] memcg_kmem_charge_memcg+0x7c/0x130 [ 746.340704] ? memcg_kmem_put_cache+0xb0/0xb0 [ 746.345193] ? get_mem_cgroup_from_mm+0x156/0x320 [ 746.350037] memcg_kmem_charge+0x136/0x370 [ 746.354261] __alloc_pages_nodemask+0x3c3/0x750 [ 746.358930] ? __alloc_pages_slowpath+0x2870/0x2870 [ 746.363944] ? lockdep_hardirqs_on+0x415/0x5d0 [ 746.368636] ? trace_hardirqs_on+0x67/0x220 [ 746.372959] ? kasan_check_read+0x11/0x20 [ 746.377111] copy_process.part.0+0x3e0/0x7a30 [ 746.381605] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 746.386698] ? delayacct_end+0x5c/0x100 [ 746.390666] ? __delayacct_freepages_end+0xe0/0x140 [ 746.395688] ? __lock_acquire+0x6ee/0x49c0 [ 746.399931] ? __cleanup_sighand+0x70/0x70 [ 746.404154] ? mark_held_locks+0x100/0x100 [ 746.408383] _do_fork+0x257/0xfd0 [ 746.411858] ? fork_idle+0x1d0/0x1d0 [ 746.415671] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 746.421552] ? kasan_check_read+0x11/0x20 [ 746.425692] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 746.430435] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 746.435262] ? do_syscall_64+0x26/0x620 [ 746.439223] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.444584] ? do_syscall_64+0x26/0x620 [ 746.448567] __x64_sys_clone+0xbf/0x150 [ 746.452553] do_syscall_64+0xfd/0x620 [ 746.456340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.461511] RIP: 0033:0x45c3d9 [ 746.464690] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 746.483576] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 746.491273] RAX: ffffffffffffffda RBX: 00007f5e2cafa700 RCX: 000000000045c3d9 [ 746.498548] RDX: 00007f5e2cafa9d0 RSI: 00007f5e2caf9db0 RDI: 00000000003d0f00 [ 746.505828] RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa700 R09: 00007f5e2cafa700 [ 746.514060] R10: 00007f5e2cafa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 746.521322] R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 [ 746.529995] Task in /syz0 killed as a result of limit of /syz0 [ 746.536017] memory: usage 304828kB, limit 307200kB, failcnt 4136 [ 746.542243] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 746.549341] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 746.555480] Memory cgroup stats for /syz0: cache:0KB rss:230228KB rss_huge:194560KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:230116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 746.576283] Memory cgroup out of memory: Kill process 11798 (syz-executor.0) score 1113 or sacrifice child [ 746.586214] Killed process 11798 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:12 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$SIOCGIFMTU(0xffffffffffffffff, 0x8921, &(0x7f00000001c0)) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000200)) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000180)=0x8, 0x4) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000000)={0x80000000, 0x4, 0x8000, 0x7d, 0x20, 0x81, 0x20, 0x7, 0x0}, &(0x7f0000000040)=0xffffffffffffff58) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000080)={r4, @in={{0x2, 0x4e20, @multicast2}}, 0x39, 0x7, 0x9, 0x2, 0x4}, &(0x7f0000000140)=0x98) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(r6, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b3a7297d", @ANYRES16=r7, @ANYBLOB="000329bd7000fbdbdf25010000000000000009410000004c00180000423075647000"/98], 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) rt_sigprocmask(0x2, &(0x7f0000000340), 0x0, 0x8) 04:51:12 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:12 executing program 1: setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.upper\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="00fbb40702870135b2af2ad52b3dc9a67227353e9181fe238645503bd43363749af265891268d64f7627a40dcc40664f2932c4aaf7980b8d6c427178dc5eaddaa5aeb78f82efac56bba1990f7c429867ecc8331da8c520be0c8ec6f4b78980ebd225b410855c54409b5719e4a5c78c7f7b5e667082994dd6e8aec7a96ecaaf351fcecdbcadb2101a4476923bcc3ae50e63491ca867fa2706c0eb3f8afc1de8d35335c85a20dcb4611a2ad873eed09eb0a3057a0e"], 0xb4, 0x2) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000140)={0x0, 0x0, 0x1f, 0x0, 0x6, 0xfffffffffffffffd, 0x6183}, 0xffffffffffffff04) 04:51:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/x\x00', 0x4b0402, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x3) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f00000000c0)) ioctl$TCSETA(r2, 0x5406, &(0x7f0000000080)={0x97eb, 0x6, 0x800, 0x4, 0xf, 0x5, 0x0, 0xffff, 0x4, 0x40}) ioctl$FIONREAD(r0, 0x80047437, &(0x7f0000000100)) 04:51:12 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)=0x0) capset(&(0x7f0000000000)={0x24020019980330, r2}, &(0x7f0000000140)={0x400000, 0x401, 0x1f, 0x0, 0x1f}) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r5, 0x84, 0x15, &(0x7f0000000080)={0x400}, 0x1) r6 = dup2(r3, r3) r7 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0xc0001, 0x0) ioctl$RTC_RD_TIME(r7, 0x80247009, &(0x7f0000000100)) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) 04:51:12 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d80000005f3f000000000000000000"], 0x38) 04:51:12 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x0, 0x400000) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@broadcast, @in6=@ipv4={[], [], @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6}}, &(0x7f0000000040)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@remote}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e24, 0x76, 0x4e22, 0xffff, 0xa, 0x0, 0x0, 0xe8, r3, r4}, {0x8, 0x100, 0x1ff, 0x7, 0x412, 0x3, 0x0, 0x4}, {0x7, 0x0, 0x9, 0x4}, 0x5, 0x0, 0x3, 0x1, 0x0, 0x2}, {{@in6=@loopback, 0x4d4, 0x6c}, 0xa, @in6=@remote, 0x3507, 0x2, 0x1, 0x400, 0x9, 0x1, 0x7}}, 0xe8) r5 = dup(r0) setsockopt$inet_int(r5, 0x0, 0x32, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) [ 747.988951] SELinux: ebitmap: truncated map [ 747.993587] SELinux: failed to load policy 04:51:12 executing program 4: r0 = socket(0x10, 0x802, 0x0) r1 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x6, 0x181000) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video37\x00', 0x2, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008915, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='s.eventa\x00\x00\x00\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x21, 0x0, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x87, &(0x7f0000000140)=""/135, 0x41000, 0x6, [], 0x0, 0x12, r5, 0x8, &(0x7f0000000200)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x8, 0x6, 0x8000}, 0x10}, 0x70) write(r0, &(0x7f0000000080)="240000001a0001f00080000400ede80e0af6f92c7839010600f2ffcb0800190005ac0000", 0x24) 04:51:12 executing program 5: r0 = socket(0x10, 0x3, 0xc) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) write(r0, &(0x7f00000001c0)="1f00000001041500000854c007110000f305010008000100010423dcffdf00a9e3c4c5dae184518f8886f48fe480a26cf2fecad347fcb1993c2e74568eb4e28b3db219851a289e89507caeca14d4ee304173155b084b8a5d98f2aa9eb6cc713974180d4bc0d1c3c3441f64bae63f8173dcbd212bd191d1a0adf56f5d3260af80c1dada65cbe7085048e7d894729eaf3b34b8096284fe4e56ae6a16e20e2c7697175537cec35e9e155f05b4616387355dffab17b6183f80623b3f00691044698530a00aa1f1e69ac7a2b882e750847732255f2217e5c27d42010e28b965f9a49266a92478095959b4abd4f7bd18d4c4e154c8a244812843d7ad2e7b5337334cfd08a7ad3e508108160474de1045d99d55436c71911010139cfd39270aad467a20649ff4267e4e2c1ef681", 0xc5) write(r0, &(0x7f00000000c0)="1f0000000104ff40003b54c007110000f30501000b000200007afbdf0664fa", 0x1f) ioctl$SIOCX25GCALLUSERDATA(r0, 0x89e4, &(0x7f0000000100)={0xe, "92c31558c67ef90ff9c60a813d1e3d8b6ada3d503f4f097623740bae88daac949f247d11a42a1b2039d0081bb9483201c3a7b67fcecc8770fc5999a32cfa399f9e6a998adceaf280276be5f5b1a932f553bbb44a7ca656d90396e97405f239cd6a6b717ff8616813ef254252a70c44c663f934f44318371baef15d61c8c320c0"}) 04:51:12 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r1, &(0x7f0000000240)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x200096dc) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) 04:51:12 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500d90000005f3f000000000000000000"], 0x38) [ 748.147617] net_ratelimit: 13 callbacks suppressed [ 748.147643] protocol 88fb is buggy, dev hsr_slave_0 [ 748.159204] protocol 88fb is buggy, dev hsr_slave_1 [ 748.164925] protocol 88fb is buggy, dev hsr_slave_0 [ 748.170474] protocol 88fb is buggy, dev hsr_slave_1 04:51:12 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:12 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = openat$dsp(0xffffffffffffff9c, 0xffffffffffffffff, 0xa0000, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) getsockname$ax25(r2, &(0x7f0000000000)={{0x3, @rose}, [@netrom, @rose, @netrom, @netrom, @remote, @remote, @bcast]}, &(0x7f0000000080)=0x48) setsockopt$inet_pktinfo(r1, 0x0, 0x8, 0x0, 0x0) 04:51:12 executing program 5: semop(0x0, &(0x7f0000000040)=[{0x0, 0xfff, 0x1000}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x400, 0x0) ioctl$TCSETXW(r1, 0x5435, &(0x7f00000000c0)={0x1, 0x5, [0xffff, 0x7, 0x579, 0x100000e70f, 0x9], 0x9}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x1ce, 0x0, 0x0, 0x0) rt_sigsuspend(&(0x7f0000000100)={0x6}, 0x8) r4 = getpid() ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)=r4) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:51:12 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500da0000005f3f000000000000000000"], 0x38) [ 748.383118] SELinux: ebitmap: truncated map [ 748.392618] SELinux: failed to load policy 04:51:12 executing program 4: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=ANY=[@ANYBLOB="1800000000000000000000000000000061150000000000089500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) [ 748.576991] SELinux: ebitmap: truncated map 04:51:13 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 748.632521] SELinux: failed to load policy 04:51:13 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500db0000005f3f000000000000000000"], 0x38) [ 748.787175] protocol 88fb is buggy, dev hsr_slave_0 [ 748.787212] protocol 88fb is buggy, dev hsr_slave_1 [ 748.792330] protocol 88fb is buggy, dev hsr_slave_1 [ 748.804972] SELinux: ebitmap: truncated map [ 748.810535] SELinux: failed to load policy [ 750.227191] protocol 88fb is buggy, dev hsr_slave_0 [ 750.232423] protocol 88fb is buggy, dev hsr_slave_1 [ 750.237555] protocol 88fb is buggy, dev hsr_slave_0 04:51:15 executing program 1: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bpq0\x00', 0x21}) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') getdents(r0, &(0x7f0000000040)=""/46, 0x2e) getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d7, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$TCSETX(r4, 0x5433, &(0x7f0000000100)={0x3f, 0x8c, [0xe1, 0xc0, 0x100, 0x7, 0xcd0], 0x100000001}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000000c0), 0x3b, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r2, 0x0, 0x0) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) sendmsg(r5, &(0x7f0000000480)={&(0x7f0000000400)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80, &(0x7f00000001c0)=[{&(0x7f00000006c0)="ceb723084c77373e9c0ab840028a112a3e075ef8ddc997c5a48fbcd68f854460df00b41c8d94c8500d9fbdf68e8840d4ee11786b7f7f44758cb948a432689b6c5d08fb06d3f8a50a34f32737a5dce8ec9d3058863d5b761db691f09c2103068ec19ffebcc347bb6e5d4311fd07ef2b42a70a33dc0cf4b4071ed5440e4b7be4411a13c3941c07a55a32f1c5759c3b13bcb7865b67111c360b4b5fc0860cac710b66360895d9abfbcbadf79c39b9bb66f5aa72ec652272ed4c4041bad821bb6e6949f15fe036fd5f96c017568f4f8d12e247bf49c21a4af9d01ac87f708eb6c4484e34fb1cfc01dd5cea94129ffa637de668a8fbfc5db63fc59e21abe0ef982333fe128178c26a0bf0d239cd5a50e462e1ce82d9b271fa6746174d236d1b974bbc243ce18e681ee904470f79ce39b403152204931e52e35c5309fbd18dd4f994576ea67409b999f3760350f561d78faa99ee0b0c2531dc44be76a03a9d8f95dfa82d8a3a4194700fcb9afd2cc50956c9b0155ed1da7dc6da0bf45a5b475336a7ed4f643b9125ae17152aa6cfa677941f95e33d68fc7488f3a2d3acf6c7f4c61cacc1f88e61822902937d07f347c8f3d9a9af7d3c52429ca44423d82d4b8ee01a8dac0afc8a255eda3e2d4417e4597e6aa43dcad95694ecf11479045558ec93f77528924b4028e397644ab77000dee1f9ec245adeb0e6cb7955408166e8a36eb3a47ad05a63d8cb84cc971be1964ff309bb2a6b5c588c0e22ef80169a3992479edae561b3780363c3964fb6aaef4287e0885476ab2d411d577612dc8a8d09ad17db453ba8c0aefb5b032494835818857685e95191b58c958badd881ebd2b02feb78501213599d681be0c82ee13c28a1c01eb08b83180b2b36b35b57d4bc4b4db6a8b1ca7a5f6f4517e8abb151ead0940b96ffc8cfba116924a3ce724b020f12007c9ede433bf41a932795fae39ba4ddb3badc1a7fccbdf846b9256ea3144bcf819b49ae39ff99fe0a028735d6343aba23c198dfe7087eda66f8137253625f3dc085b8005ef65e394623053e7af293004faefb84f95d5d5eeee3c40a3e7dad50ed5f232cf0b85ce196274dddba20a30a645e1667357dd5c618c50e51f40252be5c52ac8a4c9356eba5e306d6a6eac7a52ae59a2e23cec2fc34dd5fce2639a506d02fbc5092a82e1f7a420a257c85f18693808341380677edc1f925d07572f03bb875976bca541f97855ee6a6db3cb71210b9fb29c4855404af322eeb9cfcd4735ee45a911aec36f5307dc3d5260e714f63d9ad44e9cd42cb9820e37c3f25e465eb7a3c73d1895305e028f4c3d42391b9acef87ab03751738d809c8d09873318485e044175c133ccdc4e1b75133ad6a158097f91b88b6c6740afe5de37d296be2a77226d3700cb695ef919ee319caf67ed3a3c220fdd27e51db19d0fb056fb9b0ad11a789e67b8660f16beab752067087f99ddc5f7f33540026baff7a294900be97106913f15bdcaf05450a25364d80bc62991c86e0e07f47001ee75c2f937dbe1a5277e56f4bb159617e95cfce051b9ff3f58a9b007873a874bbc3710d20f3a52a0e50dea410d1fbba58150666c466faf6e3e1f4c356624286057581e06e8355edf51bafa2c7e8179bfee9d9dbde84b4fbb35b06bf5b098e6b425a4e632fbc882aa915560597c89ecfbdb566d458ab5aead5cbcd285e1edfb2b8a9e09684527c31fc019b04a1de3219a037a90cc015f1a2366bc82f673e73801f388b0e7ffa21be3162737af7fbdd5cb5b0aecd4dbd7678a63af58e8176db39be03eae528ddf7fb7282055cf2ed11787114b497aa4c6c6a8a2b2656a474cd1a16d98ecb9dd5f222434b165f19315f03adefd5af6303237f2fef501c703542a718b85d88958a41411a9a7a7c3e19c66b065c624fc294cd6c15d77143cdaaa03c2588d34c7c5508fe16217b535d5a0acfc1987e91b12a57044175865c79d7e9c1c8aa0908b883c24da36d2d87194208258ddc1b6ba713ad3b88243e7d64c41cf5facd0f1281e555e4b803eeaeee7a83d07667d7d354b54f08aeea4d5c7c858a98f48d2bd9c59363d08240952148f6a43e985f841c4d9762362d26c62058a58d65478cd3a5e13474d6fcc885b4665c6ef144f55e9a7fce5efb6b764b40bcc394fe4032f0d3b1b2a9f0b51a0c7ee28656032e81d80d77e189e6821d867b742ac51a4042ad27c82ed24caea1883a927138afd1680d3b36b3558a1b5ed4cd258e3b5d60916cff1a46aa95a503605dd30524d346fcd1287e145ee5033b974dfa8ff5e03b0262d1087241de149fbdedc92d9c0c27dcdbdabd034fa5db75a1aea85e80c5ce3bc1c7926fc2686d5567e13829dc2fcceee0568975e55c69294d0d076142260de90baee9652d00b36d938a2fbe269a8bc99c152d20d84a6e5404662296ef3f94e775f7c7fae05e598d8e5e2e783fe2adfbf4f040bf8a47b27704ec848a7daab31a3ff29fa3855852dcc88e0870408c4f2068b22a962f27320387e0bdf4c7b14b92588e5608f90710c27be3095b9351b3a706487e0c9d7fbc82436a9dc2380fac0e185d5ff41386e81e222759a7446551ea4e6e3dbad008b776d1ef7806f258e85d778c36587187ec8fd8cbc802ebf10e0e5ebabc90bf51cf9b91e1d3ae3fe2d730e2f906760fd0670997893a0b0867f5ef990c1e75ddcb0a3bf561619747b2e6b5a878afb02593f1f1d4bbe007612eb4a4eb25cab5eff257bd71d7177bd0f5e7297675e1cab600f6e4a68b27cecc49826f38ce43b6d243d725b06134cffb4b235e16186b361fee6ce9a861c12d65b0d7127926221ffe21d4dfe908351839088cb603ad73020c2eb5dfff1d2f8daf0a87ce85e7064ddf0d7c91592d5324663a595f32e9977f7ae82a20b1765b41c53d192366ad43a610a8f15e1ff76893f388dede81ccdbe2dd20bf52a48b604200d16e312a65f4c22b40adaf3e7acce70c8bf2259030a2b191cdd03d2b374ce7f7364d47f7f75a9453dcfe38d0958f5c002b23fee2106d6681746bdb1a736829b16d64b03d59db905d92eeee840bb4002649a9a217613bf0c18b6d927588d29946191bf3f0df2b053a40f1c5bef9491b65c1bf21a3056c754b95f5b71a44dd3b4e17f1b852f5893fafba3b8e32a01b1dae074be54041418595e7e295127a8ed1db2228fe38d41bbbdcfa640d9850c042f234ec99da0b95e4876b773cc12231114806f66c0d8c22585f765702ec067f72b3bcf4927d6f4c334e927b101b88ec79bff104f574600a6fc9e93c2f87d40c4a8159258e1b2ea72404693580bc4d70a876a083d3cec18c662a8f97c43f2915ddecb3ecae23ca097a1a7d1c753d47eb0d745cac5ad7bac6d2d8c3d0581ee82b139843c9a5d54eff549c649f791bd9f022adb4d32946611d0ae53df7af46b736a1395e7b7d0d9d4eee1645b01015deb2f8657833f811541b0cf979023e82ee8ec4f22f76928027379c8d26d0ca9187fc340d74d01edc5f962bc71b308799eef21d1e2647d3b2586b991017c3d2186dac2384a3f6e4f25eb61e50a022d8f67312d683c1d8d177e884404ecdeb39c978582171a7d8d7bfa5c084d7df29e814d89d02072f2f6de2ee57d958565bfe8e14d54bbb362c2c61c1251f7726b72c715058e7c4e2501b0de096295e36d3e490480172fb586c9eb43e4da546d9491f89f266aab00257878041c49995df6e96e16eb6c5e8738271952a18e887970e76a3916c5148cdbbdf446e3940bb03e382ce792af151b166305219f40ffc8ec2be71846de4aa8c9254f62244fa2ba48f9c3aa6fa3673a78fa6e3025f792fc3f5ef8be2c6bf84589dc328b305add9cab62d75ced586fb3f766e89dbbb8b798b5ea06021e3fd603072b32e49c5189f33f74afb0117a48a83d6852d8de9c82bfe0548ddcd6dd36c2e460d452d4f77aabe339761c90d59f09fb5c9b0a3eebe814093aa331294bee331c87bdd2b1b0c19cc96432cf114ec1af8e882626b2e069394e48d9ea9318352061b6c6ea246bb0659bbcaa70021330aece089ef299b7224c2446b35518bf3a6e8f246a94a23d510bd150b41ba04aeb0a76f6414a29a230fede25b9d60e16a82dc0600e1e25d667b03a72aff8f0a2b434dc32f3f4fdd032af7326a57dbc4ab4a7740825efa3df979320e7e0ce12de4842e5f611582896e89c268cfc65084e6e95f56b370ec7c79f74b39333677f03a1b30b2757dee86de70aa23d416a1e26ec9c4e54bbc892f58ef18057a7a514391b1335ab9144b54aa5597e23d0231a350020600e3237b7cff0edb0f", 0xbe0}], 0x1}, 0x20000014) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) syz_emit_ethernet(0xfffffffffffffec9, 0x0, 0x0) 04:51:15 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = gettid() perf_event_open(0x0, r1, 0x0, 0xffffffffffffffff, 0x3) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYPTR64], 0xff39) ioctl$TUNSETFILTEREBPF(r0, 0x6609, 0x0) perf_event_open(&(0x7f0000000400)={0x0, 0x70, 0x58, 0xe5f, 0x8, 0x2, 0x0, 0x3, 0x0, 0x2, 0x3, 0x4, 0xe4, 0x0, 0x4f15, 0x100000002, 0x0, 0x8, 0x5, 0x0, 0x3, 0x1, 0xffff, 0x8, 0x0, 0x2, 0x1f, 0x0, 0x2, 0x5, 0x200, 0x9, 0x0, 0x2, 0x0, 0x9, 0xffffffffffffff00, 0x5, 0x0, 0xf863, 0x2, @perf_bp={0x0}, 0x10, 0x8, 0xffffffff, 0x7, 0x0, 0x1a7, 0x1}, r1, 0x0, r0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x0, 0x61, 0xda, &(0x7f0000000000)="13b6771619ef38a85f23c47b499137084cf760a5f47e647e86581d91b770bc9e6dd801cb2cc2addf370027d29339382a32c0a4e997f1ef0c61bb01ee452b820f064e123d1c40a759e3a478ebd2761c64d14cc7f5fd695ab5ab543aec63240b8736", &(0x7f0000000080)=""/218, 0x1000, 0x0, 0x4f, 0xf8b, &(0x7f0000000200)="3d247518ba92e55d9c269078ab4945cb8191ca72ad604822f12fa4ce36af7279f8d502010b955069561dae46cd8413d42ce5faa698ada495d48ef9e4d18401e857cb93793d77f49bbfe9515ec32b6e", &(0x7f0000000740)="8a55ea5426b846b81e058ed04253a8bddcdf6a48ec4a431f51d2c2e7ae0333ec88eaa3098c0c7a99a9046b0c3eb857c7563d6d3b2ac3a8c8b7ca1920dd4cb7b98c534535f19234bacc0eded4532c3f8f808267351387ee4a5fc60e35af5ef53b0c53fea54ea1a8b10b5931a337deda7873355b6481bf34bcf7beef08ec1da0040a382cd027d9aaa061c475db4e3f9df217eece548d33dff673abfdb89c69bd9b39d7a3dfd37004e1c5e6255bcf2fcf268c5a4838d0853e2acefd63de4a0d7cd4221ef2b43eb60f39f6da8ab338c8a6434edfa3578c152abe48217939c0bea360f89aac3eb04eecf41dcf8e711d00911b5367126566b3195acd2d08bc4f2745157b98e18c287c6671b11bbf47e648594d5ea955b950529145b96be12a5c1064856ad4674ff9d02a531c8766da2ed5a7de835d0fa9528eee3cd91ee38381ecc6ae01c6d8422fd831ccad383e077688a03ded9458c96a532e0c8f91d19b49891eb29f87c93ea37c06ddafa060f667e40d2904c8caa49b72edcdde9fe137455b698531d44912db97d923f4a01e12cc6767323b13842431cdce2804e04bcef9e0f70dafb65ba755585fa1a353e3fedf6efcf6d3640a6383bd08f5d1d148e05cbd75fba99c60964a0ea27fd228e0075635e0f2f086ef3f7c34b47893ac86dfed242bca4ed515331c672a114ab61171d03d2ce0846eb366d195ab881aae4839bb63cb12ad1edabfc5aed50b8a72fb3f6cc2a03eea7d99ed2179e6bd8e5f628ccbfa1c8633594fee66f4e766d4b34fb3ae5df9bb50fe4da5c7ee6bea3d6de629059db14071af8fe394553c6cccfdca1ba5791fe48c4d2c6814181e7ca3d9bc21c801782b93d8e87f82b00c4c121d6113eff246fb9109d0b689e79c58b071880ffa9ad19513a7d256b0150c97d14aab1ff09d22c0c29f0f73d6846090ee0dc0fb5f8421f385814876b666879b37e3b59efa386f779016eb6e2e44a3bf67b189925cd4aa094ad20958042b6e134f03757fbe3736e8310500e2567fca993dc130cc25f739eb2a1d57171926d4163d0887d41f8b1743b81d2aa266fb5d9ebd486eadda8ed865b8274d86d7d677706f400917688b8a586cf556ab4504d9a408ed51454de896c25cdc32d8a431b2dc9819139a55713d6b65d7b1dc0390b330874ded107152bdf256fc3cfdf3b3e389bacbde032a96b905a88314f596aeb00a99d5b91a43ea8e9b7d6dd955e57a89cf986320a369224fd7d5e99138d114f6c6b8f447be245377b1cff959c987b43bb8e0174bb7e5a27954f3225125e59f51e5b5b5cd2d0bb74c23869be13f4b07500dc92c15378400c10f87de4bb2cae572162c087ffe2819eb0fff5a558feb35215260c8a8f07769fdaed21476a4cbf2f84db2303abbda27bc67bc7a18dc7a2fa3be395bd4fc348c2975feaf4288e4e74fd9f689d780b41699c6fa14c57ffbc59c01f1a1464d1cd785acc9c28bd044e0cc4842b72066d5dd8733f4cd8ca1b9e883accde9f4a87b2eda87494c1bae0c58aa46881ef900bf803c8c407b0acd432ea2fde698bebd4d9e33426009630e939f3cfe3802059967f5a867238243daa46cb93a7c951425dce3297918165afbcfcb38182ffaf0ec9d86a8823124d7f72db97aca7908a7f61c1e0ec7af1d9e21b8f39e7825c740515497e2ea038206e67a210b1ee280d072a72b9bd871b203f5576984f3e6864dde38fd2c55e7705dcd63d63184348e1c6ef06e147d18cf10de76878dd1c3e8d8a28a48ff1156a56b27bad789ca975e502b58fde87f06ccedee60dac091cbf9573480557faff74626f9ee6b8386bdac27d1b9248e29dde583f4c49e8504b27a33a321c6e0cf7fd31b90fcb2f31b4bb736df9d0bc6b839f5b0e2218381c06efdb51a9fb51905a5a06334d4e16ee84e0ff3188bd6c4f5aa6b1e70c8a0cd60455546994b2604eb6aad903ae40a0fac3e421a6e25f14e155d7a2e88de7e11c227cedb610d73a686564aeffe2c81a8d0324294455edbf10d59e201db88e0e9021766181948da1064c4ec1a92d49c7c594403ca6be80e9c8a6e18789d942a2ca5f39c9a145d36c619454b08e870e0391d560729b70088d4013f78a82fe1599dea787c4c41c26820e47672999793b2406ee80fa0bd44039df233a8ca50c60bbc3e80658c5ce2a4216e1ae70b39f6b0e78abee030db344265078d42f9f0de6182af8f3daa50eaa4338d8332746e29e5f0e5cc5b6aab0c1f75b3e4f678e682f5ffa64b867211075973823351d12a12c442bb1c43faeaa6c92b18b5e729471c24bb65712690a72f249dbe096fea193664a1bf018ca26370d0d3ceadf57ed41ab05351645fa8ef4cac2442e3e91ce771612bdeab1c76568fe8faf0d272f9fb57d7c830ef2b4353c69a68328963af440a2bdecf9bd62466b77c1c716e28faae31119ab55c499d31609175c00db1f21d094d65a93a07c277f787afdf30a047d7b4a8f9681746f3c73da90a05261770d5e85b2316f22072685fd030d0021593518a322a65352961f45426eda1753a8e4572d12a9fbe51d833877e7d92211edd62a27aa3ce100cbf69d860984d77eb0f5cc610e6b63dabab9bbfff214c5c9311ebf6b7b7b4cda5fdf5f30c30cc58501d32bd0bc097049bb2cb0eefd9794f213f3105d3560db574777b402678225edbe118b29faa781199f74accbd4d7aa48c63aeb8bb685439342fc42a51a052a1c9857b870ecb9e099b3e45fb12655e3793cc3d6bf22299db6036150ca9eda09035a7ceddc6bf1740e244ce2a8a8f129da7d477e5d78c2324e1706f8dbb67861eff62dfb841bdd9f776b7c322afa6d23a3b3ad09b1a108c771569d0eb9e0d062a1f9f73595c792caaac8b51a32eb664e727f2f9b6d15e3b7d0b39bb427035f5bc1da767ed078b6e6900944903f1b15cb9edd722709f761d3b596536694e98c2de29074d43db97fad63ac3bff1ad62d7c51f1af0b563fa5e338aed6d03dfe498bef52aa59d3625a0c46d6242f891fe647423a0e33e7a4a40fd90f89470305df4615a5a35e1ed5d14eee64facbea52d066458cbbf79354f3ab5bce9e2efff4bd1ac18fb8c94a9a035afa4df3ce3a00484481aaf077086b417257cac459f6e9498af08bede02adae3eddd64addde37c1a387ba7cc3f2982c303dd18a73f3c749998288c00adc87968db0c745e0406089157c9dd37d8f0b9321389f66037047f18abc5723ab32c7f9bba8ed6cf9b8e68edf78241bf64a218d6958ee0051ec0c603fc7976cfc2594a1f912a172f0375fe1a41db7cbd87988bce7b80732f5da78b1bf0eab0be170d548b125fdd15cbd192ec8632501bcf63d44af40c9020068fcb388ee36f5034cd97aed7ea5f24d3e34afe6ad5147b5d7c89c5bca2562b768e632739e026813b568190991d5c47f13edc37e123fbdfcb085bb6d21ae50280d56f2a4f274b492cf5fec8de66158a8e1114ba864be04f2444c5d6edbad99d348136d5cd4664c6d13311eb9b2d748bb3478e8e4b9ee3ac3b159bb64b254528b03575a207e68d22f639d113ec9341b57314142ed26e53779c544dcd0c2df8c6f31e0b32bde01185b8c5baa9cbc77e46116d5a5291d88948e9e5461d41cdf0279a3a6861f141ff2f9bc0a38cd4b9cbc2adc7b1ffde79c0e52d4b1b8c6da8211ffac9fe500a38096831a3661b45e70ca55a4814bebfa487ca7fc8062bfc78fcdbdfbca1f59e702995b187069ef5bcc1ba52f1f609bafe130acd5aa14f8f8b86135bd74296c0355b935bc6337065b5f6f65a81a42ec617525d8b22c865462f60b2dceabb0a1a81a8d01d8487f91a7e46d42d56f2eb8c40c646af6cabe1f17d3cf5b87c6a90a9e8f63a2296aec22dc3def92654677e18075498ae75d711b4aaa6cb8eb926d4a3e14241cb00e6eaa4a02001030315dbe784a284c64b3d7c7fab3170b567d13ef062272cb22657a8c75a21b6f103565fc458e0989e14072cf1969bd84d0ab6e5532dc67973b4d933eab67bce1b064490eda91e3e492e93a769fd610b0f22614a185a8a6ead96a3e688e2063516036b4629d77fd268fad589a53c5743a9c960b07431df4af6ef53b0aad348885a38aaa977d03f8e47da5d9c2dd5b1d07b2905f28321bde554077a327996aa899949f184624ce2e32bd794bf00d8d5549de59d950986d5795aefbddab513453c847fd7313c6aad6833e1df7bf5ba9e5d63e89f71defba10b14471b73dc50a200e9037ac575be5453a6ac5c5b7483ef4587898ba16e4e889fff3006603f00e2a7fa6ae117f89fc11d4a16c7c8f589a2b0e6722d64f322dddf8ab5140bd29525bf81ca22577ad0a14b71880d355390f7663837d923a6291fb1cbb00f925a66125f2fcb88f28446ca019f0f7b14693fdf2c0380b85c876acc04782a32704aaba2d42f234133b87bc216b2fb63a00471a90943213619363b6d289813949151238278a1042bf2990d7ac9303cfca58eab0ad2c2c29aabfb66ffcb5eeb573255f9a86fa83d18d46c4416db206f83e7ea9ab6955387a9fbcc6bb5148691f2da960d8e2facb2945d4991514531510bba53a1ef14e9366565b155f05eef4a80c538b764f15f69f24a6ff1f66e65c5869b0f5263fde82b9a4afac151a029ea2cb2116b7a49d72bb841c8c09c13c2b7954c9f9fc3cf92b5650ba9a16fee91d21fe2374c6dc007d96db9b5c9798d3c26a705791f9aee3bec5acc30711ac3e2105a2af9329a1dbaafb5f12b0ac1ce27a2c1c43d0121911846902ce3c688950285ea1fb49940d22f296c9fe139ef825fa596b21b8c1c584c00524195df98843d1aa42afa36389a0ca980fa6216c40b4caf308627fcfbcf7357f97f206f86fe8e0960d75bfa6915e91763784509a548e9e292c12fc704b7920987313ee6a2b471d4560cc9e0cfcc98beddc3d34c4e1e1f5c2ba816ed4137f90d73188f28ec48248511a68d9c3a494d93efed45e0e448294cd6ae9afa97e02a555c756c2dd75a65d0080021a9ec0d47d9b00c97dda48d77be992d9ae6c0183f64c0b1c89e39e6f370825a6fd4dc483f69f691764709a3c0714e159cd5a9c1b8a74b3ca566d49dc447aa73562b1073e1b6b1c08a94c4c1703e7bceaee88811973651143fb39ab10e2e0300c52fb92bfc095e98ccb4d3d2abda4eefa9674a27545c8e5fc2cf096a4763a17957413bae126e67dd12471b0a0c3a5007cbe19c70d1d5dd271381c89fbb5c419afc4a4c2b9b0c5a8db5fa61160df92dda072b167ca69163fae3011e1d732c62dd7cd2ab23dae34d3fad010d65bfd5746a8e62fa12fddec8140f4064e631a3fd7ccb9965e23c25000c2609e21c75212a9051886f0d1be83fdb5445bc4323807f3ca8436a401d4339c8c9830907c9f9b7e29ad84f3f94f1d58c684cf22b1f7a993f3b19166ccad3c20a5319e36b47ff2ad60c5ef9c58ea4dfa7f76695f8ee513686dd01d6f93baae1bb2eabc53a535ad2a9d5ca2908af8bf1ac81dc34eeabacf08d3a19325f3d4f8829d4dbc75d68937aa2a098ef4bd15105084a2c9375a4bbbc862c073751f0b21634294c4c4590ee692a88e23f779a7d3a984e3d1afd2a5665493a560f471087c70821e55fe0328d108e9c1ddb54622b393e444e8f73abf818d263480d4"}, 0x40) socket$kcm(0x2, 0x3, 0x2) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2eb0, 0x74f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200}, 0x0, 0x7}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x2, 0x3, 0x2) rt_sigprocmask(0x2, &(0x7f0000000340)={0x1}, &(0x7f0000000380), 0x8) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000700)={'team0\x00\x00\x00\x00\x00\x00\x00\xf7\x00', @broadcast}) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f00000002c0)={{0x1f, 0xd8}, {0x6, 0x8}, 0x56, 0x4, 0x7}) 04:51:15 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x4, 0x0) r0 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r0, 0x0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) r2 = dup2(r1, r0) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:51:15 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500dc0000005f3f000000000000000000"], 0x38) 04:51:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x2, 0x2) r2 = syz_open_dev$vbi(0x0, 0x2, 0x2) socket$bt_hidp(0x1f, 0x3, 0x6) ppoll(&(0x7f0000000180)=[{r2, 0x18021}, {r1, 0x1085}], 0x2, 0x0, 0x0, 0x0) 04:51:15 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:15 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500dd0000005f3f000000000000000000"], 0x38) [ 751.218520] SELinux: ebitmap: truncated map [ 751.223153] SELinux: failed to load policy [ 751.269600] device team0 entered promiscuous mode 04:51:15 executing program 3: capset(&(0x7f0000000040)={0x24020019980330}, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x0, 0x289, 0x800}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r6, 0x84, 0x11, &(0x7f0000000080)={r8}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000240)={r8, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000180)={r9, @in={{0x2, 0x4e22, @local}}, 0x58, 0xfff, 0x20, 0x7fffffff}, &(0x7f0000000100)=0x98) 04:51:15 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000200)='T', 0x1, 0xfffffffffffffffe) [ 751.296353] device team_slave_0 entered promiscuous mode [ 751.343877] device team_slave_1 entered promiscuous mode 04:51:15 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:15 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000180)='./file0\x00', 0xc0b9, 0x7, &(0x7f0000000980)=[{&(0x7f0000000340)="aadbec7d48e12d8a18de060d1e09ace911abea", 0x13, 0x8}, {&(0x7f0000000640)="e4cdff8911e88624674450b462de5a42e8255b0d232c2e8bf57efbed4b20822b618c5f3737a992351fcf1d235889796cb250da7000ccaf64077459fbe9dcb31422c50724c9e9bd810ed908056328af1bf24eff4f226eb5e9b8856bba51a061e996594df19150d5c9f96de3a9933b93afd4f7e6b9d07f38281b6f42b81a4588babd35eb0c786778a89449c95faa2a56dfe12704f774c0ba0a9b9d9ee43544d8d66abbbce742a5226f7bdb979c2a6491a651f118793bb9767c406b7a3a35ec885cfb974a33336bbf7dd527d2981a9220d3eaf30a646ddfcc783481509e68d48f77b48f1032bb303b0ba496007040240370c73d9524e1f2e0", 0xf7, 0x7}, {&(0x7f0000000740)="cc4feb3a5948653b57a117fd81ae16d583803a7ed25191a6c8f427e371b319bc665caae4a51da94c701e092e40bd7505938293a3dcafab9f6494925866520e6a90805acbb0e58f8a20dcc92ec89851f0a44713dd5db549fbfa77f40fd040d651eb010121cb3792a52023a1e2b153c90aa873bf36e422e09f0b15493680a0b051b5fc7ee646f493dd90ac09f4d760954a971f7c1c2a3af3c8b116a1f313f11bc27b2fd250335da54c24c260f804528e2ad71baa7497fb75d402852562448a8a31fb2c9148d3306b3c160131649882741759447c154f2eab0610a333807db37a8bdb1bef17549e4ba7ed1778ac6e904ca84153bd9f94cea536373ce8772706", 0xfe}, {&(0x7f0000000840)="30185094a8cb8d222b81beb3625515e27d37b3f140b8592ed8698019b6dd4ecdaf040f2d430584ea612651417c5191d5e7d2b936dc173ec015d02c75a3b9f5b70dc2567a5011da3994dd2749968e78d45ccfa1350a1cd5f3ed3491e8891412666f9ecf2062bc45c4331e3094d4275c2fee64c03016a19dd0fd744b350a001e6e1ccb72d42be4665ad82a29bd674c595647c04342972162f0c13c495fbae58340f423b04abfefaaf8771acbdd6e7ed1a055cc5b35dd48ccb356", 0xb9}, {&(0x7f00000003c0)="294b4b9dfcf2090cd7c61ee0cf237801a4afa4653271731db3c8fdd1177a6822c89523afa5edfcdf28ddd06abc42f30ec95e06b188b41691a4d4257fac0f7a87d674c7a6b3188013516b815178113e09f5ea8fcdd51445c757170a1aaef99f4916e9f730c767", 0x66, 0xb38}, {&(0x7f0000000540)="8ed18862c556235235b5c8f60b62c391170dc4db7217ae003ad39d3de14e199800a2a8883bbe956992a97635d1e7c13a9826424d089e8409c2b812", 0x3b, 0x81}, {&(0x7f0000000900)="462ef8def0858d3fb8cc7ad93ad4df3945e25b460208cdc9addcce19bb300667834bb96843baaa1732fd3ee6d1e01f0bc6eafb42b2e1907297433989f01e283ecfc0eacfc806cc", 0x47, 0x9}], 0x0, &(0x7f0000000a40)={[{@nodots='nodots'}, {@fat=@check_normal='check=normal'}, {@fat=@sys_immutable='sys_immutable'}, {@dots='dots'}], [{@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@smackfshat={'smackfshat', 0x3d, 'GPL'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@dont_hash='dont_hash'}]}) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000ac0)={"eefbea59ff3c0d7551b31583c91280b96920ceab402921a675fdaa774dcb165c0b9e8266ade2c0e46e75310191fe3aacc73c6e714e97c449cdf41dfa9b6347e53e6bd346a5431afd86fee27be8000e33e66ffb77098595a03169c74f49ad52991e9eab61f3c3cd9b7f32e9944b73155de91627460bcb4bb465f9ed8966fba63677ee89dc6ef071d596680844aacacc308f1e2f3201ded08eb34c9271b1f67706f72b7378ac87be65ea907036801841bddf96908c513890075a0d8707eb3be1b9d730d39b6ba585feb2d7591080e58393f409ff5ddaf33bc0376cf32c031f7590f695c895a563f11275e6b99e82454d8d4bd4e5e6e268b80cb22cd8c3d873d1170a10fc5d1902d17399c7c6da072afb927808c6c7c87d0daecb1e0e4b6011df330f5c10e119b62287d0c148487440d52233d1bd6336d15ac2891e1a9633027257608f3a3f88c800e6116318cc9f8960260d1b3b3e03e83629c7e50493049d17a0d7bb947a2318ff1c76a6306d03622d66eb8920fcd90502d79069c1b66a5fb9ddb4012042f5046b94cb4ef01e50cd86977fe278dddf18d82310253a90a66f20ef83c5d4f7280c41941fcb59574d230d260632ff10b58dd5d8feea3319bebbd6d626724006c123205142f234ca55f3da65c39ae8e6be738ce9f6c83e1e58c7137c71e48e8c9c93c0b6997241d3654901d0d6f99d965f5340bf2c3116bf05059007f68e8f90fd1565f7f2830df8cf9e5dcc59bcf28cd0b1450bfd89e5ef19d6eae661410f93a759c616e1c70b8d231f0affb06ff873b4bd103cce9919a82fa7b37fde5c4cd8c2ec3cc7570a5e6c055a4b460a5fef578dbb6ea3fca1aa521d388a4e22f7743b7b115e88dddc68cea5855680c1a567d5a445bf751a211d7e3919be39056df0cddf99ea704dc26a53b5a40c801922726edab94d3988e8488b8298b2c40352291d21fa165f21f2a12391b5a2075f7f3ddd7cbdad73fde71ba305a0bd2cc5b193f3d48329550ae77f7f8cd319c0ec4eb84bd20dd8854a2f7c9ac5fb2a51544d7656d62f482352fe0de8e824f7a39ba116906b6d2273022ce4f2c9dd4ff9fc4972491d1db82a4f9c6797d746c2709e861ae1c98e1dbf057a8bf834b05835fd2d575d3155aff8e3579a66d49c6adef0619ee986e219fe82d4f30fac98af019478059dd7a5d0852387379bee7d35fe53c4422f407af8eef32fcd36dfd671555607bd095a5f2f076ac27cb17c19ca0257e8bf3db989bf29a6eb27c8df84b965ddd187808bc6cc8f36626991be0e3cf20ac2d0269f3a5b738f68599e5527fc6d0f5362fa37daa05e9da1b5e815e2bebfdf3e912d065723dd442685a5c0a85579c2f4f960f57cda23192e551e063306a8b5e5ad6cf8d65bbabfcc9deadf46b0cdc10c91ad503da1a3d43b4ecd684b93a934cc2b566eaf5258488c8fb35809147b"}) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='ramfs\x00', 0x0, 0x0) mount$9p_xen(&(0x7f0000000280)='allow_other', &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='9p\x00', 0x0, &(0x7f0000000600)={'trans=xen,', {[{@uname={'uname', 0x3d, '%'}}, {@version_L='version=9p2000.L'}], [{@subj_type={'subj_type', 0x3d, '\\'}}, {@audit='audit'}, {@obj_type={'obj_type'}}]}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, 0x0, &(0x7f0000000380)='fuse\x00', 0x10000, &(0x7f0000001600)=ANY=[@ANYBLOB="66643d7a3b4895eb6206450122fc791e7c4db1916d2d0f86b16b37ed242c37a7eebf59f02139061570180d75f5080200e0abe1be6bcce77e0491c2fa42b1a57651b8cd6917f300"/84, @ANYRESHEX, @ANYBLOB=',rootmode=0000000000', @ANYRESDEC, @ANYBLOB=',blksize=0x0000000000001000,allow_other,max_read=0x0000000000000004,max_read=0x0000000000000001,allow_other,blksize=0x0000000000001600,blksize=0x0000000000000800,max_read=0x0200000000000000,blksize=0x00000000000014', @ANYRESDEC, @ANYBLOB=',obj_role=/dev/capi20\x00,dont_measure']) geteuid() mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='fuseblk\x00', 0x2020, &(0x7f0000000440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@blksize={'blksize'}}, {@blksize={'blksize', 0x3d, 0xa00}}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}}) mount(&(0x7f00000002c0)=@sr0='/dev/sr0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x20000, 0x0) mount$9p_unix(&(0x7f0000000200)='./file0\x00', 0x0, &(0x7f00000000c0), 0x23000, 0x0) 04:51:16 executing program 4: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="240000000d0607031dfffd946fa2830020200a0009000100061d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x7fff, 0x200000) bind$vsock_dgram(r1, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) [ 751.573510] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 751.681380] FAT-fs (loop5): Unrecognized mount option "mask=MAY_EXEC" or missing value [ 751.709157] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 751.730246] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 751.735703] CPU: 0 PID: 19711 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 751.744585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 751.753122] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 751.753939] Call Trace: [ 751.753962] dump_stack+0x172/0x1f0 [ 751.753983] dump_header+0x15e/0xa55 [ 751.754002] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 751.776355] ? ___ratelimit+0x60/0x595 04:51:16 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:16 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:16 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$TIOCSIG(r2, 0x40045436, 0x2b) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r3 = accept$alg(r0, 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r4, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x300, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0) sendmmsg$alg(r3, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x359, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, 0x0) [ 751.777818] 9pnet: Could not find request transport: xen [ 751.780251] ? do_raw_spin_unlock+0x57/0x270 [ 751.780273] oom_kill_process.cold+0x10/0x6ef [ 751.780292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 751.792944] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ramfs, type ramfs) errno=-22 [ 751.794625] ? task_will_free_mem+0x139/0x6e0 [ 751.794649] out_of_memory+0x936/0x12d0 [ 751.818609] ? lock_downgrade+0x810/0x810 [ 751.822751] ? oom_killer_disable+0x280/0x280 [ 751.827232] ? find_held_lock+0x35/0x130 [ 751.831289] mem_cgroup_out_of_memory+0x1d2/0x240 [ 751.836124] ? memcg_event_wake+0x230/0x230 [ 751.840786] ? do_raw_spin_unlock+0x57/0x270 [ 751.845284] ? _raw_spin_unlock+0x2d/0x50 [ 751.849441] try_charge+0xef7/0x1480 [ 751.853158] ? find_held_lock+0x35/0x130 [ 751.857213] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 751.862121] ? kasan_check_read+0x11/0x20 [ 751.866274] ? get_mem_cgroup_from_mm+0x156/0x320 [ 751.871108] mem_cgroup_try_charge+0x259/0x6b0 [ 751.875683] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 751.880624] wp_page_copy+0x430/0x16a0 [ 751.884523] ? pmd_pfn+0x1d0/0x1d0 [ 751.888056] ? kasan_check_read+0x11/0x20 [ 751.892272] ? do_raw_spin_unlock+0x57/0x270 [ 751.896687] do_wp_page+0x57d/0x10b0 [ 751.900387] ? lock_acquire+0x16f/0x3f0 [ 751.904392] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 751.909051] ? kasan_check_write+0x14/0x20 [ 751.913291] ? do_raw_spin_lock+0xc8/0x240 [ 751.917516] __handle_mm_fault+0x2305/0x3f80 [ 751.922869] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 751.927716] ? count_memcg_event_mm+0x2b1/0x4d0 [ 751.932377] handle_mm_fault+0x1b5/0x690 [ 751.936439] __do_page_fault+0x62a/0xe90 [ 751.940506] ? vmalloc_fault+0x740/0x740 [ 751.944556] ? trace_hardirqs_off_caller+0x65/0x220 [ 751.949566] ? trace_hardirqs_on_caller+0x6a/0x220 [ 751.954480] ? page_fault+0x8/0x30 [ 751.958181] do_page_fault+0x71/0x57d [ 751.961968] ? page_fault+0x8/0x30 [ 751.965502] page_fault+0x1e/0x30 [ 751.968957] RIP: 0033:0x40eba8 [ 751.972141] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 [ 751.991121] RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 [ 751.996477] RAX: 0000000043fa5097 RBX: 000000000cea2413 RCX: 0000001b30a20000 [ 752.003753] RDX: 0000000000000000 RSI: 0000000000001097 RDI: ffffffff43fa5097 [ 752.011010] RBP: 0000000000000007 R08: 0000000043fa5097 R09: 0000000043fa509b [ 752.018264] R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 04:51:16 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x8) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000040)={'ipvs\x00'}, &(0x7f00000000c0)=0xfe35) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000000), 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/status\x00', 0x0, 0x0) ioctl$SIOCX25GSUBSCRIP(r1, 0x89e0, &(0x7f0000000140)={'gretap0\x00', 0x7, 0x40}) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000000)=""/59, &(0x7f0000000080)=0x3b) [ 752.026052] R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000007 [ 752.034984] Task in /syz0 killed as a result of limit of /syz0 [ 752.042640] memory: usage 307200kB, limit 307200kB, failcnt 4167 [ 752.048933] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 752.095209] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 752.127732] Memory cgroup stats for /syz0: cache:0KB rss:232236KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:232244KB inactive_file:0KB active_file:4KB unevictable:0KB 04:51:16 executing program 5: write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0xfffffffffffffff5, 0x0, {0x100000000}}, 0x18) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) arch_prctl$ARCH_SET_GS(0x1001, 0x7fffffff) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="38000000b7d37d94", @ANYRES16=r3, @ANYBLOB="040026bd7000fcdbc12512000000180001000c00010069623a7330ec300008000300240d40000c0006000400020004000200d2f59294a2b0a88dce0732ad771d7867198471aa21f0b75e7f4b66a8db73f9948acd96c7e3ffa5030344a362ce2f2b0d4fd5b0b5ff5c2cef0c291f0c0fd0618f92746bdc7ccc435e344dd667a54ff5941ac6e1ff9c4b4580a0c00b2bb4a9ec890c3502990f674781ed99f26d6bf47e408ccb1c8849eb3c4314bfb41221b5ecaa4eb4c083b86d70842d8ac0003b4055665464"], 0x38}, 0x1, 0x0, 0x0, 0x4010044}, 0x4000000) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c9, &(0x7f0000000100)) [ 752.247325] Memory cgroup out of memory: Kill process 11817 (syz-executor.0) score 1113 or sacrifice child 04:51:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) r3 = accept$alg(r2, 0x0, 0x0) r4 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x5, 0x400000) sendmsg$nl_route_sched(r4, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8500000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x48010}, 0x40028) dup3(r1, r3, 0x0) [ 752.327009] Killed process 11817 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 752.372510] oom_reaper: reaped process 11817 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 752.374135] SELinux: ebitmap: truncated map 04:51:16 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x4, 0x4658c1) r1 = dup2(r0, r0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1, 0x1, 0x100000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f0000000080)={0x8, 0xfff, {0x53, 0x100, 0x988, {0x3, 0x9}, {0x89, 0x6}, @const={0xff, {0x0, 0xfffffffffffffce3, 0x3, 0xfff}}}, {0x53, 0x3ff, 0x0, {0x7, 0xffffffff7fffffff}, {0x2, 0xcdb}, @rumble={0x6, 0x9}}}) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:16 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500de0000005f3f000000000000000000"], 0x38) 04:51:16 executing program 5: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000240)={0x1}) write$P9_RREAD(r0, &(0x7f0000000140)={0xd7, 0x75, 0x2, {0xcc, "b4e0042999f9cb4fe132214ac1e2300cdce10a0dbe842a5a826d54b00a43aa0b1c8d19ab9761d6b33638a5135bd6a9622913c729eccdcd9688f6c5f9086771862d496cab8695d4935336e4a90dc3654d8998f58c06e49654056d061149430c3f2f0c301d1dc29a9855aa49f15404f0b20d3b65e8f61729deff4ae28b9690fc5695ccccd10e19b058fed44ed8e4f0096c30d25d91621641af1a684da09617b7a6a0974ea40ec96e83af75d5384e13066961143cba89702d68ec342f69edece75489e3b637eb6523208bf98ccc"}}, 0xd7) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000280)={0x1d7fb4ae, 0x5, 0x5}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x101001, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x4000000003e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgid() listen(0xffffffffffffffff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$CAPI_NCCI_OPENCOUNT(r3, 0x80044326, &(0x7f00000000c0)=0x1) ioctl$SIOCRSACCEPT(r1, 0x89e3) syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x0) write$P9_RATTACH(r1, &(0x7f0000000080)={0x14, 0x69, 0x1, {0xd14766b09bdd6d7d, 0x4, 0x8}}, 0x14) 04:51:16 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 752.503056] SELinux: failed to load policy 04:51:16 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x10032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000300)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000040)={0x2, 0x11ba6ba3, 0x3}) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) r4 = socket$inet_udplite(0x2, 0x2, 0x88) write$P9_ROPEN(0xffffffffffffffff, 0x0, 0xfffffffffffffecf) mkdir(0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000280), 0x4) fcntl$getflags(r5, 0x401) setgroups(0x0, &(0x7f0000000480)) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) ioctl$EVIOCGABS2F(r6, 0x8018456f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) getsockopt$inet6_int(r8, 0x29, 0x9, &(0x7f0000000080), &(0x7f00000000c0)=0x4) unshare(0x40000000) ioctl(r4, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x6b, 0x0, 0x3d7) dup3(0xffffffffffffffff, r0, 0x0) 04:51:16 executing program 1: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x5) r1 = socket$inet(0x10, 0x2, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x3f, 0x400) ioctl$SIOCX25SCALLUSERDATA(r2, 0x89e5, &(0x7f00000000c0)={0x14, "147a0fba26d1e8070d12062516e4ef7a7b900f3c7df0e22b91725fb9ce9d6d586f20670121e08f7422b4d317a7a347831b08fbc0ef182f33162e227ea2a3532b2efcc16c90ccadd519a5149a333b87b95f18e78d3467f5fc49883cc8f7e54930831eabe64436e5527c1be337f89aee90010ed5123d8a1c2463dbbae64be08065"}) sendfile(r1, r0, 0x0, 0x20002000004) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) write$P9_RWSTAT(r4, &(0x7f0000000000)={0x7, 0x7f, 0x2}, 0x7) 04:51:17 executing program 3: r0 = getpid() tkill(r0, 0x1000000000015) capset(&(0x7f0000000000)={0xfbf32755184492f9, r0}, &(0x7f0000000140)={0x0, 0x0, 0x1000000000000, 0x6, 0x0, 0x100}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) [ 752.730194] SELinux: ebitmap: truncated map 04:51:17 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500df0000005f3f000000000000000000"], 0x38) [ 752.759856] SELinux: failed to load policy 04:51:17 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:17 executing program 1: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000000)={0x1}) ioctl$KDGKBLED(r0, 0x40045109, &(0x7f00000000c0)) [ 752.835152] IPVS: ftp: loaded support on port[0] = 21 [ 752.913405] SELinux: ebitmap: truncated map 04:51:17 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e00000005f3f000000000000000000"], 0x38) [ 752.958198] SELinux: failed to load policy [ 753.090584] SELinux: ebitmap: truncated map 04:51:17 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e10000005f3f000000000000000000"], 0x38) 04:51:17 executing program 1: syz_mount_image$hfs(&(0x7f0000000040)='hfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@session={'session'}}]}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@ipv4={[], [], @initdev}}}, &(0x7f0000000240)=0xe8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r4, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r6, 0x0) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r7, @ANYBLOB="2c747970653da0"]) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r8, @ANYBLOB="2c747970653da0"]) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r10 = getgid() stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f0000000400)={{}, {0x1, 0x3}, [{0x2, 0xb3d0b92bc246ca6b, r2}, {0x2, 0x1}, {0x2, 0x6, r4}, {0x2, 0x2, r6}, {}], {0x4, 0x3}, [{0x8, 0x0, r7}, {0x8, 0x2, r8}, {0x8, 0x4, r9}, {0x8, 0x4, r10}, {0x8, 0x1, 0xee00}, {0x8, 0x1, r11}, {0x8, 0x0, 0xee00}], {0x10, 0x3}, {0x20, 0x6}}, 0x84, 0x2) [ 753.140625] SELinux: failed to load policy 04:51:17 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 753.214992] hfs: invalid session number or type of track [ 753.238272] hfs: can't find a HFS filesystem on dev loop1 [ 753.288374] hfs: invalid session number or type of track [ 753.311040] hfs: can't find a HFS filesystem on dev loop1 [ 753.332237] SELinux: ebitmap: truncated map 04:51:17 executing program 5: r0 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r0, &(0x7f0000000240)="b156d417452c8f6d46", 0x9) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000200), 0xff8) lsetxattr$security_evm(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='security.evm\x00', 0x0, 0x0, 0x0) lsetxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.evm\x00', &(0x7f0000000080)=@md5={0x1, "8b3f7f15b52c456fc4c99cef35aa2a77"}, 0x11, 0x2) [ 753.374993] SELinux: failed to load policy 04:51:17 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e20000005f3f000000000000000000"], 0x38) [ 753.611493] SELinux: ebitmap: truncated map [ 753.624364] SELinux: failed to load policy 04:51:18 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0, 0x168}}], 0x1, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x202000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RREAD(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-vsock\x00', 0x2, 0x0) preadv(r0, &(0x7f00000017c0), 0x35a, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002600)=ANY=[@ANYBLOB="b702000003400000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d6bb7030000000000006a0a00fe000000008500000026000000b70000000000000095000000000000006eace264330a0cbf6e08d472ca3cb9c3fe2e8a1dfd9dbcbb79d68e19c175b61a266a284a7fcd49ab4a305bbea8c1e07ccf518f886c53a1b9cc77998fd8125976bbf8bdfd00c68e87e2db2a037814122b5da1512081fd8357dc9876799b3bead00ed0e5f8554f9f5b34d3239dcd753aae6ef237b219488b43d269db"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r1, 0xc0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000001c0)={r2}, 0xc) socket(0x9, 0x80000, 0xfffffffffffffc13) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000400)={r2}, 0xc) dup(0xffffffffffffffff) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) r7 = syz_open_dev$dspn(&(0x7f0000000080), 0x2, 0x2) ioctl$int_in(r7, 0x208008008010500c, 0x0) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r7, &(0x7f00000003c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="d0001bbabb00b2e9", @ANYRES16=r8, @ANYBLOB="20002abd7000fedbdf250c00000060000200080002004e2400000800070057f90000080009000400000008000900bb000000080002004e22000008000b000200000014000100ff01000000000000000000000000000108000600010100000800070091ff00543792d68ef47ffe303b3da93d99d448b140558dc29ab97eeadb94b697fc8b458c1a36e37c56b02ae10935199e190d5addfa588037270dda84226cae43a552d3dd722bcaed2ed6bb10f89005ad6c0558e749fd9d0caf9c3188d792af45d97ca79ef5f70eb8d7f45510f6753579392ef9615af7283bb8e9de974b94e8ef"], 0x3}, 0x1, 0x0, 0x0, 0x200000c1}, 0x0) sendmsg$IPVS_CMD_ZERO(r6, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4001521}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="07000000f4cffdf54f1e7b18c314faacf6a19d05afe89752a85e88f09c742eba1bab41500ecb08c558582280fc4c3ff14b4a2c423d399c97e245e42162bf5e557e7f424ad1a658008d40730ae7ec1262c37287588fcd34c3b1da777b92023ecf016551db0e6a4b28d23bc94f4acf01345bef10871abbb83ef7e0a7ca4b4ec181f217b848e690d1729c2039a7e9", @ANYRES16=r8, @ANYBLOB="000125bd7000fcdbdf2510000000400003000800080003000000080004007100000014000600fe8000000000000000000000000000aa080007004e2200000800050000000000080007004e22000008000600060000005c000100080006006e71000008000b007369700014000300ffffffff000000000000000000000000080004004e210000080001000a00000014000300c7cff2035434bbf5252d68d2055515a908000500010000000800010002000000080005005dcc00000800040000000000"], 0xc8}, 0x1, 0x0, 0x0, 0x8110}, 0x80) 04:51:18 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 753.717625] IPVS: ftp: loaded support on port[0] = 21 [ 754.387188] net_ratelimit: 13 callbacks suppressed [ 754.387194] protocol 88fb is buggy, dev hsr_slave_0 [ 754.397266] protocol 88fb is buggy, dev hsr_slave_1 [ 754.402345] protocol 88fb is buggy, dev hsr_slave_0 [ 754.407445] protocol 88fb is buggy, dev hsr_slave_1 [ 755.027172] protocol 88fb is buggy, dev hsr_slave_0 [ 755.027200] protocol 88fb is buggy, dev hsr_slave_0 [ 755.032296] protocol 88fb is buggy, dev hsr_slave_1 [ 755.037334] protocol 88fb is buggy, dev hsr_slave_1 04:51:20 executing program 4: r0 = socket$inet(0x10, 0x2, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0x400) ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000040)=0x1) ioctl$sock_ifreq(r0, 0x8932, &(0x7f0000000180)={'ip6gre0\x00\xeej\x01\x0f\'@\x00', @ifru_flags}) 04:51:20 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x9890, 0x2, 0x4}) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x9890, 0x2, 0x4}) ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000000000)=0x4) 04:51:20 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e30000005f3f000000000000000000"], 0x38) 04:51:20 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:20 executing program 3: r0 = getpgrp(0x0) capset(&(0x7f0000000000)={0x24020019980330, r0}, &(0x7f0000000140)={0x0, 0x0, 0x7}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) read$rfkill(r2, &(0x7f0000000040), 0x8) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x100000000, 0x408000) ioctl$DRM_IOCTL_GET_MAGIC(r4, 0x80046402, &(0x7f00000000c0)=0x4) r5 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) 04:51:20 executing program 1: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r0, 0x800455d1, &(0x7f0000000040)) r1 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/context\x00', 0x2, 0x0) vmsplice(r1, &(0x7f0000000140)=[{&(0x7f00000000c0)="7ccb35b6c6dc05e53439bcfd8e78062c8d61337c34e94451f9a0cd2fdef5e0bad39ecde166f009d0cbd2f17f79cbf3ef006de5dd51b4f2b8c8b7bc860d5885ee10e8c3dcdc18afd8f0eb87c50c8ed3a3a520f041e0539be7e33394e4afef3968156f3433d4c3685a3352a87bad397fb083", 0x71}], 0x1, 0x18) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x800, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000340)={0x0, 0x1, &(0x7f00000001c0)=""/237, &(0x7f00000002c0), &(0x7f0000000300)=""/58, 0x2000}) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f0000000380)={0xd, 0x6f, {0x53, 0x0, 0x1, {0x4, 0x1f}, {0x9, 0x6}, @const={0x4, {0x5, 0x101, 0x0, 0xff}}}, {0x57, 0xffffffffffffffff, 0x84, {0xd32, 0x10001}, {0x1, 0x8}, @ramp={0x2, 0x5, {0x7, 0x7, 0x6, 0x6}}}}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0xffffffffffffffff, r0, 0x0, 0x9, &(0x7f0000000400)='/dev/vcs\x00', 0xffffffffffffffff}, 0x30) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r3, 0x5, &(0x7f0000000480)=""/203) r4 = creat(&(0x7f0000000580)='./file0\x00', 0x38) connect$ax25(r4, &(0x7f00000005c0)={{0x3, @null, 0x1}, [@default, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r5 = syz_open_dev$swradio(&(0x7f0000000640)='/dev/swradio#\x00', 0x1, 0x2) ioctl$PERF_EVENT_IOC_ID(r5, 0x80082407, &(0x7f0000000680)) r6 = semget(0x3, 0x2, 0x88) semctl$GETPID(r6, 0x0, 0xb, &(0x7f00000006c0)=""/40) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vcs\x00', 0x428440, 0x0) ioctl$TIOCSRS485(r7, 0x542f, &(0x7f0000000740)={0x2, 0x7, 0x3f}) r8 = add_key(&(0x7f0000000880)='cifs.idmap\x00', &(0x7f00000008c0)={'syz', 0x0}, &(0x7f0000000900)="299dbfaba0598d455738b80efc08c2f5a512f19ca5f95f1ec2cc0fbc7a3993a16a41c44647977e8793a7027fddb679579b060ee227cb8c9fe42e8fa73f66279b97ccd55bcf187df70efc473c003942f99c720c667abdb5a52ee9dcc21108aac8a768f41fce58b3931a685939b2ceed901e3e2d197b44b22e3302cf9d76187499c31287016e3abc9309d524ef0c0652ac54caafb7f905886ad258a00a67886d8cf397ccf0d25445811a03b7c66caa42690ef92f3c7763981202dee1447fbdb12e55aa68a8a1367f1feaa12e4810fe8f", 0xcf, 0x0) add_key(&(0x7f0000000780)='dns_resolver\x00', &(0x7f00000007c0)={'syz', 0x0}, &(0x7f0000000800)="b3a4d1a252d9ff57b607156cb5a6f983bd7bb4bd8069c0eef37ce1ccb5a2388a279a73a5a74a9c905183be34bac013bdae5bd5a5551b46b1ca7e3ade02ce9e8f12ccabdbb413aa8b32e49052229a8ac44136", 0x52, r8) r9 = syz_open_dev$usbmon(&(0x7f0000000a00)='/dev/usbmon#\x00', 0x2, 0x40000) write$P9_RRENAME(r9, &(0x7f0000000a40)={0x7, 0x15, 0x2}, 0x7) r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/zero\x00', 0x20000, 0x0) ioctl$PPPIOCSDEBUG(r10, 0x40047440, &(0x7f0000000ac0)=0x1000) accept$inet6(0xffffffffffffffff, &(0x7f0000000b00)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000b40)=0x1c) pipe2(&(0x7f0000000b80)={0xffffffffffffffff}, 0x80000) write$P9_RREADDIR(r11, &(0x7f0000000bc0)={0x87, 0x29, 0x2, {0x0, [{{0x94, 0x3, 0x4}, 0x7, 0x6, 0x7, './file0'}, {{0x10, 0x3, 0x7}, 0x20, 0x5, 0x7, './file0'}, {{0x80, 0x2, 0x7}, 0x4, 0x3, 0x7, './file0'}, {{0x4, 0x1, 0x5}, 0x0, 0xfffffffffffffffd, 0x7, './file0'}]}}, 0x87) r12 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/snapshot\x00', 0x20, 0x0) ioctl$VHOST_GET_VRING_BASE(r12, 0xc008af12, &(0x7f0000000cc0)) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000d00)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r7, &(0x7f0000000d80)={0x7, 0x8, 0xfa00, {r13}}, 0x10) 04:51:20 executing program 4: syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f0000000140)="800000003804000019000300e60100006c000000000000000100000001000000000b000000400000aeb3147e09afe855705ebe5a0000ffff53ef115891e46267d23b0d503aff65b75991aca2121db4f7d808c926fda290e30f091dd150e33e64e1", 0x61, 0x400}], 0x0, 0x0) 04:51:20 executing program 5: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0) ioctl$RNDGETENTCNT(r0, 0x80044d00, &(0x7f0000000040)) ioctl$SIOCAX25NOUID(r0, 0x89e3, &(0x7f0000000080)) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f00000002c0)={0x7, 0x3, 0x2, 0x3fc, 0x1, [{0x8, 0xfff, 0xfffffffeffffffff, 0x0, 0x0, 0x800}]}) syz_open_dev$sndmidi(&(0x7f0000000280)='/dev/snd/m\x00', 0x2, 0xc00) r2 = dup2(r1, r1) write$FUSE_NOTIFY_STORE(r2, &(0x7f00000001c0)={0x2f, 0x4, 0x0, {0x0, 0x101, 0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2f) r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x404000, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000340)={0x3, &(0x7f0000000200)=[{}, {}, {}]}) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r5, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r5, 0x0) sendfile(r4, r5, &(0x7f0000000180), 0x1) fremovexattr(r3, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00']) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r6 = syz_open_dev$mouse(&(0x7f00000003c0)='/dev/input/mouse#\x00', 0x100000000, 0x200002) ioctl$sock_rose_SIOCADDRT(r6, 0x890b, &(0x7f0000000400)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={'rose', 0x0}, 0x7, [@bcast, @null, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null]}) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, &(0x7f0000000240)={0x6550000000000, 0x1ff, 0x3, 0x400, 0x8000, 0x800}) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r8, 0x6, 0x16, &(0x7f0000000140)=[@window={0x3, 0x0, 0x200}, @mss={0x2, 0x5}, @mss={0x2, 0x3}, @sack_perm, @timestamp], 0x5) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) [ 755.873616] SELinux: ebitmap: truncated map [ 755.878960] SELinux: failed to load policy 04:51:20 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e40000005f3f000000000000000000"], 0x38) 04:51:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000007000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1081}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") write$P9_RVERSION(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="743a90c737fecac5cff9fa4f21f6ba36caa8d5351ff42ad6136925912a9050f0408348a404ee63132659731d3bbd9f3f7258a646f11f366c000e9e3bb5cdc4cb2e6528029dfc72f1654ee204b52d996aa9ce0418dfb3057d6161730db7e7e3934697b6eab1a1c02b8a037ba7f5c59ae3"], 0x1) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCDELRT(r2, 0x890c, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @remote}, {0x2, 0x4e22, @remote}, {0x2, 0x4e21, @broadcast}, 0xf5, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000000)='ip6_vti0\x00', 0xffffffffffffdc33, 0xff, 0x2}) ioctl(r0, 0x1000008912, &(0x7f0000000080)="08dca50d5e0bcfe47bf070") r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r7, 0x54a1) r8 = socket(0x400000000000010, 0x802, 0x0) write(r8, &(0x7f00000000c0)="24000000200099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x2, &(0x7f0000000280)={0x8, {{0x2, 0x0, @remote}}}, 0x90) 04:51:20 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 756.119938] SELinux: ebitmap: truncated map [ 756.124537] SELinux: failed to load policy 04:51:20 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='rpc_pipefs\x00', 0x80000, 0x0) 04:51:20 executing program 5: r0 = socket$inet6(0xa, 0x80002, 0x88) r1 = syz_open_dev$vivid(&(0x7f0000000040)='/dev/video#\x00', 0x2, 0x2) ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f00000000c0)=0x3) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x10000000005e20, 0x0, @mcast2, 0x5}, 0x1c) r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x4, 0xc000) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) accept4$tipc(r2, 0x0, &(0x7f0000000080)=0xdcc695e64214a838, 0x80800) 04:51:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x2000000000000212, &(0x7f0000000080)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x5}, 0x10}, 0xfffffffffffffe8b) r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x80000000, 0x200) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000080)) 04:51:20 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e50000005f3f000000000000000000"], 0x38) 04:51:20 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 756.467181] protocol 88fb is buggy, dev hsr_slave_0 [ 756.472345] protocol 88fb is buggy, dev hsr_slave_1 04:51:21 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) fstat(r1, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000001480)='./file0\x00', &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f0000000080)='./file0\x00', 0x100000000, 0x5, &(0x7f0000001380)=[{&(0x7f0000000180)="934acba7bf87d5e07dd865b7e5294b926812651391d5dd25fd7dabd6801ea95a24694119a56e032827a4a1368e867322b29ab95f68a78ccdc9ba4e98a44496a76df6b1f86e14e0c68ebd9d47ccb3989be96586659a1b50f7b0b58c3045a648c80e6f1e0bb568cd4e097d7ef65edb5e621460f8bd370b9dd2de759a09de4051c1f1fc8182139b6fb48b1f08d985d7de18050349d1e7bec093bc501866f948da6565ed5b3cb8b1802c9fc1be77b1023d0b93eaf94bd81d4639f365b5a51aebd85c07219ee7ec724422a361a6ed3c", 0xcd, 0xffff}, {&(0x7f0000000280)="c66e74c4e8be8f86b3b3cd89ccf5630d4b9063d01991a434a892ac2f242bf7bd2151cd7065ac794a4c57e47fb0a3e52406afb967bcc1028dc40c0f9f38f33b496fd6941860095e35c89454d40d1ccba36d5e9b8584449f3733c4dce83389b3a43418a4bcd86d2cf32776b6c3692dc881dd3c8ad9ce6ce7401fcda308632fc821d5bd3336daededcfeb23bb0c810f001bdd3e3791c1aef85a3e2ed90b7a85c859c1567d4f271541e176190298200c2b0f1643d65221420bdcec4bc6febdc19f58f7bc8b9c212b3811925f280f1b02129c0db6aa98534cb16e95b21c9104bc515e712b44e53a7f89eff7c0a60095b71fb28ce0180c478f7feb9569cef6a52636a028e86c6468727a5d9efc2f1774cbf3330446abdbc830c070fb884596b6b6cfc22f521a2614274fb84d3623f5f7d5166929629f27e64dd6e2c3894ffabc157cb6f068e26eebad6caff5c5d66c1094679c108592438698b67c1d1326c08aca485f66297965e1db76a7b4f96b1e9a9788ac99ca5be8040ad1ec0707b75e9909830ed3484fe27515af930eb2176eaf22b69d02529599edbf1738615336211f13e4de41dabce26841cca2b463981b241ff4cc82e8fb1f86b59bb50329b3bcf789b3b7dde0fd24ebc586a2835a4178f72cd6801e867a28e3edded0ad7bc5af75b51d6393be6b37c898f2fa36a4213b9cb9241ead7aa9c3db985be8520c209ebdccc2bd846a56b31526cfd0ac86654f79b8c1a655b307743dee4a5876a40078e95c89b4c6c196c442c1789ad66176a0d26f674feece14d99ec6298cc3e0211c41d0f35da31dc754cd0038ae3fcaaaeee2a988c0d994ca895b289ce2ac111705926a972d0a85497b02151e692feb9df3b6edd794f0cafa92f6860f1e3a61288f499154aafd673ac0957e551d43eb8767017f2e89be8cb00ba478a2739f1d524f61eb6c2673966bf5a34cf4e0cdb628433debb6523cdd5f402608790066914bcba4d8c429e426a4d48cb2a8c32cbaec1de9bf0a91f467bacc90d206a66f2763a4a7bf4eab3d52bc5416d1bdcaf4698746be76d1faa2cb4f2de5c1f3312810af9cc16513e5752acad0d81d79d10154a440aae9dcd8015abd77f52102bc1c738523101811b862e05029a07600dcb89eb41b7afbf8976a7059ea11f4300e4df2f27a5c24ced87a33b34e5827b5214d6ae1b6d461827f3dbc2a0fe44cebce180ec150141949b0a845f833fbd6863adfdb298cd1869e9b74b66112abc3861af2748154a985af06e70bf00fba463f5d555d56206460fb7e0c9c8e210d6b6118a793e6447d7d351ef2a0fa9bb910289739768a62e4c8877dab06daf28e59c812f3f476b20d864a1d7cb542411c9db02ef9d1afe5622c845ef43f0fa9de5d9eb0cbe41885276cceddd9434a2fe23f651459879513c75e5d51fed2ebaa142e0a1e1e2a8aa75aa35512d45eadb86fb263a794c02bd4bcb53195ce7149508674d37dfab5109bc95ea0b9b8ff7ea83d7cc486165eec7c50e7982f3edd0834167f47ae587d4d2ad1985f8c55d6a8228204ee67b36e2e8f3481437b5323f68ee6b30f082d6d089f83971f07ea946f3f35b31d98547e5d3a09d6bf9e64afba3621452ffcdfdf5412e85b3a645d0a7aa3d4245e5c7b681554c311d49ed4fbe48ed5e4d3033d767a97f157bd9f9bd4f15b21461aa0e35181c8ed053e0fb3bc2956c456f3d4a9507b1dcd7bf69102f581dd07acc3f7fe90e72ca0e51a3ae7774839c72cbcea8f2261f877b7d782c52e00a527337be29b524c1a0455f68c69894feea885b30532abd7f6fe3484d1e76ac88ef7090ed7d4466ec79210f591f0349fd4c0e8b3c938e08cd0ac81df16bc7345d5022f37ff37e6d2fa5bd4ef942172cb0f7b432234ad7a03943c9f93d682fb321f06d4493b17dfc40ba1a2920157a5038ee375351677620beff44767b9a61ef4ceab5f85105dd1aeb3885f6f2062a70c646137703a0cdaa26e531a8f227eb5d85aac2221e79a93facf0ee1f2a5d5b6f58b970432ab4f6de2717891ea4fd288493db58b05206d1f2d4ff873d7fa5bc5e3d5a80d1433aea4a296e136b6e655abef252c4a90d2afd2dc4da46b176a4864082da08dc6b56c7fe591b24feb0146d786037f06891148e543c5587336e31f544f0e10884b23758296c9983a73e82d642509fed01dec7cbd0ebbbf85b130d7c25c56e8c01c01cc4bf97c4edd2e72473275bb727016ac9be8c6eefc31dfd356cb1c2433a1df03e3506cf96729b1c8d76ba2ae4fe0587bbb438dcbf299f091a86da6464d10f26766a1871eaff6b56760055d7240461dcad7a337c8a425dd352aef6e7a437edd80c66e6d77122819281fe04f4ae126be8798f856f255ec4aceff87e9efd9f3d07964e8bdcb676d6d487b7ed8778f866be51a7dfd17f3bc0d3e72c81730f0c493338d76beb1e6177bc18fca051889c6a669b10cdeab6da1d41a9610e1116a5b466fb104e5c5a8ded07475c208dc51ffea411e81d4a8a386eec0fd2a655ce75309c788c37d341d1512d2b710b071552b292f74f74a84cfd64a26a456bae95ff2a4c63cf8dadc36b517b42558a06402abb71a92b3789961691815e9906c3de82e5ba6cefce03da6d4b3a50256704458af837b562f6b714e5db51b52275a4b3302e68a27923a8bff776ad8fc71fc9e505be8c7aed5691a2fa488a59bffd91e5bf41056aa6373e349843b99a970c571a97b7e15679868c84c01bd3a9bebf0ca8d035a6c019b8d9391e8c2ccca31a6f0c3232fe75929f35f6ef96fc5ed7f0cbcedc59ce348256cf15e5b75b35c6797c29076d5f0053c2946105638dd689c2f6750f900b243537a31c5fcc352cf6f6a8e338c43e103acd3f4a69b83a62b6a4ea0e184aa39af00f34d3a8dd5c04846671be7ed7377e6b61276a8f4106d989ae6587f695ed7d3168e2cba85bca0d2947be734efc4549919457e474e1f5f182d8541f1c961249a78452ae94d6a5eed7093ec447140a38b11c239b1dcb7d2f9526581cca4d2f9fdecf903abc245e2807730591b50ef6248364ef911b1a7429a58c7e55e6c5db412a852b8f75d17d0d811bb4b8e72a0ac3e7052701429589165c594f912887e6265d392cff1feca95a63e993fabe57f16af8e667f2d817a6a3a7078f300b68b9689e147a2552361cfca4af14d020b8f748780ed11173c919fa3cbe1da416df69c5e72b33b6f297e57beb8e6108e0e8198ab9a46d01e0fcac2d9b95e44820306a7c9c1783a6114e3ff2404e1de264c69c5b6ac18e60948cc4889607758df7b2001eda567f88e23b5a0389eb3701f26d310e4b2c2fbcd8ea052b0b4a5e6437a5f76587edeed5d18c29522210ad740db0a7fa56e21e8b0d80d688853cc7b3f4e39c8670946df4fc3ae6fe3aac3baadf5d347f14871c9daf6e9e9393a618f4bc0162c5a231285af2965cd9a3abcca901687f0688b41b42110730160444fa37ae9186fa91faef844c8ce5ae8d609eca89604d491d044e12ca7191cbc0089cc419270a7a8e91966f7985a77db370fc84ee87d3a6bf3fb7647dec9fdcea4694d41136239d8fb63379553d53a10693c8b56c0825d34c73a003d2d641a43ae837414e87b8234382dd8b9e0dc95f47fa92268b1eb60d0bd20e734d1d9d07e30c0cfa3c330b2eb229e77417ffc28af202307ceb56c263d17eb774ec6001e3c670503691fd816645fe487f890e170c21b42d973865b63232c738588e1beeeff70c1eb5beb15ba8098bc5b76869856aff06eb468b3c5207e797feed45f314609c90243240bcda65e7f742b4f9796bb7db522957f0f15b045a0a259d3cf887efb207cae94f23a2168aeb52b018b6e6071f4309315ba8da4816b585fd5fc9ac8ac4e58d6907b9001c18bd4f0a3718a9a94ec59a51d31f4b9ddf7e32b179edaf4cfa31c6d35ac9d90e2beabf3d45faea10e8af0f7bfe2bfa1a92a6b7860ede53b00a4624f14d422e831c7972cfe07c20a58dced2e5993fe2a109bb85a5a344a17056c73aad8f34775411860760b96a0a31b707dc2db3337b732d833b5b3d21e9ff391fb6474c551cb98f1535ba1cd1dbed723779312ebb884b0ab2f0297c353bb292060c4dc792e25249c67d4996ce0e2f2e14fe738c5b0cb66987ec5a442ce22b626484e2f89b4b2c5e5720d118aff69e4bd392269f71cb159207a42baefea466f239b650fde866e2f248dff729664aba005f7bc8a9f71df90899666030ff4f7b33d6f70e14f83f4adc74ba823836b7d72700905cc64c2814a3254aee68d5bc4d5f57ca466345d4fdcef7c93547d6b752f8c6ead83bc9c061b2472cc0347600ee65e2d6ae1d75168c15723b0402f48ce1209910be518a8b4b876a9c3d418237f0ae2a92fc0ca3ba7142a02b0f3b4ab264e1534c293562eb3683c8fa854d4936f4884bdbed53e6d0fb29610c908890c2f09301c5125f7238692d3f1908806e7606d5a978c7c8d6dedbdde83e9e27358473bd343c875c8dafee245839ba6733c5f13b2b1f3ab69779bee040fc045a06b7e43d92d17039caff1c9b15dc0d312a93cd1eac0a341420e80103da873d39c5fac62b2fc0eeb6b41a99aa2a916e03084641c61f153a79f59f1774ce50ded9c66a3e822f1d723a66f016e2cb5200754c9754775b42e109a0a2101be5ea3467d49d979f78afbb47be4a2ef7e494f62ddfc6696ab3a029fbddd05b4d14f735871a7d20217f143256f7cd2d41ab7f8acdbf8f41c6ae02287761a6a3f8d674d355fb2b76c6487c660b584189ef8551a4ecda97bca6b82696e30e71071142f63070275a2f9387c7da095df173a1e0f71b7eec40cd46b7f312647df544e2900ef974b10403d5a89f1207bb87e897639de1e2d8b5db3ae7d1cbcbd3d1b1743bb8e31471758cf90758c26e221aa7422bac29264405f0f3e3ea2dc556748e31c0dff8ef1d1805f497ed28efac7be2b403f3f36265789cdc276d9881991664601774382c11376456b492918586bc08af612894fbcbe1dc930702160d75835e7e03ac7aa07beae3281971d262d4b63417b01189330c3b8fd145c9ada3be913c77d7ebbe6c7889c6c8e68c5a1119d6d8e4b3853834c695b0f7287d292a863299a20c2da7b17596b65266fac864af8649c943c4dda912387ade809edfabe0560071a8baa98ba42d907381906260b370234e3e133aa68115b0027a25d55f2fda06e5ece50a1ffbcd6166577654acffc98cbf7edd407bbca1b22e68a4abb5b22cda98b262c93c954d973e8711073ea70a658a6eb1063c5b65fdc8d4f4bca94f2d34185ebc34b9f93498f2c906499ffdcfa1bd4ac950575523edbf6d5fa60fce7849caf2a22b38e6e935c108aeca1621874abc99d1db6bf202729f65ff49290f359c49ab6572abb3a01f6f74774bd10c922e745a10dd953448f98f225d96034ad5ca1e9efd4b4f3dc266af92348061be584b671945eec6a2ba5fe5de11065fa0315ba735826efe9f0517d0149ab7901a9d2565040c92f458da1e119548046916bf923fa3882ca236b9c7e37e3be69de60f4de506aee879421d884423ab8c30310ebd4845739a5513a1473f16ac7ccd1c5d2ba26567b2b99f4d940f788ffdb64393b2532442334ba73367faaaceb003f73c1c5ffa575f93c441e44f552df415afae2bb8809f312d867b097580af0e0aaab2df250f6a3b110ac67b50e5eb7ab78542a241cc444e116b68f9964e8f575187a70fad68e484f3eec2142da2d46a9df7e30b76758cf64ce17f0b89e8386d7b33a687b7f5c49bb6a1a4a40359924ca2558ad3ef4452fffaad3a3", 0x1000, 0x8}, {&(0x7f0000001280)="d99de02925fb0c7da9e8e1d2ac6297822b862db4171f00e171114786f968d0ba8e0bccfda7e2ad06b982ed23aa83d13791b29117ead1edf4bf2278367aad92f5ad752413cbb28edc68b1dbd2bdf953f228725c0c50b610318d66ed08dbca61719e360dd7da860ead4a86fac4fd6f30fb5ff27d00d293850559ffb0a40f49d3c9d6cf627f1eb45741201e8898a7a905a07adc51a93d2f3c154c565dfb78ea785d2fc59cbcb35b243467d83ab660e3dd4b1a8bc1a097a26ee7c3cd2c73a886a7101f2211f1ccffac32d87623afa35098e523fb21022111a3185f0ab3eaa0301a86d7d6a277bb941b2df47d07ea4d1ac9877bed67", 0xf3, 0x3}, {&(0x7f00000000c0)="d1993324a61f7381eb8a4ba551e8ae9aad1025b0bbab9089c703dcb369a0daba72cd740f7a0b2df4244b6bd640270b67703b19895c297f28c22327631caffdb1ca62e1ba4cf41ed7539ff13d157d8cb2475296af5bef969664f9c8bf8fb54761d524d8d9ded8a99906bbf8bbe2b52fea47fd6dd6ce762b", 0x77, 0x100000001}, {0xfffffffffffffffe, 0x0, 0x2}], 0x800000, &(0x7f0000001640)=ANY=[@ANYBLOB='grpquota,nodiscard,quota,iocharset=cp866,discard=0xffffffffffffff3d,gid=', @ANYRESHEX=r2, @ANYBLOB=',smacTfsroot=/dev/dri/card#\x00,euid<', @ANYRESDEC=r3, @ANYBLOB="2c6d61736b3d5e4d41595f5241442c736d61636b6673726f6f743d2c66736e616d653d2f648673e2b18265692f6361726423002c736d61636b6673666c6f6f723d972c000000000000"]) 04:51:21 executing program 5: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000180)={0x3, @vbi={0x4, 0x8, 0x100000001, 0xdc4eeae1, [0xffffffffffffffc1, 0x101], [0xfff, 0xfffffffffffffffe], 0x13a}}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000280)={0xc, @sliced={0x2, [0x97ed, 0x3, 0x9, 0x5, 0x1, 0x1, 0x0, 0x4, 0x1, 0x209, 0x8, 0x7f, 0x5, 0x7e, 0x0, 0x7, 0x2, 0x101, 0x67, 0x1, 0x1ff, 0x10000, 0x1, 0x0, 0x0, 0x100000001, 0x4, 0x3, 0x1f, 0xc3, 0x6, 0x3ff, 0xff, 0xbbf2, 0x0, 0x8, 0x3, 0x0, 0xfffffffffffffffb, 0x3, 0x7, 0x4b01b80, 0x2, 0xa9, 0x9, 0x1ff, 0x8, 0x8], 0x9}}) 04:51:21 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000340)={0x3}, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) [ 756.618451] SELinux: ebitmap: truncated map [ 756.623055] SELinux: failed to load policy [ 756.651400] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 04:51:21 executing program 1: r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000640)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f00000003c0)={{0x100}, 'port1\x00', 0x20, 0x160000, 0x0, 0x40, 0x5, 0x6, 0x8, 0x0, 0x1, 0xad}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r6, 0x891c, &(0x7f00000001c0)={'team_slave_1\x00', {0x2, 0x4e22, @multicast1}}) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x44, r7, 0x8, 0x70bd25, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, [], 0x28}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x10000841) [ 756.749127] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 756.811539] CPU: 1 PID: 19903 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 756.818522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 756.827910] Call Trace: [ 756.830947] dump_stack+0x172/0x1f0 [ 756.834594] dump_header+0x15e/0xa55 [ 756.838328] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 756.843449] ? ___ratelimit+0x60/0x595 [ 756.847347] ? do_raw_spin_unlock+0x57/0x270 [ 756.851769] oom_kill_process.cold+0x10/0x6ef [ 756.856281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 756.861847] ? task_will_free_mem+0x139/0x6e0 [ 756.866383] ? find_held_lock+0x35/0x130 [ 756.870460] out_of_memory+0x936/0x12d0 [ 756.875412] ? lock_downgrade+0x810/0x810 [ 756.879573] ? oom_killer_disable+0x280/0x280 [ 756.884076] ? find_held_lock+0x35/0x130 [ 756.884108] mem_cgroup_out_of_memory+0x1d2/0x240 [ 756.884125] ? memcg_event_wake+0x230/0x230 [ 756.897351] ? do_raw_spin_unlock+0x57/0x270 [ 756.901768] ? _raw_spin_unlock+0x2d/0x50 [ 756.905931] try_charge+0xef7/0x1480 [ 756.909655] ? find_held_lock+0x35/0x130 [ 756.913997] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 756.919809] ? get_mem_cgroup_from_mm+0x139/0x320 [ 756.924661] ? find_held_lock+0x35/0x130 [ 756.928735] ? get_mem_cgroup_from_mm+0x139/0x320 [ 756.933593] memcg_kmem_charge_memcg+0x7c/0x130 [ 756.938289] ? memcg_kmem_put_cache+0xb0/0xb0 [ 756.942793] ? get_mem_cgroup_from_mm+0x156/0x320 [ 756.947643] memcg_kmem_charge+0x136/0x370 [ 756.953016] __alloc_pages_nodemask+0x3c3/0x750 [ 756.957694] ? __alloc_pages_slowpath+0x2870/0x2870 [ 756.962721] ? lockdep_hardirqs_on+0x415/0x5d0 [ 756.967320] ? trace_hardirqs_on+0x67/0x220 [ 756.971670] ? kasan_check_read+0x11/0x20 [ 756.975825] copy_process.part.0+0x3e0/0x7a30 [ 756.980329] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 756.985445] ? delayacct_end+0x5c/0x100 [ 756.990996] ? __delayacct_freepages_end+0xe0/0x140 [ 756.996023] ? __lock_acquire+0x6ee/0x49c0 [ 757.000280] ? __cleanup_sighand+0x70/0x70 [ 757.004529] ? mark_held_locks+0x100/0x100 [ 757.008788] _do_fork+0x257/0xfd0 04:51:21 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x14, 0x4, 0x4, 0x400, 0x0, 0x1}, 0x3c) r1 = syz_open_dev$mice(&(0x7f00000013c0)='/dev/input/mice\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001440)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000001500)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x80500008}, 0xc, &(0x7f00000014c0)={&(0x7f0000001480)={0x2c, r2, 0x20, 0x70bd26, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x2}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x3}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x60040888}, 0x40000) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r0, &(0x7f0000000040)="fdff", &(0x7f0000000100)=""/47}, 0x20) [ 757.012256] ? fork_idle+0x1d0/0x1d0 [ 757.015984] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 757.021881] ? kasan_check_read+0x11/0x20 [ 757.026218] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 757.030983] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 757.030996] ? do_syscall_64+0x26/0x620 [ 757.031010] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 757.031021] ? do_syscall_64+0x26/0x620 [ 757.031040] __x64_sys_clone+0xbf/0x150 [ 757.031057] do_syscall_64+0xfd/0x620 [ 757.031073] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 757.031083] RIP: 0033:0x45c3d9 [ 757.031094] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 757.031105] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 [ 757.053964] ORIG_RAX: 0000000000000038 [ 757.053974] RAX: ffffffffffffffda RBX: 00007f5e2cafa700 RCX: 000000000045c3d9 [ 757.053983] RDX: 00007f5e2cafa9d0 RSI: 00007f5e2caf9db0 RDI: 00000000003d0f00 04:51:21 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000040)={0x0, 0xfffffffffffffffd, 0x7, 0x2, 0x0, 0x1}) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x5419, 0x0) 04:51:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000180)={0x5, 0xc, 0x4, 0x100, {}, {0x5, 0xe, 0x9, 0x8, 0x6, 0x6, "6a2cd0a7"}, 0x4, 0x6, @planes=&(0x7f0000000000)={0x8, 0x2, @fd=0xffffffffffffffff, 0x1665}, 0x4}) fcntl$setflags(r1, 0x2, 0x3) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = openat(r3, &(0x7f0000000040)='./file0\x00', 0x0, 0x1e) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000000c0)={0x225d13ea08fc1519, 0x10000}) r5 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="8cff7cf90800004bffc5e76a395aad7816000000d99827940000fffffff82000400000000005000000001d000000dd77"], 0x30) 04:51:21 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 757.053992] RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa700 R09: 00007f5e2cafa700 [ 757.054000] R10: 00007f5e2cafa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 757.054009] R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 04:51:21 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0xf, 0x4, 0x10000000004, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffff9c}, 0x3c) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$TUNSETCARRIER(r3, 0x400454e2, &(0x7f0000000200)=0x1) ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000100)) socket$rxrpc(0x21, 0x2, 0x2) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r7, 0x0) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r8, @ANYBLOB="2c747970653da07e886b55b7808dc51e70bced32189f4d56297e783cdfcf88ad0c"]) write$P9_RGETATTR(r5, &(0x7f0000000040)={0xa0, 0x19, 0x2, {0x480, {0x20, 0x4}, 0x100, r7, r8, 0x8, 0x8, 0x100000001, 0x2, 0x101, 0x8, 0x100000000, 0x3, 0x7ff, 0x3, 0x8001, 0xf55, 0x3, 0x4c, 0x2}}, 0xa0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x760000, 0x0, 0x10020000000, 0x0}, 0x2c) [ 757.258176] SELinux: policydb string length 1258291208 does not match expected length 8 04:51:21 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x18) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) [ 757.306385] SELinux: failed to load policy [ 757.347301] Task in /syz0 killed as a result of limit of /syz0 [ 757.367422] memory: usage 307192kB, limit 307200kB, failcnt 4252 [ 757.378773] SELinux: policydb string length 1258291208 does not match expected length 8 [ 757.407372] SELinux: failed to load policy [ 757.414418] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 757.461870] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 757.491365] Memory cgroup stats for /syz0: cache:0KB rss:230696KB rss_huge:194560KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:230904KB inactive_file:4KB active_file:0KB unevictable:0KB [ 757.742188] Memory cgroup out of memory: Kill process 11901 (syz-executor.0) score 1113 or sacrifice child [ 757.769637] Killed process 11901 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 757.834354] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 757.854335] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 757.860226] CPU: 1 PID: 19904 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 757.867219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 757.876594] Call Trace: [ 757.879239] dump_stack+0x172/0x1f0 [ 757.882882] dump_header+0x15e/0xa55 [ 757.886615] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 757.891726] ? ___ratelimit+0x60/0x595 [ 757.895619] ? do_raw_spin_unlock+0x57/0x270 [ 757.900041] oom_kill_process.cold+0x10/0x6ef [ 757.904549] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 757.910356] ? task_will_free_mem+0x139/0x6e0 [ 757.914863] out_of_memory+0x936/0x12d0 [ 757.918854] ? oom_killer_disable+0x280/0x280 [ 757.923349] ? find_held_lock+0x35/0x130 [ 757.927431] mem_cgroup_out_of_memory+0x1d2/0x240 [ 757.932279] ? memcg_event_wake+0x230/0x230 [ 757.936612] ? do_raw_spin_unlock+0x57/0x270 [ 757.941025] ? _raw_spin_unlock+0x2d/0x50 [ 757.945183] try_charge+0xc4e/0x1480 [ 757.948907] ? find_held_lock+0x35/0x130 [ 757.952976] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 757.957825] ? get_mem_cgroup_from_mm+0x139/0x320 [ 757.962671] ? find_held_lock+0x35/0x130 [ 757.966739] ? get_mem_cgroup_from_mm+0x139/0x320 [ 757.971610] memcg_kmem_charge_memcg+0x7c/0x130 [ 757.976286] ? memcg_kmem_put_cache+0xb0/0xb0 [ 757.980808] ? get_mem_cgroup_from_mm+0x156/0x320 [ 757.985690] memcg_kmem_charge+0x136/0x370 [ 757.989935] __alloc_pages_nodemask+0x3c3/0x750 [ 757.994610] ? __alloc_pages_slowpath+0x2870/0x2870 [ 757.999637] ? lockdep_hardirqs_on+0x415/0x5d0 [ 758.004219] ? trace_hardirqs_on+0x67/0x220 [ 758.008555] copy_process.part.0+0x3e0/0x7a30 [ 758.013056] ? mark_held_locks+0x100/0x100 [ 758.017303] ? __might_fault+0x12b/0x1e0 [ 758.021377] ? __cleanup_sighand+0x70/0x70 [ 758.025619] ? lock_downgrade+0x810/0x810 [ 758.029785] _do_fork+0x257/0xfd0 [ 758.033247] ? fork_idle+0x1d0/0x1d0 [ 758.036984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 758.041748] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 758.046511] ? do_syscall_64+0x26/0x620 [ 758.050491] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 758.055856] ? do_syscall_64+0x26/0x620 [ 758.059840] __x64_sys_clone+0xbf/0x150 [ 758.063821] do_syscall_64+0xfd/0x620 [ 758.067654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 758.072863] RIP: 0033:0x459a09 [ 758.076060] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 758.094960] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 758.102675] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 758.109949] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 758.117567] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 758.124836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 758.132105] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff [ 758.147341] Task in /syz0 killed as a result of limit of /syz0 [ 758.153398] memory: usage 304952kB, limit 307200kB, failcnt 4252 [ 758.165598] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 758.172747] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 758.184790] Memory cgroup stats for /syz0: cache:0KB rss:228656KB rss_huge:192512KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:228744KB inactive_file:4KB active_file:0KB unevictable:0KB [ 758.214076] Memory cgroup out of memory: Kill process 12239 (syz-executor.0) score 1113 or sacrifice child [ 758.224386] Killed process 12239 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:22 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e60000005f3f000000000000000000"], 0x38) 04:51:22 executing program 3: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)) r0 = getpid() tkill(r0, 0x1000000000015) capset(&(0x7f0000000000)={0x24020019980330, r0}, &(0x7f0000000140)={0x3fe}) r1 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x401, 0x90100) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:51:22 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008911, &(0x7f0000000000)="11f070000000000000000022b88ee02cd88645b46e578c926ecf115d5d99c0026f02c6f2ef0df31cffab548b5bdd313d549d4ea5bba2d72a37d9") socket$inet(0x2, 0x5, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x1, 0x0) 04:51:22 executing program 1: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000400)='/selinux/policy\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r1) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x40000, 0x0) ioctl$FICLONE(r5, 0x40049409, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r6 = socket(0x2, 0x803, 0xff) connect$inet(r6, &(0x7f0000000240)={0x2, 0x0, @remote}, 0x10) sendfile(r6, r0, 0x0, 0x72439a6b) 04:51:22 executing program 5: setrlimit(0x40000000000008, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) ioctl$KDADDIO(r1, 0x4b34, 0x800) mlock(&(0x7f0000003000/0x4000)=nil, 0x4000) 04:51:22 executing program 4: socketpair(0x4, 0x1, 0x6, &(0x7f0000000040)) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x400000, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0) 04:51:22 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)='security.capability\x00', &(0x7f00000000c0)=@v3={0x3000000, [], 0xee00}, 0x18, 0x0) setxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:newrole_exec_t:s0\x00', 0x24, 0x0) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=@known='security.capability\x00', 0x0, 0x0) 04:51:22 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 758.395461] SELinux: ebitmap: truncated map [ 758.456365] SELinux: failed to load policy 04:51:22 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e70000005f3f000000000000000000"], 0x38) 04:51:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getpid() r1 = getpid() openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) tkill(r1, 0x1000000000015) ioprio_get$pid(0x2, r1) ioctl(r0, 0x2001000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000b, 0x2832, 0xffffffffffffffff, 0x0) 04:51:23 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 758.622134] SELinux: ebitmap: truncated map [ 758.626713] SELinux: failed to load policy 04:51:23 executing program 1: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000400)='/selinux/policy\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r1) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x40000, 0x0) ioctl$FICLONE(r5, 0x40049409, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r6 = socket(0x2, 0x803, 0xff) connect$inet(r6, &(0x7f0000000240)={0x2, 0x0, @remote}, 0x10) sendfile(r6, r0, 0x0, 0x72439a6b) [ 760.627273] net_ratelimit: 13 callbacks suppressed [ 760.627280] protocol 88fb is buggy, dev hsr_slave_0 [ 760.637435] protocol 88fb is buggy, dev hsr_slave_1 [ 760.642600] protocol 88fb is buggy, dev hsr_slave_0 [ 760.647722] protocol 88fb is buggy, dev hsr_slave_1 04:51:25 executing program 3: r0 = getpid() tkill(r0, 0x1000000000015) capset(&(0x7f0000000000)={0x24020019980330, r0}, &(0x7f0000000140)={0x0, 0x5}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:51:25 executing program 4: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000300)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x40000000000008, &(0x7f0000000080)=0x0) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) fdatasync(r2) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000140)="100000000600"/16, 0x10}]) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xa2, 0x90080) ioctl$PPPIOCATTACH(r3, 0x4004743d, &(0x7f00000000c0)=0x3) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$UI_SET_ABSBIT(r6, 0x40045567, 0x4) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) ioctl$sock_x25_SIOCADDRT(r3, 0x890b, &(0x7f0000000180)={@remote={[], 0x2}, 0x8, 'batadv0\x00'}) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) mmap(&(0x7f0000002000/0x6000)=nil, 0x6000, 0x1, 0x13, r4, 0x0) 04:51:25 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e80000005f3f000000000000000000"], 0x38) 04:51:25 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:25 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000140)={0x1, 0x50, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r1, r1) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000080)={0x7, 0x0, 0x0, 0x6}) ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f00000000c0)={0x7, r2}) keyctl$session_to_parent(0x12) [ 761.267177] protocol 88fb is buggy, dev hsr_slave_0 [ 761.267182] protocol 88fb is buggy, dev hsr_slave_0 [ 761.267233] protocol 88fb is buggy, dev hsr_slave_1 [ 761.272336] protocol 88fb is buggy, dev hsr_slave_1 04:51:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syslog(0x2, &(0x7f0000000040)=""/24, 0x18) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x1, 0x6804) mkdirat$cgroup(r0, &(0x7f0000000080)='syz0\x00', 0x1ff) socket(0x1e, 0x4, 0x0) r1 = memfd_create(&(0x7f00000002c0)='\x00\xa1\xd6\xeb\xd9h1\xbdPO\x1e\x1b\x04\xcc\x18\xbdCKwMj\x8f~\x1f\xe0\xa6v-=\x8d\x89\xfe\xac\x02\xf8\x92\xf0B^\xed\v\xd1w', 0x0) r2 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) dup2(r2, r1) [ 761.396968] SELinux: ebitmap: truncated map 04:51:25 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500e90000005f3f000000000000000000"], 0x38) [ 761.422949] SELinux: failed to load policy 04:51:25 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00<\xa3\x04;\xe6\xa5\a\xbc\x96\x03g\x8dd\xe6\x87\xad\x9e!\'H\xe3\x95h>d2>\xc6\x02\xee\xfb\x88\xac\x9f\x02\xee\xcdZ\x1e\xae\xfd\xdd]\xa2Uk\xaf\'\x90\xd0K\x0e\xcf\x8b\x94', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r1 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r1, &(0x7f0000000240)='cgroup.procs\x00', 0x2, 0x0) rmdir(&(0x7f0000000100)='./file0\x00') [ 761.463828] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 04:51:25 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 761.575865] fat__get_entry: 22 callbacks suppressed [ 761.575882] FAT-fs (loop4): Directory bread(block 3841) failed [ 761.597284] FAT-fs (loop4): Directory bread(block 3842) failed [ 761.603445] FAT-fs (loop4): Directory bread(block 3843) failed [ 761.616307] FAT-fs (loop4): Directory bread(block 3844) failed [ 761.630428] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 761.636016] FAT-fs (loop4): Directory bread(block 3845) failed [ 761.656617] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 761.662816] CPU: 0 PID: 20035 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 761.669764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.679120] Call Trace: [ 761.681721] dump_stack+0x172/0x1f0 [ 761.685366] dump_header+0x15e/0xa55 [ 761.689089] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 761.694197] ? ___ratelimit+0x60/0x595 [ 761.698288] ? do_raw_spin_unlock+0x57/0x270 [ 761.702708] oom_kill_process.cold+0x10/0x6ef [ 761.707228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 761.712794] ? task_will_free_mem+0x139/0x6e0 [ 761.717312] out_of_memory+0x936/0x12d0 [ 761.721473] ? lock_downgrade+0x810/0x810 [ 761.725635] ? oom_killer_disable+0x280/0x280 [ 761.728866] FAT-fs (loop4): Directory bread(block 3846) failed [ 761.730141] ? find_held_lock+0x35/0x130 [ 761.730169] mem_cgroup_out_of_memory+0x1d2/0x240 [ 761.730185] ? memcg_event_wake+0x230/0x230 [ 761.730203] ? do_raw_spin_unlock+0x57/0x270 [ 761.754976] ? _raw_spin_unlock+0x2d/0x50 [ 761.759257] try_charge+0xef7/0x1480 [ 761.763068] ? find_held_lock+0x35/0x130 [ 761.767153] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 761.772535] ? kasan_check_read+0x11/0x20 [ 761.776698] ? get_mem_cgroup_from_mm+0x156/0x320 [ 761.781556] mem_cgroup_try_charge+0x259/0x6b0 [ 761.787115] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 761.792056] __handle_mm_fault+0x1e50/0x3f80 [ 761.792874] FAT-fs (loop4): Directory bread(block 3847) failed [ 761.796477] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 761.796515] ? count_memcg_event_mm+0x2b1/0x4d0 [ 761.796531] handle_mm_fault+0x1b5/0x690 [ 761.816330] __do_page_fault+0x62a/0xe90 [ 761.820416] ? vmalloc_fault+0x740/0x740 [ 761.820657] FAT-fs (loop4): Directory bread(block 3848) failed [ 761.824495] ? trace_hardirqs_off_caller+0x65/0x220 [ 761.824510] ? trace_hardirqs_on_caller+0x6a/0x220 [ 761.824524] ? page_fault+0x8/0x30 [ 761.824540] do_page_fault+0x71/0x57d [ 761.824555] ? page_fault+0x8/0x30 [ 761.831784] FAT-fs (loop4): Directory bread(block 3849) failed [ 761.836586] page_fault+0x1e/0x30 [ 761.836597] RIP: 0033:0x41134f [ 761.836613] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 761.836620] RSP: 002b:00007ffc40f2eb90 EFLAGS: 00010206 [ 761.836631] RAX: 00007f5e2cafb000 RBX: 0000000000020000 RCX: 0000000000459a5a [ 761.836643] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 761.841957] FAT-fs (loop4): Directory bread(block 3850) failed [ 761.845091] RBP: 00007ffc40f2ec70 R08: ffffffffffffffff R09: 0000000000000000 [ 761.845100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc40f2ed60 [ 761.845107] R13: 00007f5e2cb1b700 R14: 0000000000000000 R15: 000000000075bf2c 04:51:26 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000040)="4405ec0000", 0x5) sendto$inet(r2, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) 04:51:26 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) [ 761.849953] Task in [ 761.868752] /syz0 [ 761.952787] killed as a result of limit of /syz0 [ 761.963783] memory: usage 307200kB, limit 307200kB, failcnt 4280 [ 762.002977] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 762.042803] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 762.075969] Memory cgroup stats for /syz0: cache:0KB rss:230876KB rss_huge:194560KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:230848KB inactive_file:4KB active_file:0KB unevictable:0KB [ 762.105389] Memory cgroup out of memory: Kill process 12804 (syz-executor.0) score 1113 or sacrifice child [ 762.116799] Killed process 12804 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 762.156441] SELinux: ebitmap: truncated map [ 762.162799] SELinux: failed to load policy [ 762.707219] protocol 88fb is buggy, dev hsr_slave_0 [ 762.712353] protocol 88fb is buggy, dev hsr_slave_1 04:51:28 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$describe(0x6, r0, 0x0, 0x0) r1 = add_key(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000180)="fa25229fe2e043d8ff70414c37f426c4272abe3c6e90d9afa86ab21e751d761072dfb06cd6a4126cc75596859fa0c7fc601681c02e2b8766087cd8483c0e090dff266e9826f8e418d257567e687dc0f0630a0539dcc3d4da1df49b54dfd53e2fc71de674cb3e9dd03fc0f0d2d923164ec54d1881b9976def6d7face195042c1c48d4907f12448d51a449757d7d387cb0ea0917d551c14e4f309abb13609be6edf1df36d7f0768254ad32223bfa6d7908b6a4b52aed1e8ebae036fa1d34dd5b9fa4390f941d665cb483ca29b93f2d2ab251a727ab678ce71fd2e28c3e24f9d6317d75e7bfe0645183407e47937b9e", 0xee, r0) add_key(&(0x7f0000000040)='cifs.idmap\x00', &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) 04:51:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket(0x2, 0x3, 0x67) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x52c) sendto$unix(r1, &(0x7f0000000180)="210000d9", 0xff25, 0x4008000, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@abs={0x0, 0x5dc, 0xd0000e0}, 0x6e) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000480)=0x100, 0x3aa1c51c680336b9) r3 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r3, 0x5eb857) r4 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000380)={@broadcast, @dev}, &(0x7f00000003c0)=0xc) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000400)={0x0, @remote, @loopback}, 0xc) connect$inet(r4, &(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) r5 = accept4(r3, 0x0, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x54, 0x0, 0x200, 0x70bd28, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_TUN_PORT={0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x3, 0x0}}, @IPVS_DEST_ATTR_WEIGHT={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}]}, 0x54}}, 0x200000c0) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffff13a, 0x6}, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FIBMAP(r6, 0x1, &(0x7f0000000240)) sendmmsg(r4, &(0x7f0000000a00), 0x211, 0x0) sendmmsg(r5, &(0x7f0000000c00), 0x4000000000001e6, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000d85fe4)={0xa, 0x4e23}, 0x1c) r7 = socket$inet6(0xa, 0x802, 0x0) pselect6(0x40, &(0x7f0000000000)={0xffffffff, 0x8, 0x0, 0x5b, 0x80, 0x0, 0x7, 0x2}, 0x0, &(0x7f0000000080)={0x4, 0x5a1, 0x7, 0x3, 0x9, 0x0, 0x5, 0x8001}, &(0x7f0000000140), 0x0) sendto$inet6(r7, 0x0, 0x0, 0x8800, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @mcast2, 0x6}, 0xffffffffffffffac) 04:51:28 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x800, 0x0) write$P9_RWRITE(0xffffffffffffffff, 0x0, 0x0) write$UHID_CREATE(r1, 0x0, 0x0) r2 = accept$alg(r0, 0x0, 0x0) r3 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r3, 0xc02c564a, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007b00)=[{{&(0x7f00000026c0)=@hci, 0x80, &(0x7f0000002740)}, 0x49bf}, {{&(0x7f0000002780)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000002940)=[{&(0x7f0000002800)}, {&(0x7f0000002840)=""/143, 0x8f}, {&(0x7f0000002900)=""/24, 0x18}], 0x3, &(0x7f0000002980)=""/97, 0x61}, 0x4}, {{&(0x7f0000002a00)=@xdp, 0x80, &(0x7f0000002c00)=[{0x0}, {&(0x7f0000002ac0)=""/250, 0xfa}, {&(0x7f0000002bc0)=""/33, 0x21}], 0x3, &(0x7f0000002c40)=""/167, 0xa7}}, {{&(0x7f0000002d00)=@x25={0x9, @remote}, 0x80, &(0x7f0000003080)=[{&(0x7f0000002dc0)=""/235, 0xeb}, {&(0x7f0000002ec0)=""/13, 0xd}, {&(0x7f0000002f00)=""/199, 0xc7}], 0x3}, 0x2}, {{0x0, 0x0, &(0x7f0000004440)=[{0x0}, {0x0}, {&(0x7f0000003300)=""/4096, 0x1000}, {&(0x7f0000004400)}], 0x4, &(0x7f00000044c0)}, 0x3}, {{0x0, 0x0, &(0x7f0000006040)=[{0x0}, {&(0x7f0000005ac0)=""/223, 0xdf}, {&(0x7f0000005bc0)=""/245, 0xf5}, {&(0x7f0000005cc0)=""/128, 0x80}, {&(0x7f0000005e00)=""/185, 0xb9}, {0x0}, {&(0x7f0000005f80)=""/183, 0xb7}], 0x7}, 0x9}, {{0x0, 0x0, 0x0}}, {{&(0x7f0000007780)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000007a40)=""/132, 0x84}, 0x2}], 0x8, 0x2060, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x167, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x3ed, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) 04:51:28 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ea0000005f3f000000000000000000"], 0x38) 04:51:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb&9m\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x14) fcntl$notify(0xffffffffffffffff, 0x402, 0xa) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) connect$llc(r1, &(0x7f0000000000)={0x1a, 0x307, 0x6, 0xfffffffffffffffb, 0x3f41, 0x3, @local}, 0x10) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) socket$packet(0x11, 0x2, 0x300) connect$inet6(r4, &(0x7f0000000080), 0x1c) 04:51:29 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500eb0000005f3f000000000000000000"], 0x38) [ 764.780650] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF 04:51:29 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:29 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) setsockopt$inet6_tcp_buf(r1, 0x6, 0xd, &(0x7f00000001c0)="b70f175c4b3fccde5c6fb1a8fda0de63cadcf72544a4209f5fc63371b398470becd3", 0x22) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x5000006, 0x110, r2, 0x0) fdatasync(r2) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r4, 0x40405514, &(0x7f00000000c0)={0x7, 0x1, 0x4, 0x100000001, 'syz0\x00', 0x428}) syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x800, 0x20a900) r8 = dup2(r7, r7) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r10, 0x4c09, 0x8) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0xa080, 0x0) ioctl$KVM_GET_PIT2(r8, 0x8070ae9f, &(0x7f0000000040)) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:29 executing program 5: [ 764.825189] FAT-fs (loop1): Filesystem has been set read-only 04:51:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb&9m\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x14) fcntl$notify(0xffffffffffffffff, 0x402, 0xa) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) connect$llc(r1, &(0x7f0000000000)={0x1a, 0x307, 0x6, 0xfffffffffffffffb, 0x3f41, 0x3, @local}, 0x10) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) socket$packet(0x11, 0x2, 0x300) connect$inet6(r4, &(0x7f0000000080), 0x1c) [ 764.915449] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 764.963053] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 764.971989] CPU: 1 PID: 7615 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 764.978869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 764.988228] Call Trace: [ 764.990833] dump_stack+0x172/0x1f0 [ 764.994477] dump_header+0x15e/0xa55 [ 764.998206] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 765.003328] ? ___ratelimit+0x60/0x595 [ 765.007224] ? do_raw_spin_unlock+0x57/0x270 [ 765.011650] oom_kill_process.cold+0x10/0x6ef [ 765.016161] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 765.021709] ? task_will_free_mem+0x139/0x6e0 [ 765.026229] ? find_held_lock+0x35/0x130 [ 765.030302] out_of_memory+0x936/0x12d0 [ 765.034283] ? lock_downgrade+0x810/0x810 [ 765.038437] ? oom_killer_disable+0x280/0x280 [ 765.042933] ? find_held_lock+0x35/0x130 [ 765.047010] mem_cgroup_out_of_memory+0x1d2/0x240 [ 765.051856] ? memcg_event_wake+0x230/0x230 [ 765.056183] ? do_raw_spin_unlock+0x57/0x270 04:51:29 executing program 5: 04:51:29 executing program 3: r0 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xef7, 0x40000) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x180000b) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, [], 0x28}, 0xfffffffffffffffc}, @in6={0xa, 0x4e24, 0x7d5c4501, @mcast2, 0x4}], 0x48) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000080)={r3}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000080)={r3, 0x6}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={r4, 0x2, 0x70}, 0xc) capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) [ 765.060592] ? _raw_spin_unlock+0x2d/0x50 [ 765.064920] try_charge+0xef7/0x1480 [ 765.068641] ? find_held_lock+0x35/0x130 [ 765.072709] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 765.077567] ? get_mem_cgroup_from_mm+0x139/0x320 [ 765.082417] ? find_held_lock+0x35/0x130 [ 765.086485] ? get_mem_cgroup_from_mm+0x139/0x320 [ 765.091497] memcg_kmem_charge_memcg+0x7c/0x130 [ 765.096155] ? memcg_kmem_put_cache+0xb0/0xb0 [ 765.100636] ? get_mem_cgroup_from_mm+0x156/0x320 [ 765.105462] memcg_kmem_charge+0x136/0x370 [ 765.109682] __alloc_pages_nodemask+0x3c3/0x750 [ 765.114337] ? __alloc_pages_slowpath+0x2870/0x2870 [ 765.119352] ? find_held_lock+0x35/0x130 [ 765.123400] ? copy_page_range+0x124f/0x1f90 [ 765.127848] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 765.133411] alloc_pages_current+0x107/0x210 [ 765.137824] pte_alloc_one+0x1b/0x1a0 [ 765.141619] __pte_alloc+0x2a/0x360 [ 765.145233] copy_page_range+0x151f/0x1f90 [ 765.149467] ? pmd_alloc+0x180/0x180 [ 765.153164] ? __vma_link_rb+0x279/0x370 [ 765.157212] copy_process.part.0+0x543d/0x7a30 [ 765.161789] ? __cleanup_sighand+0x70/0x70 [ 765.166015] _do_fork+0x257/0xfd0 [ 765.169453] ? fork_idle+0x1d0/0x1d0 [ 765.173156] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 765.177900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 765.182644] ? do_syscall_64+0x26/0x620 [ 765.186611] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 765.191954] ? do_syscall_64+0x26/0x620 [ 765.195911] __x64_sys_clone+0xbf/0x150 [ 765.199869] do_syscall_64+0xfd/0x620 [ 765.203667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 765.208837] RIP: 0033:0x457fda [ 765.212026] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 765.230953] RSP: 002b:00007ffc40f2ede0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 765.238736] RAX: ffffffffffffffda RBX: 00007ffc40f2ede0 RCX: 0000000000457fda [ 765.246001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 765.253254] RBP: 00007ffc40f2ee20 R08: 0000000000000001 R09: 0000555556e18940 [ 765.260505] R10: 0000555556e18c10 R11: 0000000000000246 R12: 0000000000000001 [ 765.267756] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc40f2ee70 [ 765.279495] Task in /syz0 killed as a result of limit of /syz0 [ 765.285547] memory: usage 307200kB, limit 307200kB, failcnt 4291 [ 765.291786] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 765.298676] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 765.304918] Memory cgroup stats for /syz0: cache:0KB rss:230696KB rss_huge:194560KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:230828KB inactive_file:0KB active_file:0KB unevictable:0KB [ 765.340840] Memory cgroup out of memory: Kill process 12844 (syz-executor.0) score 1113 or sacrifice child [ 765.350924] Killed process 12844 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:29 executing program 4: 04:51:29 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 765.419933] SELinux: ebitmap: truncated map [ 765.424539] SELinux: failed to load policy 04:51:29 executing program 5: 04:51:29 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ec0000005f3f000000000000000000"], 0x38) 04:51:29 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x8080) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:30 executing program 4: 04:51:30 executing program 5: [ 765.811465] SELinux: ebitmap: truncated map 04:51:30 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:30 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ed0000005f3f000000000000000000"], 0x38) [ 765.865451] SELinux: failed to load policy 04:51:30 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb&9m\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x14) fcntl$notify(0xffffffffffffffff, 0x402, 0xa) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) connect$llc(r1, &(0x7f0000000000)={0x1a, 0x307, 0x6, 0xfffffffffffffffb, 0x3f41, 0x3, @local}, 0x10) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) socket$packet(0x11, 0x2, 0x300) connect$inet6(r4, &(0x7f0000000080), 0x1c) 04:51:30 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$key(0xf, 0x3, 0x2) r2 = fcntl$dupfd(r0, 0x0, r1) sendmsg$key(r2, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000000000)={0x2, 0xd, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x400300, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$key(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x400300, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@empty}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) 04:51:30 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x2000, 0x0) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) r5 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r5, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r5, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000040)={0x2000}) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:30 executing program 5: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f000079c000/0x800000)=nil, 0x800000, 0xc) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20\x00', 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) io_setup(0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1005, 0x0) 04:51:30 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ee0000005f3f000000000000000000"], 0x38) [ 766.014537] SELinux: ebitmap: truncated map [ 766.031417] SELinux: failed to load policy 04:51:30 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x7, 0x3a1800) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') geteuid() sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r3, 0x4, 0x70bd27, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x88000}, 0x4000808d) 04:51:30 executing program 5: r0 = socket$inet(0x2, 0x200000002, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x1000004e21}, 0x10) 04:51:30 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ef0000005f3f000000000000000000"], 0x38) 04:51:30 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 766.230658] SELinux: ebitmap: truncated map [ 766.247456] SELinux: failed to load policy 04:51:30 executing program 4: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x12a500, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="1d00000019b97ba7fc7b720e33dc5d6ee4dde79199647c3eab5b97770c34529f10"], 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000001280)={r1, 0x0, 0x1}, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00') r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r2, &(0x7f0000000240), 0x2305e2b7) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)) syz_open_pts(r3, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40000) pipe(&(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f00000003c0)={0x0, r6+30000000}, 0x0) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 766.356645] SELinux: ebitmap: truncated map [ 766.417622] SELinux: failed to load policy 04:51:30 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x800000000000000, 0x2) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="08dca50d5e0bcfe47bf070") r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGSW(r1, 0x8040451b, 0x0) 04:51:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb&9m\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x14) fcntl$notify(0xffffffffffffffff, 0x402, 0xa) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) connect$llc(r1, &(0x7f0000000000)={0x1a, 0x307, 0x6, 0xfffffffffffffffb, 0x3f41, 0x3, @local}, 0x10) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) socket$packet(0x11, 0x2, 0x300) connect$inet6(r4, &(0x7f0000000080), 0x1c) 04:51:31 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f00000005f3f000000000000000000"], 0x38) 04:51:31 executing program 3: capset(&(0x7f0000000000)={0x24020019980330, 0xffffffffffffffff}, &(0x7f0000000140)={0x0, 0x0, 0x93e0}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x4) socket$unix(0x1, 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:31 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:31 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev4dri/card#\x00', 0x800, 0x200000) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 766.803407] SELinux: ebitmap: truncated map [ 766.847484] SELinux: failed to load policy 04:51:31 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f10000005f3f000000000000000000"], 0x38) 04:51:31 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)={r5, 0x222}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000080)={r6, 0xffffffffffffff01}, 0x8) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) [ 766.867614] net_ratelimit: 14 callbacks suppressed [ 766.867658] protocol 88fb is buggy, dev hsr_slave_0 [ 766.878621] protocol 88fb is buggy, dev hsr_slave_1 [ 766.884832] protocol 88fb is buggy, dev hsr_slave_0 [ 766.890077] protocol 88fb is buggy, dev hsr_slave_1 04:51:31 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:31 executing program 3: r0 = getpgrp(0x0) capset(&(0x7f0000000000)={0x24020019980330, r0}, &(0x7f0000000140)={0x1, 0x0, 0x0, 0x0, 0x0, 0x2}) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0xfffffffffffff800, 0x10000) connect$rds(r1, &(0x7f0000000080)={0x2, 0x4e23, @rand_addr=0x100}, 0x10) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='trusted.overlay.origin\x00', &(0x7f00000006c0)='y\x00', 0x2, 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@loopback, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@mcast2}}, &(0x7f0000000100)=0xe8) r7 = getpid() tkill(r7, 0x1000000000015) r8 = accept4$ax25(r1, &(0x7f0000000280)={{0x3, @null}, [@netrom, @null, @null, @netrom, @remote, @null, @remote, @rose]}, &(0x7f0000000300)=0x48, 0x800) r9 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r9, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r9, 0x0) r10 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r10, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r10, 0x0) r11 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r11, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r11, 0x0) r12 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r13 = dup2(r12, r12) ioctl$TIOCGSOFTCAR(r13, 0x5419, 0x0) ioctl$BLKSECTGET(r13, 0x1267, &(0x7f0000000700)) sendmsg$nl_generic(r5, &(0x7f0000000600)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x38000048}, 0xc, &(0x7f00000005c0)={&(0x7f0000000340)={0x26c, 0x3e, 0x200, 0x70bd2d, 0x25dfdbfe, {0x3}, [@typed={0x4, 0x12}, @nested={0xf0, 0x76, [@typed={0x14, 0x18, @str='/dev/dri/card#\x00'}, @generic="b82d78cb5c8377cff376e3f96b9e815c5c2753729411b78c96dee373047035b6c61631fac7385e4026df139ca83cfcca150e695c33deab6067c91d09997284be14b2d476d8e103099776ce6559cef95ae10d775d6d4b5654a28cafb84a1780c7e86fd3a899f98a7cd4d7f9255938b3942ebefec4c5dc1009a724a7803363433625b974da26", @generic="86ccba4523d89b73f0de401282efc572659e347e0ce46c22917ee534529cacb5ab31b041e59080fa23d6f9be3a79d946e09354643285bf2e30e3c54c4c1ebc77af538d83c7f0a2391a", @typed={0x8, 0x5b, @uid=r6}]}, @typed={0x8, 0x9, @pid=r7}, @generic="59aeb2b5525425c780bfef815c37420c20196bd6ccaceb4b4bba5e36b5c1bed2", @generic, @generic="56d6", @nested={0x138, 0x37, [@typed={0x8, 0x15, @fd=r8}, @typed={0x8, 0x44, @fd=r9}, @typed={0x8, 0x79, @u32=0x7ff}, @typed={0x4, 0x16}, @typed={0x8, 0x2e, @fd=r10}, @typed={0xb4, 0x4a, @binary="75811c30b3e7162721feefa278aab53b321ae441a3b6806c13145cd6eaab669cc00a3706b38f104340070075f582b9f2372808599a56e671cb6dad23c6097fd5c67b926af011f810433af4307f327cd7ce0ea8babe9a8d01fa9c6923316d84ea952920ba757a847705d4270e66a3774173624b05538f7c43135ddabbc33aba61f31481194d3cb609b3c6f060fce4803cff4602a3533d11c2d0f8064c6f5d6145188dc1ca2d7130b9dcc7adbe8d"}, @typed={0x8, 0x16, @fd=r11}, @generic="cec7a407ba31db23b57188aa7db04bc28b09e0197d525eae42e686a406cd4dee4902388c93f85d758d55883e56291bc73abce98f20d444949028ef0f784af1aef9d83f83fd82fc1a39fe970a7712269cd9dd"]}]}, 0x26c}, 0x1, 0x0, 0x0, 0x4004004}, 0x45050) [ 767.110932] SELinux: ebitmap: truncated map [ 767.115532] SELinux: failed to load policy 04:51:31 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x6, 0x61, 0x11, 0x1a001000000}, [@ldst={0x3, 0x3, 0x2000cf66, 0x0, 0x1}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 04:51:31 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f20000005f3f000000000000000000"], 0x38) 04:51:31 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:31 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(0xffffffffffffff9c, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = accept(r2, &(0x7f0000000040)=@caif=@dbg, &(0x7f00000000c0)=0x80) ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000100)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x101, @bcast, @bpq0='bpq0\x00', 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]}) 04:51:31 executing program 4: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x80000000, 0x200000) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000040)={0x4, 0x0, 'client0\x00', 0x0, "3622fd6822bd84a6", "9568fdff40bd6f281f90006d8bf84a4ff3b746d073fb0c630e946d0a05ba9452", 0x5e, 0x400}) r1 = socket$alg(0x26, 0x5, 0x0) unshare(0x8020000) bind$alg(r1, &(0x7f0000007b80)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) r2 = syz_open_dev$usb(&(0x7f0000000200)='/dev/bus/usb/00#/00#\x00', 0x40000fffffd, 0x0) dup2(r2, r1) 04:51:31 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000000)) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) ioctl$VIDIOC_G_STD(0xffffffffffffffff, 0x80085617, &(0x7f00000003c0)) dup3(r0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) sendmsg$sock(r2, &(0x7f0000000380)={&(0x7f0000000080)=@in6={0xa, 0x4e21, 0x2, @remote, 0xfff}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000100)="2db4c1a0659ca1bafad9bea50970224ecc4d8679a427fbf43877cfa0a5", 0x1d}, {&(0x7f0000000140)="0b39c6576e9a22ce34ca1d03a0b142269d17b4a645c2548bf0d07a31016f68fbc2f7ce39ebde7d8b57aa66c09b6a", 0x2e}, {&(0x7f0000000180)="fc2b698a09171432fe2e960d7ab50988adc3d86bf8284de04d837f108cadb839b6393f02595add03bdab6c0bcb4961c5d8f0c7414fbcd71b500bdb750fc72129fafb307b8c1df407192cdc2af07f9b79f3be315f6562eb187e78136ac810007a5bbfd91713f689a14011d879fc0dabab94a56e2d3bce49bb5f633ade2accd3543a6fffc165f09cb59f1ceb0e1d164e1f2d6e2108c5f281120961e1ec3e92d78302cee17b50917b59b3a9ef0ffb7bdaa66b73da8dcd7c9ea43870ff7ea45956bfe396e761114f269dfb3a89e755aa41dc50fce4064ab2e13f2f540537e9ad", 0xde}, {&(0x7f0000000280)="467fbae0ab8e3a4c9fb270c560c7fd44f2e85b74e06142d8195ad13f3d158b1544f315ee7b5ab829363aee40f54946506c5d454fa9f9723f9a9c74bb68b8b82935ee4cd7d1096311f806a8ce30060bf60718fea8c42743eb4403cf652147", 0x5e}], 0x4, &(0x7f0000000340)=[@timestamping={{0x14, 0x1, 0x25, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}], 0x30}, 0x4081) [ 767.507190] protocol 88fb is buggy, dev hsr_slave_0 [ 767.507194] protocol 88fb is buggy, dev hsr_slave_0 [ 767.507240] protocol 88fb is buggy, dev hsr_slave_1 [ 767.512596] protocol 88fb is buggy, dev hsr_slave_1 [ 767.567962] SELinux: ebitmap: truncated map 04:51:32 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f30000005f3f000000000000000000"], 0x38) [ 767.599446] SELinux: failed to load policy 04:51:32 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000002c0)='scalable\x00', 0x9) r2 = socket$packet(0x11, 0x3, 0x300) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff50700000000000950000000000000099e941a413f864c7aefc3cbf11fc9031ba4c0af86b88fcbe3f1ebf7420b104769a3ee1f4aa35339f4b382c4caf9d"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) setsockopt$sock_int(r4, 0x1, 0x3d, &(0x7f0000000100)=0xfffffffffffffdfa, 0xfffffffffffffe52) connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) socket$rds(0x15, 0x5, 0x0) [ 767.706723] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 767.756834] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 767.766280] CPU: 1 PID: 20250 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 767.773244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 767.782607] Call Trace: [ 767.785398] dump_stack+0x172/0x1f0 [ 767.789046] dump_header+0x15e/0xa55 [ 767.792805] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 767.797926] ? ___ratelimit+0x60/0x595 [ 767.801818] ? do_raw_spin_unlock+0x57/0x270 [ 767.806244] oom_kill_process.cold+0x10/0x6ef [ 767.810840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.816393] ? task_will_free_mem+0x139/0x6e0 [ 767.821011] ? find_held_lock+0x35/0x130 [ 767.825118] out_of_memory+0x936/0x12d0 [ 767.829276] ? lock_downgrade+0x810/0x810 [ 767.833694] ? oom_killer_disable+0x280/0x280 [ 767.838202] ? find_held_lock+0x35/0x130 [ 767.842308] mem_cgroup_out_of_memory+0x1d2/0x240 [ 767.847246] ? memcg_event_wake+0x230/0x230 [ 767.851945] ? do_raw_spin_unlock+0x57/0x270 [ 767.856386] ? _raw_spin_unlock+0x2d/0x50 [ 767.860545] try_charge+0xef7/0x1480 [ 767.864367] ? find_held_lock+0x35/0x130 [ 767.868447] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 767.873324] ? get_mem_cgroup_from_mm+0x139/0x320 [ 767.878261] ? find_held_lock+0x35/0x130 [ 767.882330] ? get_mem_cgroup_from_mm+0x139/0x320 [ 767.887207] memcg_kmem_charge_memcg+0x7c/0x130 [ 767.891970] ? memcg_kmem_put_cache+0xb0/0xb0 [ 767.896493] ? get_mem_cgroup_from_mm+0x156/0x320 [ 767.901370] memcg_kmem_charge+0x136/0x370 [ 767.905619] __alloc_pages_nodemask+0x3c3/0x750 [ 767.910321] ? __alloc_pages_slowpath+0x2870/0x2870 [ 767.915464] ? lockdep_hardirqs_on+0x415/0x5d0 [ 767.920058] ? trace_hardirqs_on+0x67/0x220 [ 767.924392] copy_process.part.0+0x3e0/0x7a30 [ 767.928895] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 767.934005] ? delayacct_end+0x5c/0x100 [ 767.938012] ? __delayacct_freepages_end+0xe0/0x140 [ 767.944122] ? __lock_acquire+0x6ee/0x49c0 [ 767.948720] ? __cleanup_sighand+0x70/0x70 [ 767.953062] ? mark_held_locks+0x100/0x100 [ 767.957338] _do_fork+0x257/0xfd0 [ 767.960818] ? fork_idle+0x1d0/0x1d0 [ 767.964558] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 767.970908] ? kasan_check_read+0x11/0x20 [ 767.975092] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 767.979851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 767.984700] ? do_syscall_64+0x26/0x620 [ 767.988681] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.994228] ? do_syscall_64+0x26/0x620 [ 767.998211] __x64_sys_clone+0xbf/0x150 [ 768.002197] do_syscall_64+0xfd/0x620 [ 768.006700] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 768.011892] RIP: 0033:0x45c3d9 [ 768.015182] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 768.034373] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 768.042090] RAX: ffffffffffffffda RBX: 00007f5e2cb1b700 RCX: 000000000045c3d9 [ 768.049968] RDX: 00007f5e2cb1b9d0 RSI: 00007f5e2cb1adb0 RDI: 00000000003d0f00 04:51:32 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 768.057242] RBP: 00007ffc40f2ed60 R08: 00007f5e2cb1b700 R09: 00007f5e2cb1b700 [ 768.064518] R10: 00007f5e2cb1b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 768.071788] R13: 00007ffc40f2ebff R14: 00007f5e2cb1b9c0 R15: 000000000075bf2c [ 768.106491] Task in /syz0 killed as a result of limit of /syz0 [ 768.113123] memory: usage 307200kB, limit 307200kB, failcnt 4312 04:51:32 executing program 5: r0 = socket(0x200000000000011, 0x803, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'nlmon0\x00'}) r2 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r3 = perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r2, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x1000, 0x0, 0x1000, 0x2, 0xffffffffffffffff, 0x6, [], r5, r4, 0x1}, 0x3c) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@local, @rand_addr, r5}, 0xc) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/autofs\x00', 0x400, 0x0) bind$packet(r6, &(0x7f0000000100)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="0100"}, 0x14) setsockopt$packet_int(r0, 0x107, 0x100000000014, &(0x7f0000000140)=0x1, 0x4) io_setup(0x5, &(0x7f0000000300)=0x0) r8 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r8, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r8, 0x0) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r11, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r11, 0x0) io_submit(r7, 0x2, &(0x7f0000000340)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0x400, r1, &(0x7f0000000180)="2f31418f493d733de5838f15e2a0173bbb82e53c5e00b118c297218d1e5c90fb1c0b404ff893dbf7229ebbcd06267548b2d1131eca2e51f5d529d022b4cf93cfa5cdbcec2eda7d0068e943baad287af918070cf0610f38dfe6f4df00cd7a6aa38f3ef2554d0913c075936810eeaf62cfd65d875eac5cf65d8463e01f8533ae38c222d816f9e32eb1681d97732b610531a9bf9df16c7e42eea3128497262b816f39d9215f59b1fc5eeaa3c4ebadb44d4fa838d9c2cc7b4029ba1eac88f26682be52a07b11ee6557d9d01831494551a39f70c65fbdc6a5677276d510788f0a", 0xde, 0x6cf, 0x0, 0x0, r10}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0xffffffff, r11, &(0x7f0000000280)="3b05b3614f036cbe29110e523119154a696994df493e891923d847002fe30f51a78d59f48b1575596b865a73f854d2a1f2a318a4dbce52eacbaa9da794fac91aa686622bcedf74a1947cfa302a18580050b5114f760a1cd1d71e6ec63f874115d150c4", 0x63, 0x8140, 0x0, 0x7edb76a351ec081e}]) [ 768.149963] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 768.204504] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 768.253161] Memory cgroup stats for /syz0: cache:0KB rss:229272KB rss_huge:192512KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:229384KB inactive_file:4KB active_file:0KB unevictable:0KB 04:51:32 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 768.315168] Memory cgroup out of memory: Kill process 13437 (syz-executor.0) score 1113 or sacrifice child [ 768.366045] Killed process 13437 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 768.469079] SELinux: ebitmap: truncated map [ 768.487561] SELinux: failed to load policy [ 768.947192] protocol 88fb is buggy, dev hsr_slave_0 [ 768.952394] protocol 88fb is buggy, dev hsr_slave_1 04:51:34 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f40000005f3f000000000000000000"], 0x38) 04:51:34 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff3000/0x4000)=nil) shmat(r0, &(0x7f0000ff3000/0x4000)=nil, 0x6000) madvise(&(0x7f0000ff6000/0x1000)=nil, 0x1000, 0x9) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) mmap$binder(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x803) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f00000001c0)={0x0, 0x4, 0x5, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}]}) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$VIDIOC_ENCODER_CMD(r4, 0xc028564d, &(0x7f0000000040)={0x1, 0x0, [0x4, 0x0, 0x0, 0xfffffffffffffff7, 0x4, 0x7, 0x1, 0x3]}) r5 = shmget(0x2, 0x4000, 0x400, &(0x7f0000ff4000/0x4000)=nil) shmctl$SHM_STAT(r5, 0xd, &(0x7f0000000000)=""/55) 04:51:34 executing program 5: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x1, 0x20e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x3a001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getgid() setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [], {}, [{0x8, 0x4}, {0x8, 0x0, r2}]}, 0x34, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000500}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 04:51:34 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x4, 0x0, 0x0, 0x1800, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2dfb, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000, 0x8000000000000, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = getpid() tkill(r1, 0x1000000000015) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x8e3, 0x40000) r9 = dup2(r7, r8) r10 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r11 = dup2(r10, r10) ioctl$TIOCGSOFTCAR(r11, 0x5419, 0x0) ioctl$LOOP_SET_DIRECT_IO(r11, 0x4c08, 0x3) ioctl$TIOCGSOFTCAR(r9, 0x5419, 0x0) syz_open_pts(r3, 0xe8680) r12 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r13 = dup2(r12, r12) ioctl$TIOCGSOFTCAR(r13, 0x5419, 0x0) syz_open_dev$midi(&(0x7f0000000440)='/dev/midi#\x00', 0x80000001, 0xc01) r14 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r15 = dup2(r14, r14) ioctl$TIOCGSOFTCAR(r15, 0x5419, 0x0) ioctl$GIO_CMAP(r15, 0x4b70, &(0x7f0000000480)) r16 = dup2(r6, r6) r17 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r18 = dup2(r17, r17) ioctl$TIOCGSOFTCAR(r18, 0x5419, 0x0) r19 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r19, r19) ioctl$DRM_IOCTL_WAIT_VBLANK(r19, 0xc018643a, &(0x7f0000000240)={0x10000000, 0x3, 0x32}) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r18, 0x810c5701, &(0x7f00000002c0)) ioctl$TIOCGSOFTCAR(r16, 0x5419, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000100)={r16}) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x7fffffff, 0x51, 0x7, 0x4, 0x0, 0x100, 0x10000, 0x16, 0x60c, 0x59, 0x8, 0x100, 0x5, 0x80000001, 0x7, 0x890b, 0x4, 0xfffffffffffffffa, 0x4, 0x6, 0x1, 0x8, 0x9, 0x11, 0x2425, 0x2, 0x100, 0x9c, 0x3, 0x80000000, 0x5, 0x5, 0xd6, 0x4, 0x6d3, 0x9e, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000040), 0x4}, 0x8, 0x80000000, 0x8, 0x2, 0x6, 0xb40e, 0x100000000}, r1, 0x1, r3, 0x8) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x2000, &(0x7f0000000000)=[{&(0x7f0000000140)="2e0000003100050ad25a80648c6394fb0124fc0010000b400c000200053582c137153e37090001800c081700d1bd", 0x2e}], 0x1}, 0x0) 04:51:34 executing program 3: r0 = getpid() tkill(r0, 0x1000000000015) r1 = syz_open_procfs(r0, &(0x7f0000000080)='net/anycast6\x00') r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r3, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000400)={0x128, r4, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x3c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffab8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x100010000}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x40, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x77}]}, @TIPC_NLA_BEARER={0x24, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'caif0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @multicast1}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x0, @mcast1, 0x8001}}}}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) ioctl$VT_RELDISP(r1, 0x5605) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0xa00, 0x0) r6 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cachefiles\x00', 0x101a00, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xf4, 0x42, 0x800, 0x70bd28, 0x25dfdbfd, {0x19}, [@generic="2a4d5c9d79a8ceb73671641feffc04501e992d37225b7e29943fd5c36ec2fe826ba0b799c514ae2a4e948b1db91ff3c4208a9404a8f2ab6d93ad606e3bcc03c25c691b1109bf5ca2c66455116832bdff6c7a1bf6ef597cc5417b11912edaf474c00d32771eb2a84145e1e16008fe28524a81e0687f1ab7259be3b1499f80e9456b6a3c12e5664c6f7bf3dceb8aa7a7bfaf62611ef92247c642faae58e82f335bb4ca1ed00c97b9375913c534c085ae4e5d5a20bf04dbbb56e66df0c1ed03d55a2de8d3dffae69311b9c5a216", @typed={0xc, 0x49, @u64=0x7}, @typed={0x8, 0x28, @fd=r6}]}, 0xf4}, 0x1, 0x0, 0x0, 0x20004000}, 0x22048011) capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$l2tp(0x18, 0x1, 0x1) openat$selinux_member(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/member\x00', 0x2, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) ioctl$CAPI_GET_SERIAL(r8, 0xc0044308, &(0x7f00000005c0)=0x8) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x200, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) [ 770.230190] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 770.248607] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 770.254444] CPU: 0 PID: 20283 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 770.261380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.270740] Call Trace: [ 770.273338] dump_stack+0x172/0x1f0 [ 770.276980] dump_header+0x15e/0xa55 [ 770.280701] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 770.285811] ? ___ratelimit+0x60/0x595 [ 770.289703] ? do_raw_spin_unlock+0x57/0x270 [ 770.294131] oom_kill_process.cold+0x10/0x6ef [ 770.298648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 770.304293] ? task_will_free_mem+0x139/0x6e0 [ 770.308806] out_of_memory+0x936/0x12d0 [ 770.312794] ? lock_downgrade+0x810/0x810 [ 770.316963] ? oom_killer_disable+0x280/0x280 [ 770.321465] ? find_held_lock+0x35/0x130 [ 770.325543] mem_cgroup_out_of_memory+0x1d2/0x240 [ 770.330451] ? memcg_event_wake+0x230/0x230 [ 770.334782] ? do_raw_spin_unlock+0x57/0x270 [ 770.339214] ? _raw_spin_unlock+0x2d/0x50 [ 770.343371] try_charge+0xef7/0x1480 [ 770.347090] ? find_held_lock+0x35/0x130 [ 770.351170] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 770.354927] overlayfs: conflicting lowerdir path [ 770.356024] ? kasan_check_read+0x11/0x20 [ 770.356047] ? get_mem_cgroup_from_mm+0x156/0x320 [ 770.356068] mem_cgroup_try_charge+0x259/0x6b0 [ 770.374371] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 770.379312] __handle_mm_fault+0x1e50/0x3f80 [ 770.383728] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 770.388600] ? count_memcg_event_mm+0x2b1/0x4d0 [ 770.393275] handle_mm_fault+0x1b5/0x690 [ 770.397440] __do_page_fault+0x62a/0xe90 [ 770.401520] ? vmalloc_fault+0x740/0x740 [ 770.405588] ? trace_hardirqs_off_caller+0x65/0x220 [ 770.410611] ? trace_hardirqs_on_caller+0x6a/0x220 [ 770.415551] ? page_fault+0x8/0x30 [ 770.419103] do_page_fault+0x71/0x57d [ 770.422914] ? page_fault+0x8/0x30 [ 770.426468] page_fault+0x1e/0x30 04:51:34 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 770.429931] RIP: 0033:0x41134f [ 770.433128] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 770.452039] RSP: 002b:00007ffc40f2eb90 EFLAGS: 00010206 [ 770.457955] RAX: 00007f5e2cafb000 RBX: 0000000000020000 RCX: 0000000000459a5a [ 770.465221] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 770.472483] RBP: 00007ffc40f2ec70 R08: ffffffffffffffff R09: 0000000000000000 04:51:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca5155e0bcfe47bf070") syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="91942ebd453d3440d7017f29b2eba38574bf59944d54aeef109b0afc01fceb3eeea4c198ee35be0298e7563d2cfe4059c66d683151655b9b164c4831bddf13685250413cffe8876b26acea196d57aff4a4bd6b09868d2a546fb1ab6b7a2b1a26731e26a50105e65775d6a6de8442f40c3626e8c167d0df1396c86821143d7ed53843961ce58e5ba87bd1b812dafa7d0fff091ac5c6cca558a4509f7c5fc71947bf78b79700f2d0f3429f6b97405e78c9b93ceb1acb94414595dd6da3093710cbe8024f39d08bb6ef9fa9b9885a667feb3277cc583406ec781ba03e9981d2e5761ac605d6b33e2fc4cc87aae96cc18377950580dfd35a44aa2d489b8becd36981dc96ee90b99a05a6689610498723bbca0d1f40ec89c6e11155be692115eba6882f6cb15ac30fe9552d226bab2310852e2fdac52fc0a63adf033b8943459d936aae60c156d2ddcb32080f69624546e8935ea2b4dac2ecdaa5edd79ed8e1abb6d82cf1937198ba220d5516fbd6674229f67663"], 0x4) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000180)='./bus\x00', 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) [ 770.472490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc40f2ed60 [ 770.472497] R13: 00007f5e2cb1b700 R14: 0000000000000000 R15: 000000000075bf2c [ 770.506095] overlayfs: workdir and upperdir must reside under the same mount [ 770.528150] Task in /syz0 killed as a result of limit of /syz0 04:51:34 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='\x00\x00\x00\x00H') r2 = openat$cgroup_ro(r1, &(0x7f0000001fc0)='mem\x00\x01y7swaS.cur\x89\xc9B\xab\xe3\xfarent\x00\x1aw\xb7\xc3B\xef\xf0\xd5\xf34|\x98.\x857Y\xab[d\xfa\x83\xdf\xc6\xf3\xb5\xab\xbb\x98y\xe7\xff\x87o\xb2\xfe\xd0\x9d\x9a\x89\xfe\xc4\x1d\x92|z\xbc\nl%\x97,#\xab3aEW\x18A3@\x94\x05%Y\x1d\x90\xf3\xc8\x89\x9a.\x7fm5\xaa\b\xceo\t\xcc\x98\xb7\x18\x90\x1cM\x91\x0fzb\x85\xb5$\x86\xe4\xd9\x1bJ\x1f\xf0>\x18\xed\xb0\r.8\xaa\x92\xc7cw\xd6\xaf\xbe\x1d\x04$\xecAb\b\xcf\xd40\xe8qg\xc5\x18\xd1\x8f\xe6D\xa8\x00\xf6H|y\xa1\x0f\xde\xe3\xbb\'\xb1\x02\x00\xc8p\xbfQh\"\n=\x90\xf9vUo9\x85\xb3\xa9\xec\xda\xc2\x99\xbe8\x9f[*\x80\xb7%\x9d33\xb9\xc3\xf0\x11!\x11\xc3\xa5$<\xcf\x00\x00\x00\x00\x1aO\xb4\xf0_\xbd>\xf3\x1b\xbb[\x058\x01\xf4\xca\xf4(\xab8\x87R\xc8\xe0l\xce\x930\xec\xf5\x8f\xb0%I\xb7\x7f[\\i\xfb\x96d\xa1aA\x97j\xc3\xef\xb65\xc0e\xb2%\x1f\xba\xa9\x0e$\x16\xbcw\xff&DRYp\xb8\xdb\x00\x00\x00\x00\x00\x00\x00\x18i\xffHw\xea\x9d\x86\x0e\bl5\x945\xab\xd3\xef\x11\xbd\"\xbcs\x8b\xf2.:\x8c\xe2\xb2\a\xac\x8b\x19\x80\x8b\xa3&\x19\x16\x80\xa1\x88\xbe\xc3\x00\xf3\xb7V]\x89e\xf2D\xf6T\xc0\xb8/\xa5\x11\x15\x8cqV/\x94 J\xc8x\xb6#a\xa5[\xbe\x0f\xe1\xf1=\xdd\xfb\xcb\xb0\xe5\xfd\x10wxF\x93\x03cK\r\xb6%\xa6\x0e\xfa\xcd\x18\xe0\x1e\xae\xc5\xa2\xe1*)\xb7]\x99\x83\xe8\xc3\xc1\xb9\x1d0\x9c\x98\xadRm', 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) preadv(r2, &(0x7f00000024c0)=[{0x0}, {&(0x7f0000000340)=""/4096, 0x7ffff000}], 0x1000000000000220, 0x800000) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000015) [ 770.587065] memory: usage 307200kB, limit 307200kB, failcnt 4343 [ 770.594684] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 770.606338] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 770.613709] Memory cgroup stats for /syz0: cache:0KB rss:229256KB rss_huge:192512KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:229360KB inactive_file:0KB active_file:4KB unevictable:0KB 04:51:35 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 770.672701] Memory cgroup out of memory: Kill process 14456 (syz-executor.0) score 1113 or sacrifice child [ 770.727859] Killed process 14456 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:35 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f50000005f3f000000000000000000"], 0x38) [ 770.788648] SELinux: ebitmap: truncated map [ 770.793837] SELinux: failed to load policy 04:51:35 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 770.909548] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 770.960636] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 770.980398] CPU: 1 PID: 20317 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 770.987465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.996825] Call Trace: [ 770.999429] dump_stack+0x172/0x1f0 [ 771.003074] dump_header+0x15e/0xa55 [ 771.006802] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 771.011919] ? ___ratelimit+0x60/0x595 [ 771.015813] ? do_raw_spin_unlock+0x57/0x270 [ 771.020263] oom_kill_process.cold+0x10/0x6ef [ 771.024770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 771.030328] ? task_will_free_mem+0x139/0x6e0 [ 771.034850] out_of_memory+0x936/0x12d0 [ 771.038837] ? lock_downgrade+0x810/0x810 [ 771.043006] ? oom_killer_disable+0x280/0x280 [ 771.047516] ? find_held_lock+0x35/0x130 [ 771.051607] mem_cgroup_out_of_memory+0x1d2/0x240 [ 771.056459] ? memcg_event_wake+0x230/0x230 [ 771.060799] ? do_raw_spin_unlock+0x57/0x270 [ 771.065222] ? _raw_spin_unlock+0x2d/0x50 [ 771.069386] try_charge+0xef7/0x1480 [ 771.073110] ? find_held_lock+0x35/0x130 [ 771.077188] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 771.082047] ? kasan_check_read+0x11/0x20 [ 771.086219] ? get_mem_cgroup_from_mm+0x156/0x320 [ 771.091075] mem_cgroup_try_charge+0x259/0x6b0 [ 771.095674] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 771.100966] wp_page_copy+0x430/0x16a0 [ 771.104871] ? pmd_pfn+0x1d0/0x1d0 [ 771.108943] ? kasan_check_read+0x11/0x20 [ 771.113098] ? do_raw_spin_unlock+0x57/0x270 [ 771.117520] do_wp_page+0x57d/0x10b0 [ 771.121246] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 771.125925] ? kasan_check_write+0x14/0x20 [ 771.130257] ? do_raw_spin_lock+0xc8/0x240 [ 771.134513] __handle_mm_fault+0x2305/0x3f80 [ 771.138939] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 771.143812] ? count_memcg_event_mm+0x2b1/0x4d0 [ 771.148493] handle_mm_fault+0x1b5/0x690 [ 771.152567] __do_page_fault+0x62a/0xe90 [ 771.156671] ? vmalloc_fault+0x740/0x740 [ 771.160755] ? trace_hardirqs_off_caller+0x65/0x220 [ 771.165778] ? trace_hardirqs_on_caller+0x6a/0x220 [ 771.170716] ? page_fault+0x8/0x30 [ 771.174274] do_page_fault+0x71/0x57d [ 771.178080] ? page_fault+0x8/0x30 [ 771.181654] page_fault+0x1e/0x30 [ 771.185110] RIP: 0033:0x430ae6 [ 771.188310] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 7c 44 64 00 85 c0 0f 84 [ 771.207228] RSP: 002b:00007ffc40f2ea70 EFLAGS: 00010206 [ 771.212598] RAX: 00000000000205b1 RBX: 0000000000715640 RCX: 0000000000000121 [ 771.219872] RDX: 0000555556e19930 RSI: 0000555556e19a50 RDI: 0000000000000000 [ 771.227243] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 771.234521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 771.241799] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 04:51:35 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 771.257237] Task in /syz0 killed as a result of limit of /syz0 [ 771.270517] memory: usage 307200kB, limit 307200kB, failcnt 4362 [ 771.294390] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 04:51:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x5) ioctl$KDADDIO(r1, 0x8925, 0x70e000) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mISDNtimer\x00', 0xc0100, 0x0) [ 771.317220] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 771.344268] Memory cgroup stats for /syz0: cache:0KB rss:229296KB rss_huge:192512KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:229364KB inactive_file:8KB active_file:0KB unevictable:0KB [ 771.419656] mkiss: ax0: crc mode is auto. [ 771.432182] Memory cgroup out of memory: Kill process 14555 (syz-executor.0) score 1113 or sacrifice child 04:51:35 executing program 4: memfd_create(&(0x7f00000000c0)=']\xa3\xcb\xca!\xf7}\x17(\xbd9/\xb9\xc9\a\xe9\xae\x13\x99\x06\xf7\xf7R\xbc\x8c\xc4R\xe8L\x94i\x03 \x91\xee\xd0\x91a9I0;\xb7\x04\xaf\x7fv\x9b\x1a8', 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x820, 0x0) r0 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r0, 0x0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$LOOP_CHANGE_FD(r6, 0x4c00, r4) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000300)={0x0, 0x200000000000000, 0x0, 0x0, 0x403, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d44c3edc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576ecc84"}) [ 771.462925] Killed process 14555 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 771.481654] oom_reaper: reaped process 14555 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 771.524631] mkiss: ax0: crc mode is auto. [ 771.538823] SELinux: ebitmap: truncated map 04:51:36 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 771.623183] SELinux: failed to load policy 04:51:37 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x101000, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000200)={0xfffffffffffffffd}, 0x1) 04:51:37 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2ce7726f08705f69643d", @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002540), 0x1000) open$dir(&(0x7f0000000180)='./file0/file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, 0x1}, 0x50) read$FUSE(r0, &(0x7f0000000480), 0x93f) syz_mount_image$gfs2(0x0, &(0x7f0000000100)='./file0/file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 04:51:37 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f60000005f3f000000000000000000"], 0x38) 04:51:37 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="00007a01000100000000005292d86bd1", 0x10) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc020660b, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x5, 0x1) ioctl$TIOCPKT(r1, 0x5420, &(0x7f00000000c0)=0x2) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000140)) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r1, 0x4008af23, &(0x7f0000000100)={0x1, 0xffffffffffffffdb}) write$binfmt_elf32(r2, &(0x7f0000000600)=ANY=[], 0xffeb) io_setup(0xff, &(0x7f0000000380)=0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000600)) r5 = syz_open_pts(r4, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") setsockopt$RDS_FREE_MR(r6, 0x114, 0x3, &(0x7f0000000000)={{0x3fd9, 0x32}, 0x6}, 0x10) ioctl$TCSETSF(r5, 0x5412, &(0x7f0000000040)={0x3}) io_submit(r3, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x5000000, 0x0, 0x700000000000000, 0x0, 0x0, r2, &(0x7f0000000340), 0xfdef}]) 04:51:37 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:37 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup(r0) sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000000)={0x0, 0x240, &(0x7f00000002c0)={0x0, 0x14d}}, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0xfffffffffffffffe, 0x0) r4 = openat$md(0xffffffffffffff9c, &(0x7f0000000140)='/dev/md0\x00', 0x400000, 0x0) r5 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r5, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r5, 0x0) r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x301100, 0x0) r7 = dup2(r6, r4) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$TCSETAF(r7, 0x5408, &(0x7f0000000040)={0x100, 0x7fffffff, 0x80000000, 0xfff, 0x10, 0x6, 0x8, 0x9, 0x40, 0x1cd10050}) [ 773.267184] net_ratelimit: 12 callbacks suppressed [ 773.267192] protocol 88fb is buggy, dev hsr_slave_0 [ 773.277292] protocol 88fb is buggy, dev hsr_slave_1 [ 773.282453] protocol 88fb is buggy, dev hsr_slave_0 [ 773.287566] protocol 88fb is buggy, dev hsr_slave_1 04:51:37 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = getpid() r3 = getpid() tkill(r3, 0x1000000000015) r4 = getpid() r5 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$describe(0x6, r5, 0x0, 0x0) r6 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r5) keyctl$read(0xb, r6, &(0x7f00000000c0)=""/100, 0x64) tkill(r4, 0x1000000000015) tkill(r4, 0x1000000000015) setpgid(0xffffffffffffffff, r2) [ 773.320841] SELinux: ebitmap: truncated map [ 773.325440] SELinux: failed to load policy 04:51:37 executing program 1: r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400001, 0x0) ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000040)) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 04:51:37 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f70000005f3f000000000000000000"], 0x38) 04:51:37 executing program 5: syz_emit_ethernet(0x7a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd6076605100443a00d0aedcf0c873e0de977ea0fc95c21581ff0200000000000000000000000000010300907800000000772693ddb9b6ed1bd819b083600000000000000000000000000000000000000000000001fe8000000000000000050000000000bb2f00000000000000ab2000a3d22391f38c51109d9c6a3716d67ca6a33112310a907dff19"], 0x0) 04:51:37 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 773.554947] SELinux: ebitmap: truncated map 04:51:38 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f80000005f3f000000000000000000"], 0x38) [ 773.586716] SELinux: failed to load policy 04:51:38 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000200)='/dev/bus/usb/00#/00#\x00', 0x40000fffffa, 0x80002) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$DRM_IOCTL_MODESET_CTL(r2, 0x40086408, &(0x7f00000000c0)={0x100, 0xfffffffffffffffc}) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000040)=@sack_info={0x0, 0x58, 0x9}, &(0x7f0000000080)=0xc) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x70e000, 0x1000020000006, 0x7ff0bdbe}) [ 773.685792] SELinux: ebitmap: truncated map 04:51:38 executing program 4: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000200)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000009000000030000008c020000000000000001"], 0x1) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab31, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) set_robust_list(&(0x7f00000002c0)={&(0x7f00000001c0)={&(0x7f0000000040)}, 0x2, &(0x7f0000000280)={&(0x7f0000000240)}}, 0x18) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000140)) [ 773.709692] vhci_hcd: default hub control req: 0e10 v0e41 i0008 l0 [ 773.725979] SELinux: failed to load policy [ 773.729965] vhci_hcd: default hub control req: 0e10 v0e41 i0008 l0 [ 773.747174] protocol 88fb is buggy, dev hsr_slave_0 [ 773.749559] protocol 88fb is buggy, dev hsr_slave_0 04:51:38 executing program 1: write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0xfffffffffffffffe, 0x3, {0x95}}, 0x18) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket(0x1, 0x3, 0xffffffff7fffffff) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x10b040) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @dev, @empty}, &(0x7f0000000140)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@dev}}, &(0x7f0000000280)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@rand_addr=0x1, @in6=@remote, 0x40, 0x1000, 0x4e23, 0x20, 0x2, 0xa0, 0xa0, 0x33, r4, r5}, {0x0, 0x100000001, 0x4, 0x3, 0x4, 0x6, 0x5, 0x7}, {0x991b, 0x8, 0x1}, 0xffff, 0x6e6bbd, 0x0, 0x0, 0x4, 0x1}, {{@in6=@ipv4={[], [], @local}, 0x4d2, 0x6c}, 0xa, @in=@empty, 0x3507, 0x1, 0x3, 0x3f, 0x3, 0x2, 0x101}}, 0xe8) r6 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet6(r6, &(0x7f0000000100)={0xa, 0x3, 0x0, @mcast2, 0x200000005}, 0x1c) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc) 04:51:38 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500f90000005f3f000000000000000000"], 0x38) [ 773.752318] protocol 88fb is buggy, dev hsr_slave_1 [ 773.757337] protocol 88fb is buggy, dev hsr_slave_1 04:51:38 executing program 5: r0 = gettid() ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) r1 = syz_open_dev$dmmidi(0x0, 0x5, 0x0) ioctl$KVM_GET_XCRS(r1, 0x8188aea6, &(0x7f0000000a00)={0xa, 0x3, [{0x7}, {0x3, 0x0, 0x2}, {0xfffffffffffff292, 0x0, 0x3}, {0x80000000, 0x0, 0x9}, {0x1, 0x0, 0x7}, {0x6, 0x0, 0x1f}, {0xd8, 0x0, 0x101}, {0x3, 0x0, 0x3}, {0x3f}, {0x1ff}]}) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x10003) write$binfmt_script(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="01e23ddf45f1f8eddb8ee3440fa2f84c99f10cc6297fa1b9b3853c784512634c060cfb6b72c3c922835d2b5fe1600c22b487813885e8f91b96b20dfeb2afe849ea9853c8d9e91b9c2643c120b9b0a292476e34309c522fce639eccfc2945538a58098348819f04cec733094dab9e723c64f124e7a00585742f2b3252f7110a9b8b84eae4843c25d3b92df6b39c1388b0ca93a9c3b9a612f7e8e6733b2552b1058bd30472de804602c6970a93e3cd250d2cba123550da0b0617a9c7e33db79d9b3742d3ff17b7879e96603c5cc5a7f9dbae3f6c24680e81480becd584575c776f222e9156223f0d5afd4ce9d5b613322620925752b947929f81160d14b1708a43e8c9fb19f19629b4cd0e7844a986728c7cea14dadc349d1d0e673f734fa618ecbd27492b3c2451f1d0e064957a5364feeea40d7701768c0120ba96046102a8422cdf325de49d2c5bb546c89a5d1fcebfba716bbf2f657c4511ee33323df40dbc9c8de8c16571afdc29c0280d5115e712a3391abea3ce49e4b4419268fe7ef7e0"], 0xcc) stat(0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000880)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x104, 0x8}, 0xffffffffffffffff, 0x0, 0x0, 0x200, 0x80, 0x0, r0}) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x5, &(0x7f0000000000)={0x0, 0x32, 0x4, @tid=r0}, &(0x7f0000000140)) close(r2) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f00000002c0)={0x5, 0x8, [{0x5, 0x0, 0x1f}, {0x9, 0x0, 0x101}, {0x9, 0x0, 0x7}, {0x1d, 0x0, 0xfffffffffffffffd}, {0x1000, 0x0, 0x3}]}) fstat(r1, &(0x7f0000000b00)) kcmp(r0, r0, 0x0, r1, r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000006c0)={{{@in=@multicast1, @in6=@local}}, {{@in=@loopback}, 0x0, @in6=@dev}}, &(0x7f0000000440)=0xe8) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000200)={0x9, 0x3, 0x2000}, 0x4) ioctl$VFIO_GET_API_VERSION(r1, 0x3b64) getresuid(&(0x7f0000000500), &(0x7f00000007c0), &(0x7f0000000800)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_submit(0x0, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}]) ioctl$TIOCGRS485(0xffffffffffffffff, 0x542e, &(0x7f00000001c0)) ptrace$setopts(0x4206, r0, 0x0, 0x0) 04:51:38 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 773.974234] SELinux: ebitmap: truncated map [ 774.027527] SELinux: failed to load policy [ 774.082082] cgroup: fork rejected by pids controller in /syz5 [ 775.347185] protocol 88fb is buggy, dev hsr_slave_0 [ 775.352332] protocol 88fb is buggy, dev hsr_slave_1 04:51:40 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) remap_file_pages(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x7, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0xcd, 0x8040) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000080)) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:51:40 executing program 1: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000080)='threaded\x00', 0x91f4a6) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000000c0)={0x0, 0xc4, "f30f5034ed78ab670532153cbd74c2a1214f3ca6c33141059681fd62c18a4cc5c913799c1e4a57907cdd53ac59c7a6525bbd4c68ae9cbf27690e9766883e0a9276f9f9f4cd9c2da340c85d52d885f9925cb75b788bad35fb46093fea591d8284acf2e92c018d36de5db928b616f730a2c159f4d8ea0c6c4cf8c06ebbd413f54c6bff17753bba0b5d6cba52541cffefd7514006fbb8b619addd84d3c9ad733f004715ab67894be00ca373014cd286ef15c6745373e3d4e0d58c96b2a0ede07f8f8636c86f"}, &(0x7f0000000000)=0xcc) setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000040)={r3, 0x1, 0x80000001, 0x6}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) 04:51:40 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500fa0000005f3f000000000000000000"], 0x38) 04:51:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x220}, 0x0, 0x4, 0xffffffffffffffff, 0x0) prctl$PR_SET_FPEMU(0xa, 0x0) syz_open_dev$cec(0x0, 0x3, 0x2) creat(&(0x7f0000000080)='./file0\x00', 0xd0) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) acct(&(0x7f0000000180)='./file0\x00') 04:51:40 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 776.422259] SELinux: ebitmap: truncated map [ 776.440943] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 776.470336] SELinux: failed to load policy [ 776.472619] Process accounting resumed [ 776.477397] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 776.489401] CPU: 0 PID: 20554 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 776.496347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.505699] Call Trace: [ 776.508298] dump_stack+0x172/0x1f0 [ 776.511936] dump_header+0x15e/0xa55 [ 776.515657] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 776.520775] ? ___ratelimit+0x60/0x595 [ 776.524668] ? do_raw_spin_unlock+0x57/0x270 [ 776.529089] oom_kill_process.cold+0x10/0x6ef [ 776.533596] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 776.539270] ? task_will_free_mem+0x139/0x6e0 [ 776.543769] ? find_held_lock+0x35/0x130 [ 776.547842] out_of_memory+0x936/0x12d0 [ 776.551823] ? lock_downgrade+0x810/0x810 [ 776.555982] ? oom_killer_disable+0x280/0x280 [ 776.560507] ? find_held_lock+0x35/0x130 [ 776.564586] mem_cgroup_out_of_memory+0x1d2/0x240 [ 776.569436] ? memcg_event_wake+0x230/0x230 [ 776.573766] ? do_raw_spin_unlock+0x57/0x270 [ 776.578188] ? _raw_spin_unlock+0x2d/0x50 [ 776.582340] try_charge+0xef7/0x1480 [ 776.586055] ? find_held_lock+0x35/0x130 [ 776.590126] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 776.594971] ? get_mem_cgroup_from_mm+0x139/0x320 [ 776.599817] ? find_held_lock+0x35/0x130 [ 776.603890] ? get_mem_cgroup_from_mm+0x139/0x320 [ 776.608755] memcg_kmem_charge_memcg+0x7c/0x130 [ 776.613604] ? memcg_kmem_put_cache+0xb0/0xb0 [ 776.618121] ? get_mem_cgroup_from_mm+0x156/0x320 [ 776.622977] memcg_kmem_charge+0x136/0x370 [ 776.627234] __alloc_pages_nodemask+0x3c3/0x750 [ 776.631923] ? __alloc_pages_slowpath+0x2870/0x2870 [ 776.636954] ? lockdep_hardirqs_on+0x415/0x5d0 [ 776.641550] ? trace_hardirqs_on+0x67/0x220 [ 776.645879] ? kasan_check_read+0x11/0x20 [ 776.650041] copy_process.part.0+0x3e0/0x7a30 [ 776.654548] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 776.659661] ? delayacct_end+0x5c/0x100 [ 776.663649] ? __delayacct_freepages_end+0xe0/0x140 [ 776.668678] ? __lock_acquire+0x6ee/0x49c0 [ 776.673020] ? __cleanup_sighand+0x70/0x70 [ 776.677268] ? mark_held_locks+0x100/0x100 [ 776.681536] _do_fork+0x257/0xfd0 [ 776.685087] ? fork_idle+0x1d0/0x1d0 [ 776.688816] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 776.694720] ? kasan_check_read+0x11/0x20 [ 776.698881] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 776.703646] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 776.708413] ? do_syscall_64+0x26/0x620 [ 776.712396] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 776.717772] ? do_syscall_64+0x26/0x620 [ 776.721766] __x64_sys_clone+0xbf/0x150 [ 776.725756] do_syscall_64+0xfd/0x620 [ 776.729576] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 776.734775] RIP: 0033:0x45c3d9 [ 776.737995] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 776.756909] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 776.764718] RAX: ffffffffffffffda RBX: 00007f5e2cafa700 RCX: 000000000045c3d9 04:51:41 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:41 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) capset(&(0x7f0000000040)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000080)={0x7ff, 0x10001, 0x100000001, 0x1000, 0x7, 0x4}) 04:51:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @broadcast}}, 0x0, 0x9, 0x0, "22f9d3da9cd872b99a270880185376962811580c5314b40800736d41e5eca0ef68dcee678b3edd08aa945357cdf84fc617d205e358e69cff8bd655f059b6bac0d17ff52096833f9c358bc0d7c9ece9c3"}, 0xd8) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='batadv0\x00', 0xc) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x4000000000013, &(0x7f0000000400), 0x4) syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0xffff, 0x40) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000240)=0x1, 0x4) ioctl$int_in(r1, 0x5421, &(0x7f0000000100)=0xffffffff7fffffff) sendto$unix(r1, &(0x7f0000000040), 0xffffffb8, 0x4004800, 0x0, 0x0) [ 776.771999] RDX: 00007f5e2cafa9d0 RSI: 00007f5e2caf9db0 RDI: 00000000003d0f00 [ 776.779296] RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa700 R09: 00007f5e2cafa700 [ 776.786577] R10: 00007f5e2cafa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 776.793866] R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 [ 776.845151] Task in /syz0 killed as a result of limit of /syz0 [ 776.864791] memory: usage 307148kB, limit 307200kB, failcnt 4403 [ 776.885722] capability: warning: `syz-executor.3' uses deprecated v2 capabilities in a way that may be insecure [ 776.907045] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 776.914587] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 04:51:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="05000000063055a10984c8dc11bd4dca0000000000"], 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'i\x8az\x00\x00\b\x00'}) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f00000016c0)={0xffffffffffffffff, 0x0, 0x8000, 0x81, 0x9}) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000200)={0x0, 0x1000, "d8e2392fd7253683ba122b01990d5cc1dcb47e9310b853f0331f1bd14bec5c63b70f4b9557f49ae10d54ab6fc55648a3129a89586b9afbc77765fe5bbe4bb69bb12afc85c2cac4b4a76860adeeeffa350790d1f58485e1f50e3f52db42bd2a0e2a03ad387892fc13cdd957bec1c6cd9ef14c1d28989b2b93031d0e64050a2fc53bc0fc64efd244e3b0493ada261c6fc29174240fb9fcdabc701efd82453a594b27a950a2ee54120f8020d9ebd1c1256e23a79f64441e9cfe18bed0559ffaf26b0584563a4d63cd0121de978d0222797ff903bd212f8a6c2b634744c8f1c3e6c527357bce77f6328e79545decbe95b6c03d364fd1d3e4c13accf5e5eccb35f1a65b56dfbd936c5f96004da1c4d5ff970f3d3ba3c47c9def4afd563076582a8a3a15890e45396213103d9cceb79072556afb1e97899fea6b94db0122489c6896100165730f52fef6b223eff0ac91b992bfda9c841a084677b69ed469eee3cc4cb45ebea7c92626473be9e7295f488eb6ea7ce6d8c12ec4fefb2b421511ca1e3387f146681c1870ed6b99ffd5c57db2e8b398056d70a3ef1a5a8e18d285ba33c0e3c3de47aaffcec24e10e402d2621bc6effdc79731217ddb48d7f0b8c1d1df50a845985aaef3db505505e9c0269a67c5dc0d9578d46d7ca674335bac8cbaed02830334af402f57f5c06db18020747180cab4a70e68dfbf15fb4d89516833928e8249fd0dd29e35f5607b8e1dc1b6d05c83157d1ff037f7aa8b7d5e3bef65de845feb4ef9f18ed7a752f9d584906e6d511661d4fe7b4967046070b436f87d37bfa5e5672bb757ca662b8c4f22ef3410aeb0334a363e4d99c39d8fb684eaad1ffa6ba214cb5b403eca31c8cad502fc3f8e2969dc51b78179177a5a05b9744ba4f26ef9c77b2fb6c8a60b50d7b1da6712c245217a9ed4b7133765d1985b9311344e9ade958b303b67a4c1c2efc5c075b568c87394d4cb30e1c4d18e63c044908c29f1f3ab0010c41e91a8222eaf79889e7d42f562c1f3491f6e5472134dc631c92c009c0af967a7b26057bd6e36d2a829b094f82843693c0a1466df6b34c55acdbda8740549fcbcf1ce951b277422295801b12ae86252f03a340e1e4ce4bcbba93b61076cb76d5305f9cb6915ec3e12df5e7d62a970297bfa020b993e9e76545432784cdca275717bf67db4cea1f48e33f7fcdc3539ff9c19043320713bee2426b709071207caaaad2fc4ea307a5aea442f37a645d848f82f89c888f8402e2d867aa3b277218b19948a551728bd49e7a10fed8c91501a19215d820d72204e43fe23c4ab958af0d3adc65b54c244ec4da3f4293662b09376b21e43952bdda88dc16ac7861a5efaf2771cadb8b7c309d24677a5d7cb6d2ed5c21abdeb383f7998bb266e885e7fd963378b075448d9cb79197dc5050a7a9d57c10dee708ff3f105690d73733fd34337ff58254ae13d96e021bdbb6f0b376b7a973aa586d4e946017a01474a8496552e419039f7df737e23818548f77f4025e9fa792c2715a1a72b146362b112e99f8071bb70bd195e13e8d51fe71f5a458234877744060536d4871cb640faea08d835927980c23e33f2be81a9cc8726033fc15538ad232520e0386ea41b86a037661fa081839d0c89af9b7e9ddc77b0f36bf31df5fb0a4d213b81a647f555b749a8e4804ce9d12f62555ff1af560ee1d3d78a974a5611d9adf20c470e963d02bef0d241e4e60d6b2edae81bebd3a3d7d1df740af276b2712c0eaec4b4716c52fa23f77bce6a959d13a78c5a0148e9273336ed9b9c5c9fafdceaffc7b35c5b903ab504fb82cfde354f68a76e318008470b0324fcd0e6880b25ce230913b0666f1bfb890b405dd4354e71e57fbcf6aa0b78e0759c96034d45a5a44850822253f1e7e7d84951369a5ee849d0dba85c8af57b26a994d79adcf1dfb9e0a57d94ec69570273031c936b7b28602c88cde1295c3df91369a098cca6fbee9bfae3b1393e935645bb21a2c2106432bf97ec07c4f6c9b26122ab1ac13c83dd04cef7e9b91a2664e6ea9aa9c9ab42af6e78a3232a8fb7e5c1e8b36d5b0d1e877b16fbb66916ac7e84b95b35878b3397373b7fb5dc164ab71f5b096ddf4e995c6063be9d4ac563eb74ff5f0a9f70bb13afbdb24103bd6d144454fddcddb5eb56a5af1facdd741807e4b4f6f11fe49b298ef3f0eabe0b24b168223f18fbbcdedc2a1135b79a6642fd7b40a9899e4c14f8159bafeb7bd49ef0bea3c92b9513afe62d0cee455429e5db1700a4ea4b26111ebec616872ccd8e3ea8e538c2c68e50edb2dd4f1b9b5d38b32502b9227c1a87bfdb9e60ec9f23d4d19aaea9a36754c12adb2ecf1866c0b26b3ba3a3987840251f702143db3179647d51bee748b863b78f4722f99e1aae964a241c936834204f6bb223b51744fe9c5beb5d2ea1af007fc9cb25b99e0e3367ec773a6876ac8effdc0825e382dd6c556ed3bd667e5aa86c6c05db570556137d6a57a0dfa67a69fd34dbfe3f364e3d30560869fa6957c1ab3dbaf6b207f94c655195913ecf0c3f0a4b4854062d8eb14ca29e2f0a07caccd6a8719d8a2dec7dfbf6f24c094c832a96c7f815e4d98f6c46b7086eb75cfbca5ac2bcc90c1b3e76f7956c8d0e5ec8a9bb3b412f54d86c8860d276b35c4499281011e6712272186782933a2bb517f715f7f75ce35e5863a7615daff6e9422da1e8abc9ee4ec75cbb1f5eddda0b7dd9b5c6a7a998247a23dea12708d1a7f0dd1de46e70f24396cc18603cc7a3f582a7a0ad886bf07e849395d440defbb76f5913d9301130b8a1809c00105e08f09a1cd761ac529906e3fb4c2c7a5517d3351da77d9ad6ecd61cc071c39b29f45f298ebfdb2b03f2e31bfc20c6de8d03bba0e3fd460103d2e8f85175a21741a312c41499701ab65d1adc97b031273a49ff9adc2ac78662430b70433b2fd05bf9649293fe630de4f152664437351b52fbbae99a1d86f72ab6b32f9ff257bab6677857ccb7de0a7f6f0a0fd9ab8b3bea6a69eb13b4ff61eb60dc324c848f45876ca47c2835519e05d65be17d3d18eab67943b0d4d6f22209929bf9bea5a5dc9d5980888e419afd4678dac99bfaacdd02a606a191889cf4b397dd79a308b9b828adbbf316ef3ca234867a70635b5609210065bc11f78e6066bb0b1ae2cc49f943981d338ae1d3b4ce711d58c5556d9abe07ac58efde013cda22b16ca4adb8671ef8af4b7542c7edbb19c7079624ee155a113d178d454f224efd90fdca926aeafb206bf0c03269f925b8ea2df6edd08e747045c2c494633c3f6ffb2910fe9ca961a3bfab29db06d0ab46c5e8dc99a9038dc278bf3aff6a69e93bf7a979c1a18dbc31a23452985161f669ed026dd0496023b0d1cf1877f498003177035b3ffc20cd2839752b1e0047b6f28e6be398262d7491746f48ffddc33b8f04485e79330b37c0c6c7db6b9eea38ee6b2a65045cad4a55b67b53e90356c7539418409290196a1004ce4a4cc4de24086f4a0104db306c85f1551b2600221456f893d7e6ee9034d6185dd209efea44c4136fc24329f9f02cdb4ad5728c9ca31c397913e4b44b75ca84850db685abd4ff9cd54a45d5c038c5e98d695ab037e0ffb0941ff661b6b85093e4b73aceba12cd8224929ed348e6b290c5039a627a2add5a6bc9f7fe2e97650a629a2641b6d64653f7753c79f2c135d8dc52a676ddbc82628659a034d2f7ecec067e152b6e5bcc57f3c9409f2e9078d2853199995534de623e7710e78b043675e6698991aaf61b0e0eb48d663769ccc2169ff2a4628bc162d2a612698226d824086dab0cc2b58ef5487f94948506f1a961e46162c8a1eb1e0a1dbdbf1315c2ad823331f383c6d2626dc4cbce7a84d4fc17834aadb03f003abccf904a629d11011a8b6dc505f9703776d0f0d1a50a7887ec34c42bf97cdfbdd215671fc75270b5698c6f70d3147de6d474c0c2b6f17b6c150daaaa3942b27840de04fefd6df4b8ff7ca5fde5be5a6f13ef760082b71e0ca5dc459b34761ee864f0dc9716e103e61aa6d64e30ec47351fc13692bd3543bdfa409c621bd887b3f7a42da397eb71804e1f1a9432f78389f9ab48b58fe43503794ccd387a6becc92186332a9a4ffb6892b89b93bf0d1e0b582c479f5cfb49f8397bcdc5d11af2441e0c5137c8da2977ebf2a5c250a851aa3f6b5016f7459e975e07d715f5fdac376f09212151b6a825fcf936c358328fee8bdb661de2c3e692c5fa27caf4b43dd6beadc1ec9ca2bd492736839263a2cd6b1d54f5bebef41180491969300195fdb896f003fb0865d0406257d2af63e7e80922d771146a1d08eb08538fc63726a896266704da2dc7f64ab762d288ce41b2fc7a45b9346a825f4ad3267dc8113bb7ed47fade073559cf7bdeaecc30dff98a8daaa71ad58743bc4ebb8d3373f24d26c0490475820787bac9cbb0c647371a755cfe3d7aeedc5dd4feeaa9d0517432a718a9f00cff6edf771abbb31a884a47ee105cbf597c114ddfc16c2d1a15bd9c6789d4502b7637c106ab9360bc839b176ee9ba5a8543f8fdb206ca9268837ed20bd704e0a0230ee431a51674334671c2549f01b0a950b1c9882e5796938bf73794ce659cc2f1221838cdfb4e8cd2c10fc24b8a4c13f8556865d4e819dae61e25059f1230bd78e4971819edf5262be5908b46382a858802fa0f3124c4ba9a504f05f327e096852a2cca8b1e3946128c0a89165af2367e5e01c30ecd010f82c8cf7c6ecc0a8f1cd17b8379d540ec82c281722dbd37cb8411ade1bcafa3d9c5adbeb65ca212c7e227f8f826db2bfd06877033fa3409c72c7382f3d0d7765b008aea93b53a023b775cd115d47b90a6b50fcea1ba071ff08fb78ceb1df7014f4ffe6830520138576f5d1534f967437b4a0205d2874a0be2e8ab7a7f00ec2fc2d75c23cb668ee8fe1d2f697e0125e4279b7a025b04834d952f0743e8aaf2e3acadb15d8c762534db449fad311be6f22952991542edfaad3b1fed6b117248c8145decb454e158db83dbd27ee051c68edb2a8e6fcf450b6246b4bd832f7721c50a1c2892c7fb50594bd63eaa200b2a5b8713cde03d91ce8dfd784810be908546043ac7c9e047c31bded2211c4bea4451947325953b9ac2c1c84e11e3fbcd933f71ed18c03a081ec033d4e9e1ed441381523dac95c8d9341427310030e300796bf1352d30065a6238e4f5f369cdaa32a9ff29413ce70dfbf437a6fabb1be9faf858b7f1c7bbe9b4e62625e98608c9ccc3322e4889f6dbfa1b0edfb31a63ef869bb66e9728c51b8cc08de96f66444ab0b277faf2d180c9a308d7db7a046768aaf6369bcd211a05f4904c030e7f5ea35e0c6bf6f5a06de8357fb0ec927f6e9e480108e7ef019f173e252373e0f317a4d2054caf755a9d0f3cde1f7bd98584abe42f115afd9a47d425ac855599ef2945eb540b7bde7d31c9abf9a9fc9fc7d977a1bee77e4a62aea32d917f1f9181debade1218c54a8a156b93d714343b87f033031f37b2992b354dca803aade52afce9c2b96a577da3067232a34835cef8121208cd1ca38db289f0b9ca99515ecabc023ac07e7d3fb647614c98b742f7b7779bac422cc7f9beaab3188b1108217e35f129e67b1a3963f57921806a37d3cb42b86da588dfedfee599edc2fe36d7ab403e1a84a13edecb23fa2554ec016c63361bc00bb301e48687bbcbdf8033ac90d8e3f850ac466a6fdc2224e51f0390fa9c55a5ad5b6a5f25f26e218def0e01c679d6e1c44b0aecc189ea23200ecfed60f403d395dca8d340c12cf8"}, &(0x7f0000001240)=0x1008) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) ioctl$KVM_GET_XSAVE(r5, 0x9000aea4, &(0x7f00000012c0)) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000001280)={r3, 0x100000001, 0xfff}, 0x8) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100)) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2) ioctl$CAPI_GET_SERIAL(r7, 0xc0044308, &(0x7f0000000080)=0x7fffffff) [ 776.928008] Memory cgroup stats for /syz0: cache:0KB rss:229560KB rss_huge:192512KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:229660KB inactive_file:0KB active_file:0KB unevictable:0KB 04:51:41 executing program 5: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x800000, 0x0) chdir(&(0x7f0000000380)='./file0\x00') r0 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$UHID_INPUT(r0, &(0x7f0000001cc0)={0x8, "5f5539ae7383df635d7eb9f00cde999ef4e1d4fbae589edcbcd64ae9781d89f20a7c347bd734db9d80a3e9ee0d0f04fe5305dacf9e656dc623d0d8abb05b81ebf7fa83533ebfe364612ee7d5571be6e3af5eccf0e26370ff66a26e95f4b7b1206b9d9a70fe612b356ec5074716b0e71eb9f60ac1c5e653c9a7de0de9a5f8c8047f77ece27201fc36e2ca04338864356e123b3b96be97afa5d6698e6f08a657f7ad07b42df05dfca83247581434b575e2d4419e52f1103e9e3ddc440a98f9caeace71f8affb3cfc62e4b428403787ff063d2923a50c0410f191c7923b77c51fea54cc7f2b8adcd2a5e1f53495c168736a160f28435b70f6e40df8523c2deaef8b70f13bc408d1d6eb05dbcae35f0c12cb00b8d589c0dda912acf9315852e1cbb85857f9421cd623fc5046448db22eec3c07358c4778c73a2495bf3452b18d8e904ed88ae250a99edb20b78fc923ccc841847a4f6d514320309afe2f0a075e50096c7a8cd4da2d88791d01a10cea10a97d32e8bb05a5e2bf52be5fffa3fb26953a0fadac598644cf0297d01d5c1ed9f2123ba789fa650b0d140a478903cc23a5b5c2a2a52f19bdd40039ac0291f648f1f991e272c52669f7843e73b3be22103fe0a88d5d405b9ecea5d602be0b5466d18d8a971b69a8e80e48621103a6bc6ee3a7b70b199005241779f22fa2cc159988eaf2d53c858ec06ab56acc232b587ffee3a5cb29f5641b2189fb1617d1a652e42511fe2e447a2636f18ceabc261126200193eb9f309f80aa204a93883bf6fb247ade866685f300295f8735e18d1d81365dbd2bddfa1779c59effed803bbe0a68302b1ab0f0d00892138ad24d52d653d92897bd28c2f031a77eae54ef3ce9a1fc44ea41763b2d780a454f68ea1a297302b4fa6664923a818040f5a74e0db3ff24e940e97d4abff40af2d36f7bceb8a0c5e90dbefbc8ba496f6e42f11ce11fb20655138f9387938abc3aa3a742f749a8695d972c537127519f654945bac96f0a2ef9d6b24f2226ae677684e3eb63041d6b5105777a8e6aa41ff11366448c0af1ddf5e3f2a1d828b4c9ede3809eab736c9035f2a7032ce38b699dfdc3e158e1ce62d325441e1b05a3ba5f663f20b0cb703cb2960aad298177881aa6b52bf4ae112c5d2bb691ac34b0723be7ddcfff0015e578475db1f062c5a50b54bbcba2f591eb4d6de66f386b0d5dd3975229ad25ae95d82266dfb9c1a6f497ef54b6ac5ee81edae16c47e89f9a435377dfac411db459559ce483921251745b8b94f69d4815b009ea86aedc5a75a516ff2afaff9a418f73c2cacbcdf45dd02ba962399f9b81e149635c2b4c0bda790a6d72fc243f6fbc73d0a0636db51c03d93b44b42c07f2269b465231f953e6a45dc549e9b5ef05443da7820cd667f5b0ff47a13f0a3df630a6f98f72e09978b829389d6a11afb0a7a0988822bb95fcb50399e51295f464662118646d2996da0fa710b082036820ae0a60828479bad4489061244b74179cfec74ab273551190c0eb2ca95be86391b8e469454796d04b29646b8aaae49889ffd84e83e33fb0cd7b10d778e72422f474911897dbd4548d9658e9af23cfff0ad4a7d750ab59e0f8988082ab7ac8d27eeab1c5809de6694aba8ee6ff1ba23d422f38dc026a77933cb0fc916d22131f7f736e35c881c5551f13a5037f65b9090372bb8e73bb9cd686715afef6b40ff275a978078c1e1c7db358285e5caee5c53cb4a7b446db91e5c0615342265edd9f09a72002aae56c7ad4269a0513569db514ee852724cdcccb72e8836fc270f7aa03e03e65f4572c2909e6fb1b557e89c3b505ba2f2b10b545513758abdbdc5b3e5ec1fe4d6bd5947b354058eccb79f10e971a85bdafa5aa27224acc734d884f9282ed033fc540defa3181d451713565d940879cd70a1d704b9a390de509351d5129bff18051b0c7ca196a78d3b8d0c8f384c79ad637b2e1770fecfc980960ef403cbc6bb284792cd169133f35aea028d9ffdc1668572dd197db86a26cb6fe1bb822bb76968ef2cd3c384704b75d0f17a50bcce054a400edd3b2f2abf72d2d8a679fdc94216d2d7d43ca1e60aeb5a313f8104f8ae54e75beb6c106cf080b9ecc9a1f91508b37d9ede25a1bede738c3a7f3501391a7b1863fe120ea26c4ff13f1de4588b150f3f2c12a9b9d92e6a8610c788c4d449a91416307a313536e1779bef88028d65a9398c5d1492b729d5f08e34e64fa07507f64297a1f9305a2d68169f653d5c107c9860ca0d822916eb357c646c229e792b1a5da56b35ab971bb82e41581e11f24f9c6b26c019dd2f2f89f2a82b74bd856ed7b46a2d9c07b2856bc39e9a28f271c5bb06db5bfa04d21e37e778b3e03071d25da8bbc91543fe8909603ba92e3455cb0edfe1dc040f12c169a97a5b8fb09f97acda29ab8491e7c9f81320b1a9de5773078557a6a0bdc5a1bfd2d953c47b3e5ccc70d76dc4ba10c297d7591e2c2150b8235de09714fedcf23aedb0ec9586e52f6af6c299256ad5a0a4ce22666be48592977dc5ff5c5eea529b81df4510016240b8fc8489bf59c899bb75481220554d0b9aebf1660cb72b01dfc3ffaac27dc1d36247e86339c6d99fc3ca8edf585fdb236ecdffda1b99819f873367ee5d8fde5d596517f895c9154deab01ca26008edbeadecfe33cae750ff044469a1b3b104b35af0c04a35a48aecf54dd8844b598432b81f67ce232ad46a247cad103274cd7c206d890008b149aaa3310f9794243cc5e04d4bd3e66a5b01ef67044412eba507a20399856cd26fb6233ebc064aa7b5ba94198bc05301dd74d6875b6d3b4731c2a11f0656767a3e6ba0a3d6951a7f9385ff99876891b8150ac5257756ef92a6c3854ccba8f13bca3cd3e66fdc93feefc44c3eba570970e0a6921f1eef24713ed5a174b8e52a0bc1bd3b420bdd0e521835289d29267fca4512caeaf64d1adeba2457864801d30d37e4eea965f8cfdb314f62307d8a12084a65da330f800862cae3876cdffe8c77d982ce9527b069628f0d796c0ec1c1b423ab6eb248e176a9b201d4de572f7901d8d88ae3dc6c3f196a4e3fb81552f16f7a7b7b3a242824b0618a855fc150fe8d484c80b3e1ea6c42f165dcfa7b0b292f9c7f27179d32260d4f472385a8818f7d76133030cf1256153b4162c8c3a3629c01e9b8cb5a30b3d0068d7f0e3727d8159739386511746fad1cfcc98c7af05b489876432957c6d59c51f12ebb62acac90311e6b00cea58b355db5a36718dfb8140d23e64e41ef9d33969cae75ea3ef8f14ad8c9b2d0c8bd7bf4366b091b5992ffbd71800495c0484cbee4b5fffaede0808cdcfa2409227e6b96dd82481d6d00bfff72c29f860b7fa4fa9c3634d9a2e4f7a8ef240c997b749e0562514d5c2c5d66da75149dea37b1cbb347fa0df5be2b9a5ddf20a6d47936b3b55cedc64453e69413a89c8a9eaeda00fccc96281b4f29db0f3e45fa098c77ffe3c0488529ecfa801cdf7fe8a23f6a3aa04acaf4e300c44e6d873f43b9fd4b13cbed2411c97378e07c7a6799d272d36ac8964233130947ed88f727915fa58a4812ceacd6cc6a52bc7fcba5e57543e93d293d5a428c73b194f33ba752b0ebeb0262423e7a8f490707a220857f44e191304cffb93cfc75b217ca306292549c8742fe3aa62a464d40c666115015201c0fef3e9555615f91c3d15b6e1556a9b04febc2ae7e3d689ca5f58b51f2717ae8c5153f2c2a4df11ea8cafcc369327c2a0a6f7946daf09be323d59e4b0e42ebcdeca373a6d70a3286382f1405b7107af899da00dbd52324657870bd18ca26f3ef47e0e81cd335c827512e88f24202836e7a1b505f0d03a23d577430d971458a11ff42e36b2d2883b664d402eb7497a90ba1f94829b6d9c6b4c4f7e9dc49882520a6fd2590cb8b41328541b9076e43f6019c3da9084e57960478c268f4215bb98455fbd2981e7e37caf7aaf9008f87cfe196da930637c55da5a34e142a433494e6f92a5985d7e6fc0ec68d2ad25144919af6dc81afc88cd05f01b401730bccc3086c9dd06d38ed522e52e7ffae7671898fb91cec0821c061aaea6c47ae877d2d7f5ca1ecf159e0ea152ce713f652c116f62e12cad293331db922a5fed311ab22096d90fc17ccc53f84d46eae680def0b9949e0d9debff263d575e590941a5ce0b33548beb6dbc01104f6054da73cc349625adece6a54e092d8d740915b91d81df30374a78693d6b69724f05354d61ac0febff4a544b88954d11d3f4927895edf6ad755313227ac87f24f12d70a831df16bd45c4a03570fdf27d698fa5581fce2d002890a3f2059a6bfdf77f0aeee3ad8318449bc1b2d486b225b148a78e921c73a2c37256dfb1ad611e410d5436e0d31d00ab5177da7915a74ef3307927c23c764f5cf62c3e2db86284c9abb39045b625d507f5c8d440557b4dad2a39593fbb572cce25a364aae44134fdd97ef0148690881bee42b6bd929f12cdf07996597a2a8366b12841f8fb8dfc0ece651756637b95c6bdb92320302805b4a700e7d3dfb0b8878862f400f8437a6c153b5fab40d30af07e73cf4345cb6fa81574018a7bc0e8789fae8b8560f4b93d413fa8e0e0218527ccb82873fc9da6cc34b6197c1d8bd9223ab7c4efb1f8cf021450037f4576934d83116655c120062fc3b912176fd395ccc792d492f2730465f8b4c68155b6ceb52e80742d2970e24004171f4685cd78467a4e943a0fecff66dffff10922d69236460dc37c1df9b19dded1ecb932dd8dd2045d2f8e8d3dfb6a83a65d6623553a2aed7a12b78effeeaa58eec84cdefc84923177afb7bd04f6fc3d3332d63ed5c5d6fe8820b9853e7615407eb23962f5232db44bc0267e7f07e47b158de0732a974b80aeb00ffeeca83d26fe21e487ea4472cd9048f942155784af8f68006cdb4286480a7ffa1ba6e93fe7fdb33283359d28bf9311dee59899e0e77aa113fadda21526c8e2bd60f21e182b735a5b0177fb95e948857c6c4ae391b2b4950a35b129e7bf25b7eb2c0857290c55f5d28b78ca1f39f0cd676610805b0a378647ae958182b26de1ddbf80e80d7ab1d2476086ed192e98bee0969bc0e8765278cb5570ccc29ac6d7298821bff4f85895deffcf4ce54a69878cfb41eade0d8703cbcff02352733ace2d800ba68b0fdcc52b94247ecacddf80ad228cf76eb547d276d0f6402054e34c3569e2b53ea3cbc54e49e099372cde3acd1ba47f836a765f855763a175a58ec4d6cecc72375da2d8c956c2868e77bfdb697182b554f0b743d7095cf13a3ba1d19e7590c281bd09ce235898a9682aacb5633b4fa4c3bdd71139c20c518b6a7651a47df7658a5a7ed41b3e7e43543d68c1dd4a5d01ec7e42cabdd6963db84f0d69b5a471ff8b929a8774baee39b14ab325af2ea7756c656c0135a59568499208341333d6b896cf0cc10108970e20313df241d179bd2a4d2392b269e6aeb9d2570bba7e3c67f49e90cf95562f93077a5fb588225724d444fcd8da55921dcff7b0be49ac0171ae98209e729f65bcebe447ccc0a185719f3fd55d1ae263daac4a420da91d05cdfc85d48e5743483dbb6fe81e5c216948953d95d5e725db17df44f05a57c6cc425e55572f9163e536a6d2d51d5213c937f6ddba08fc1f90ec73088a766a685f2c0d43b80422d48eef23b2ea588ea26b8dffb4f0df0cf91d6ea8f14a663ba2b165e4427010742fe63905d62b9dcf2385dce09fe75e4746d5c9c402ee77bfc9f39a28eb9f2751a81b090a499706accafbf5ae1afa9af350fd7481bb", 0x1000}, 0x1006) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in={{0x2, 0x0, @empty}}, 0x3a4c}, 0x90) sendfile(r0, r0, &(0x7f0000000240), 0x2008000fffffffe) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000080)) creat(&(0x7f0000000000)='./file0\x00', 0x0) fchdir(0xffffffffffffffff) 04:51:41 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/76, 0x4c}], 0x1) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) readv(r1, &(0x7f0000000440)=[{&(0x7f0000000000)=""/12, 0xc}, {&(0x7f0000000180)=""/187, 0xbb}, {&(0x7f0000000240)=""/222, 0xde}, {&(0x7f0000000100)=""/13, 0xd}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000000400)=""/55, 0x37}], 0x6) 04:51:41 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 777.059898] Memory cgroup out of memory: Kill process 14570 (syz-executor.0) score 1113 or sacrifice child 04:51:41 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000080)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r1 = dup2(r0, r0) r2 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r3 = perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r2, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x1000, 0x0, 0x1000, 0x2, 0xffffffffffffffff, 0x6, [], r5, r4, 0x1}, 0x3c) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@local, @rand_addr, r5}, 0xc) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x1d, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003400000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000086eb027c6b269a9727000065040400010000000404000001007d6bb76a0a00fe000000008500000026000000b70000000000000095000000000000006eace264330a0cbf6e08d472ca3cb9c3fe2e8a1dfd9dbcbb79d68e19c175b61a266a284a7fcd49ab4a305bbea8c1e07ccf518f886c53a1b9cc77998fd8125976bbf8bdfd00c68e87e2db2a037814122b5da1512081fd8357dc9876799b3bead00ed0e5f8554f9f5b34d3239dcd753aae6ef237b219488b43d269db"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r5, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r6, 0xc0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x82) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000001c0)={r7}, 0xc) r8 = msgget(0x0, 0x20) msgsnd(r8, &(0x7f0000000480)={0x3, "92dd3115fe86b6a3e2f28306a736633e51eb4a2e6d73ec511c41f61517ad857158064a0c0c0c424f63f9d52a753f86488404222bd05ba83d9f64c0785210d56ca259c264638528416ed7dbff3e3944d59df6096fc38d0dd3b42cb10c4df31b2751c6725150b7e0566f1f5792e7fc7d584ae53a18f361c81dbdbbd6ed6c96cdebe923e8cba6e8c86eb99f71819952ea807dbb1370c03090ba34638bd53cb9332c9236e37da6f906eca118fb4e87b75bd6c1396d90cfdd86066176c3aa6f3d652107d82aa86e2cef94eff6b3520653d18fe57b"}, 0xda, 0x800) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r7}, 0xc) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 777.122933] Killed process 14570 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:41 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x1004, 0x0) mount$overlay(0x400000, &(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB=',lowerdir=.:file0']) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f0000000180)) mknod(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0) [ 777.216410] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 777.245736] SELinux: ebitmap: truncated map [ 777.257530] SELinux: failed to load policy [ 777.278017] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 777.286227] CPU: 0 PID: 20561 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 777.293172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.302530] Call Trace: [ 777.305124] dump_stack+0x172/0x1f0 [ 777.308766] dump_header+0x15e/0xa55 [ 777.312490] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 777.317606] ? ___ratelimit+0x60/0x595 [ 777.321503] ? do_raw_spin_unlock+0x57/0x270 [ 777.325919] oom_kill_process.cold+0x10/0x6ef [ 777.330448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.335989] ? task_will_free_mem+0x139/0x6e0 [ 777.340583] out_of_memory+0x936/0x12d0 [ 777.344575] ? oom_killer_disable+0x280/0x280 [ 777.349085] ? find_held_lock+0x35/0x130 [ 777.353173] mem_cgroup_out_of_memory+0x1d2/0x240 [ 777.358024] ? memcg_event_wake+0x230/0x230 [ 777.362354] ? do_raw_spin_unlock+0x57/0x270 [ 777.366765] ? _raw_spin_unlock+0x2d/0x50 [ 777.370919] try_charge+0xc4e/0x1480 [ 777.374645] ? find_held_lock+0x35/0x130 [ 777.378726] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 777.383578] ? get_mem_cgroup_from_mm+0x139/0x320 [ 777.388428] ? find_held_lock+0x35/0x130 [ 777.392497] ? get_mem_cgroup_from_mm+0x139/0x320 [ 777.397355] memcg_kmem_charge_memcg+0x7c/0x130 [ 777.402027] ? memcg_kmem_put_cache+0xb0/0xb0 [ 777.406529] ? get_mem_cgroup_from_mm+0x156/0x320 [ 777.411380] memcg_kmem_charge+0x136/0x370 [ 777.415626] __alloc_pages_nodemask+0x3c3/0x750 [ 777.420314] ? __alloc_pages_slowpath+0x2870/0x2870 [ 777.425338] ? lockdep_hardirqs_on+0x415/0x5d0 [ 777.429927] ? trace_hardirqs_on+0x67/0x220 [ 777.434259] ? kasan_check_read+0x11/0x20 [ 777.438504] copy_process.part.0+0x3e0/0x7a30 [ 777.443009] ? mark_held_locks+0x100/0x100 [ 777.447257] ? __might_fault+0x12b/0x1e0 [ 777.451328] ? __cleanup_sighand+0x70/0x70 [ 777.455573] ? lock_downgrade+0x810/0x810 [ 777.459738] _do_fork+0x257/0xfd0 [ 777.463194] ? fork_idle+0x1d0/0x1d0 [ 777.466924] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 777.471772] ? trace_hardirqs_on_thunk+0x1a/0x1c 04:51:41 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500fb0000005f3f000000000000000000"], 0x38) [ 777.476536] ? do_syscall_64+0x26/0x620 [ 777.480515] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 777.486063] ? do_syscall_64+0x26/0x620 [ 777.490049] __x64_sys_clone+0xbf/0x150 [ 777.494039] do_syscall_64+0xfd/0x620 [ 777.495591] SELinux: ebitmap: truncated map [ 777.497849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 777.497861] RIP: 0033:0x459a09 04:51:41 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$VIDIOC_ENUMOUTPUT(r2, 0xc0485630, &(0x7f00000001c0)={0xff, "27eeda1ce831e40458c99cc16f4ae8ee0b52c9c2ab038c0fa80a24eb1a21dc1d", 0x1, 0x1, 0x1, 0x0, 0x8}) r3 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x100000003, 0x62f11d241aaef1af) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r3, 0x8008ae9d, &(0x7f0000000080)=""/195) 04:51:41 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x80400) r1 = dup2(r0, r0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/user\x00', 0x2, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:41 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:41 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500fc0000005f3f000000000000000000"], 0x38) 04:51:41 executing program 4: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x800, 0x0) r1 = getpid() tkill(r1, 0x1000000000015) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000100)={{0x2, 0x4, 0x8, 0x0, 'syz0\x00', 0x2616645}, 0x3, 0x40, 0xfffffffffffff801, r1, 0x4, 0x3, 'syz1\x00', &(0x7f0000000080)=['/dev/dri/card#\x00', '/dev/dri/card#\x00', ',@&nodevsystemcpuset\x00', '/dev/dri/card#\x00'], 0x42, [], [0x4, 0x1f, 0x4, 0x5]}) ioctl$NBD_DISCONNECT(r0, 0xab08) r2 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) [ 777.497875] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 777.497882] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 777.497896] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 777.497909] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 777.502617] SELinux: failed to load policy [ 777.507403] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 777.507411] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 777.507420] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff [ 777.544757] Task in /syz0 killed as a result of limit of /syz0 [ 777.621930] memory: usage 307200kB, limit 307200kB, failcnt 4429 04:51:42 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) gettid() dup(r0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x20000) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) setsockopt$inet_msfilter(r2, 0x0, 0x29, 0x0, 0xfffffffffffffe4d) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) [ 777.638448] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 777.654678] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 04:51:42 executing program 3: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r2, 0x1, 0x0, 0x0, {{}, 0x0, 0x4, 0x0, {0x8}}}, 0x24}}, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000001340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80008}, 0xc, &(0x7f0000001300)={&(0x7f00000000c0)={0x68, r2, 0x400, 0x70bd27, 0x25dfdbfb, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x4, @link='syz0\x00'}}}, ["", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) write$binfmt_elf32(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c46050604ff010000000100000002000300bf000000e900000038000000f5020000040000000000200002000400ff0f00000000000005000000080000007f00000008000000060000000000010040000000000000000100000001000000ff01000000040000b80000003f0000000000000008000000e7ce78550f99702ab27883cb06d1a93c7f0d066799cffa901d9945d2ab188b9a47603fd20f51216e997d99c612f9651080713e9afecab2b4c1e32ea46277ef4246994ccb1d38ff53ce3ee5279cda6b318696b7089b35cd909869a381e80391824b591ba083934263e95cd8132903570552145e95d245eaa4e1ce354b43475542f1a6bcc6feffe422239682da9860f77d88c23504615ad3e12ebb31b163c1de80cd1d8cea117426e29ff4678c1f143a9ffeb46d98c3d10d00e348a2418d08b4a475d43f90670d948b899b791fb8bb174c2dcb7c2d0841ab359169e269a60d745ad0dd8636450987a2679217a801fc389d8e4b2a51651bd4ad4d005aad2feae322aaec9bfa29625d8d8c52043ef61c57888992ee2c5dfa80cc78e8677f7fea9f7954b8041c15c07ce7ee5983a08191b8e22e7f3911af1c971d9d353f9f421422a77ffd7bfdd8a15ac1cd8e00953e112b82a8b3e32b0ad2bfb6aea4ff1e952daa48b88df82dcb45a40af5ba717cac9071bd71df491254d69a9634784253fe3f2bc0a471996b62320e47bebf22904d5be3247e521abe254eee04d1b03c7725315b06328ef141359e0f3fbc5d619d37d6f62443e69fa18001b26fb13ac2a8da546d0629bdf608cd55a299ca97c663abce7cef3aa13a177e6893100b5e7ab54c3a19a8a15c077d6373a9128248edeb56dca4e4ee2fc20fbb99b2aa78168017e51a444927358af5b72e9cdffea44434f460746644f95d9378086687aea5c1b3493608d3a1bec605635404a22adc6c49247e123e60253d9551a752a25c3d971b7699f7c19ea80855a72426c3da545cb9bfd7b13b8f4d75d00d721285744611cb9c10bb6701b6b94bc4dacc50d348ead1caadb9459018cccb3c1d6613a37354378ea6f6813de31ee3101f884e5818a7e6b5752e6e073ebe65896bcc6fb51d1ab615d6fdab6590619ef624a1bc43b6d8d8519063e29de9968c77032ea8a860de49a1c958417e5e862235c3649bcc8a4debac3259bf1b8852c84db7f9846800e20aab01116d96f6683817638ab6a68d38121543b7a26ad66069d73755d8ceb4fa50ac355d71027b1ad384e27b519fe0a3a02c1fba42fd94ce4dc6c52f8028a0e6d23da804e93a848ac5a10d93f02228c57a6e6182369e1deccf460f89950b0d46125798d9e31be65b839fd84aba3574e69817af36860cc9fa6e717cd274c334018ba4a3f95c272b489f336a009ed8788408e8f39944faf0e3174645a644383bc769bc69270dfd9434e18bb904556c2614d5c84689240077f4ce00a83c268397b7e9fbd81cae6c823c9606e42c9afeb6b359c84058a65f49bb6c70b6db506142d46d06fcd91b6f961762d21c0d24631adc8bda1387ca21c770dbf9cf5a98140edd4b2bd8f2fe30b5f4b5fb5cffb8438a912f658f258fc0b0b48e8705675c66e2045e44714aea305c189607e77612352f523226a25aa057a11d9ad436512d8b61887df49926e400f49c9ba3695ff918ee0491a0ba983f8b749c092e341d9f4f9cdd12b488092492a69a4f42f0220cdef9f89ceffc7dc713ddf6171c5183c2d1b68bcbb35bf95ebc97beb29d0e5bd0180869f5ec18093e5685bfc1a79af2af44992bce3ef0c63a02c0f5466c4be7d121a584ebe8cfa788323b2a8589de5b619204428a6ec00827cc09cd9bf2266b167adf5177c0ad13acfbe25349091969a1e00f824f6a83a85a5c199480463d06ae984b149e1bbf4169333c61547f392fb097b7516a32d095c5ad3fab80fa811eb2b0bbf593c15a46fa3def1a7e20c7ccb5d55e41a606633a8a20224faab329c2aa123ebb56efa753e7d4c7e98f99368f1f721379f3fb7ee4d8ffdec4525d38d21db7d94d35b04e58416c53bcea539dedc7fafbf8af92b2272e35f4adb36cb8ebc42c88aff3556c2a74faf20f718697c8f0c0d849a5d24c6d7f432db17bf998a222a27456b8eb6d9ef6f28ae58477cc8f8371fedaa79ef10243c2e04a60ce3b8a15d80a139a30c1266557ee8f3c56f5e1f3de68b7dc84c1b2c36f8ebec95ed49990d5799d593aa54715f0c6783e18c59a2f4a7c6bf61ab9093bd7448186b409b7411965186b4303c8a24a3f30dbc5ec823ee960b5d10842cc3ffe681eec0d848e9bd7ac8d1ab0bbf5963ca10dab2936a8a24a67a4f06cde08b27c798621624d62ca6b88b809e75e0999d4dc8ebf608e7924ede7acc152c8c2c37deb29bcaba65af2394e9f53078249069f6fbabd22b7d0e62c9525780da24d89f66108b746525531528c2b5e3fb842e8dfe98234b8d31452a631e6f3649f565bd113881659fca9fd20130a70472cedc52160c785b14ac52e832bf24b5212519eeb8f2589eed6c6a77276907b6136308db75eea7895ecdadab1b51cc7223ae5b80bf13ed22c7802bfecd704a7d80189c6a166a5da1ae1966a46614550b4330303adaf78154d7496b337b471580e23f860c096052920a6b9fcdb4434565b0a3dcb6340869c26acbea4e46e4c9ea0afcbfe7a28eda7ca68e521a01936fcdbb8e2c19f093d00d2954c23819cdf649e808a0494d0c28f3accee43daeed8228d90b966b3695cd5fd673c12700286c7809432f6ffdf40a9f5db57f2a98bb8d1249c47f6464af0b43f406a80a12129e6d2549d8a7811df287f12072a8f933331c17943620a2e94355d7b7e27916287d59bb8872a22baa2214ce81c1b11990606ef2c04eca4e6b225bd84687d08d060a29aaa53bef1a77a7926db9ec1a26b25232d896565816412563181b0076261a971334daee0ab1a63c46af569c298357cd6f34681ccf352e19e73bd0339df9d1930be532af68e9234f0e1dcf807b1125b10491166ba410bf7d465abbc9106eede6417826f94b9f37cdc92079f9c0c9b4ad06053733a8d39f24c7b63f9bb9a3d7271a123ced388174855c56dc4979fed92f91ea8bb614816567799f20e07a8f2591b25553204a6e34421c17fa5267225d38e0a4cd3315e1dcb4e2d84772e9e37a6688c1932839854f619ebe8e2b5e8461296c5db061903fe334275e2dc73b3489d1a8fcb13173e99eef5c4d69f6c0e3d23d99e5e7b05164b764ec8a7db566ab0ec0e883832a45c5ea3d5dd8d6a95132d496e45e8344a1ff95fc0cb7b0cf04dcdc965db6f71444f0499ca2a46d3573848550d118aa97ff33331bcc114f289d5a2a6c402e10ca22cbbd793e938ec8764d2e96b420ff11585b31c22c7a7846a7d418dbc467a9f1e192b848dc03f856d4722b6019efc3b7b86f8c6a95594c68b74114223d2e91915a032140d2d12ce3f1cdf8e27a4a4267b83012c95c95b20fc4c1145a11c16087cf84e40771e52eee94cdc48b425632096442c806ace80238a94bec4733dd54b4e594cc596b613a61748d53381216fdbd18dd554c8af380b6452c7abb0164fe09be9c68e6d0e6325b6618b6a2aab4831c6809a6eeb5c01e80f6e9404a46dd1557be457f56c291f9a85e1228110aad02e79ee4c13e315480e0cb73c141cc2e272ad5cff22dfd3d3a59c8480ff8bdf1ed27c73e33af646a96d65b9bf1ef0c598b5cb3a95557ea5dd300422dca895f007ceb088dfe1951752b6f457c5748386f66f9b241abcb2fd656827d6a365bb45abe021832b81b50e7147e7cff094ea4f4ddce695e9bc309fbe575ec1f1e7366a53b60d6881d187cb314baedc36104c7acf9ab40eb7f20e72c163d10fa8228fb283d14987ef22a523dae3f4d72b41603795f7da8ac10913726d1d3025df8f24c7b10fd98746d4a4ef4364e9d52b1a3573cfab51e4c1ca58d2b128b1403e275f1c6bcea9baa78f80de4dd7aac5bc306b02275b3542220ff14102b399b0a523f1a04e39bc888b0e2adc53c6cde566fecbf8fef752c9d3d9f7c9fc76ab8f4197c1b04659e4219b8e56f235101561d9fecde5157ca2dd99bc4e419dcc17b1e31d2680349ab40fea31ce23ab2a0f2cb4bf2381e7ca21a034b96b4be1eddd1dc0f8bd0a55b6f59f08402bb7f02f251cf6abfce2c87f3024fda574f8ccd01ac7a67e4491482d0167b5ea1876f6e3c84014bbc0b7b8b080c5a2535b6ce420682ad9b9b6f62ce1139c65690951a2eb740b7de3e5a8482a178d2ce05c72107ed2506b5ea838f991416803610ee0c6b00b9c59c653c9efeb20e3e2eb79cb6bc666166af57655701cbd9786dee0614eaa77f2b75c7a4d06b7aaf16fcdf3a17491042b308ab08f8cbc19f9b560e43d905c005e465c3697b7960fef09ad7d05aee19c22ad1536d75d50bffe7ae928d764e53d39fc50fbe767a7e54e4c46d788b9b6ab844d35ffb6f58411a782078da3bc82230c1e0c3dc00616bc36209501fc9d9a76230fca07328e9e0736bcf69cdef83eecfffc94cb63a6da36f42be75ffd3363135f133c556a47823f4e14c33e2ac407656f454c5c74956a0aaafda6f2e6277fc3aad52c0d77ab1076f449b9ea294fa220956cd71e1e1e02847858aa15e9732516f5c18b542c90171bac787c2d3959a6688f800a1d0097ba82299f6eb5c4ee2f31dd2324f79f77cc2230305dba1480797e5825ddb7d9277fc4df263961b2aad6999997da375d42dde3ec51a662ea7bfe530d3ea2f8cdbfb29ca91e7d12f41618a8989f410c05d80d5156c4ae9cc16a98b6c73de3890683af3581c8d3bcda0016267b615c6d66b510618cdecd24245f647c67b4b83827112ac633b7744990575532c92f0fad8bfac29e48454a7155c36a7fdd21dbc30529e168da0fb4bf9854a4cd2e97be0200000000000000da950e49c4ec5ee0226ae6ea60d80b6304dcf6dcb8498d6bcc900f4a79f5dbcbca9d1037ac7869f8adf541cdb0aaaeb504cb162dbfe18e29e174d513a28db98462051998420da1bd6e1dabc03b1952ec75fa09736d0e0ec59c652d98223814b7e4aca8b76f4698e4dbb04ff791c4848cc99f34e9a35812dbd4e3ba3a1c2948308b039d1ee2177c7d838088596b10ccae1972694e4ebe6be7dbf25f011ba00b2c5ed9a422b4015ff30afbf1f8f034413e7a0787d0ae21bcb339f9224046bb5fa9340a847708ded8dbaa731e6001d159d16e99b6648facf26547c4e32b247c949bb1d9ec57b4782566a7642109b2a8f5c2502036608d2df258b32056e9dfe2c3388c237e92deca7e92a5abb9a2d848185a0a944cb9cd11225d9618eef792e3e09907c15e1ae9d656ca2cd3a6cc809a8addc76737875abc42712a3c9448046da04a94fc09022dbb755a8d884ef906cd75188296682cf8554af627b59feb0f50dc90173a016fe3b35b6a3a31cf38431fde069e0c2b6b614473a65b87c0c5ecdb7e6eb51941557f0f2f30faf2e63fb375d45d19fe29b414a3a2d1a91397a305e38cf9e87219d1decfc989e773ace12abb0ec1f14c08d6ffd825569281c713292191fc52fa810529d3fe738d6079e7206df4c15bdee11e11a0b90f39ec51014c5377bcbcea970971ce4fea32077780d442f9a690c8f194f054ba316c7f71736077569284bab8ec27ca107b5f36cf8b6aa7b67f138c3aa40d3f27ecf95abc1a2fb7163d7f6af8c82082ca5a85a843b52b495729295f1790e319e6035526954514c6e4fc328bd2b7647c970677541dfd2213225fe3e9a1d731c47ab96c4a124ade8a4f50ad90df2d1956366d610ea000c31ab4e16c0d16b9b8701e27fa497c492d1feaa9a3ae43d8e3ca3d209b9c5570709a918239cc4700360d3911a5cf0588cd6cf9366332966bc1b66010ee55d4d3bd57d002f3f1e586e0ec9465ee140ccf1a3e72f36d9903771d00"/4463], 0x1178) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) [ 777.679535] Memory cgroup stats for /syz0: cache:0KB rss:229668KB rss_huge:192512KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:229652KB inactive_file:0KB active_file:0KB unevictable:0KB [ 777.742790] Memory cgroup out of memory: Kill process 14689 (syz-executor.0) score 1113 or sacrifice child [ 777.753132] Killed process 14689 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 777.786168] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 777.849229] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 777.882804] CPU: 1 PID: 7615 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 777.889695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.899137] Call Trace: [ 777.901737] dump_stack+0x172/0x1f0 [ 777.905379] dump_header+0x15e/0xa55 [ 777.909115] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 777.914228] ? ___ratelimit+0x60/0x595 [ 777.918130] ? do_raw_spin_unlock+0x57/0x270 [ 777.922557] oom_kill_process.cold+0x10/0x6ef [ 777.927077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.932624] ? task_will_free_mem+0x139/0x6e0 [ 777.937136] out_of_memory+0x936/0x12d0 [ 777.941135] ? oom_killer_disable+0x280/0x280 [ 777.945644] ? find_held_lock+0x35/0x130 04:51:42 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) ioctl$EVIOCGUNIQ(r4, 0x80404508, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r3, 0xc0385720, &(0x7f00000000c0)={0x1, {r5, r6+30000000}, 0x7f, 0x5}) r7 = openat$autofs(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x14d114775de95e04, 0xfa00, {0x1, &(0x7f0000000140)={0xffffffffffffffff}, 0x200, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r7, &(0x7f0000000a00)={0x8, 0x120, 0xfa00, {0x4, {0x0, 0x3, "a11fd9bb777ed6d2de013aa84c1780812dde64019c3679140f98742d991c188999137e2c0c273c01ce5ee4a98e9a5f9621977495adc63b5e42cfed5f869c9b9c3762653da39cff6f836d3d8c2f820218e7f36d69edfe4f612f003ba171580d5d229a27995ec89a2ae6ea35537a994f882cb14b30ea1e81f4ffce42d406d795b1667439abc3912178aa17fed740c80915b5df43ad2e40db2e0c07023314ebb582148f97bf4b7f329a3f160dfa8dc19707f955096b143bd08da435072e87ba883dfc7fec35c82353166a54e432bd274068adc33e99bed553bae5b0410241e3d969c47980bfb66acc42eae3297dadf62b3f5d48f2bbbae626416b7f89ba77f540b4", 0xb9, 0x4, 0x0, 0x2, 0x100000000, 0x1, 0x3}, r8}}, 0x128) ioctl$DRM_IOCTL_RES_CTX(r7, 0xc0106426, &(0x7f0000000b80)={0x3, &(0x7f0000000b40)=[{}, {0x0}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r3, 0xc0086423, &(0x7f0000000c00)={r9, 0x3}) ioctl$DRM_IOCTL_UNLOCK(r2, 0x4008642b, &(0x7f0000000040)={r9, 0x13}) r10 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x8b07, &(0x7f0000000000)='wlan0\x00') r11 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x2, 0x10080) ioctl$SG_GET_PACK_ID(r11, 0x227c, &(0x7f0000000100)) [ 777.949749] mem_cgroup_out_of_memory+0x1d2/0x240 [ 777.954604] ? memcg_event_wake+0x230/0x230 [ 777.958946] ? do_raw_spin_unlock+0x57/0x270 [ 777.963362] ? _raw_spin_unlock+0x2d/0x50 [ 777.967526] try_charge+0xef7/0x1480 [ 777.971257] ? find_held_lock+0x35/0x130 [ 777.975336] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 777.980275] ? get_mem_cgroup_from_mm+0x139/0x320 [ 777.985138] ? find_held_lock+0x35/0x130 [ 777.989481] ? get_mem_cgroup_from_mm+0x139/0x320 [ 777.994371] memcg_kmem_charge_memcg+0x7c/0x130 04:51:42 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r2, r2) ioctl$DRM_IOCTL_GET_STATS(r2, 0x80f86406, &(0x7f0000000280)=""/91) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x40, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) fsetxattr$security_smack_transmute(r3, &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f00000000c0)='TRUE', 0x4, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = getuid() r6 = syz_open_dev$amidi(&(0x7f0000002880)='/dev/amidi#\x00', 0x1000, 0x800) ioctl$DRM_IOCTL_IRQ_BUSID(r6, 0xc0106403, &(0x7f00000028c0)={0x800, 0x8000, 0x2fe9, 0xfbd3}) syz_mount_image$btrfs(&(0x7f0000000300)='btrfs\x00', &(0x7f0000000340)='./file0\x00', 0x6ec9, 0x8, &(0x7f0000002700)=[{&(0x7f0000000380)="fabd3a08c508dd91bb4ce1aaab52385bd4", 0x11, 0x6}, {&(0x7f00000003c0)="5a28b2d417e28cec75747b7bc320a3e40c8f013e6ca5a48802a7a8def799c5d32380da206b640977083cd60516f5ca247313fb9fc559b1da5964f3f9a50f6ef62e50fbef8839f3de501fa1c6af69da8d801dafdb8eba4576ec62422b43a5cc7fede29d872da8ea36a6e9fada4efebc97c8931934f052daed266983d1bd4a52499ae16f4483f31ac478162c2efac213c38bc7f50e8cd22304c5eab9e6dbc683733a7378eeb33cd061f2736b88da07d1278ac4462bd13f8762fc000d03cebad1f169bf7e951a81f9fca8961eccab5a261e68eb68f1196058ad14c425bda6c2d5caae0ffd714f6326821a6900317277bce2", 0xf0, 0x4}, {&(0x7f00000004c0)="58bfa0486d38d5044057fb2479128b63a362f0ee4a2d", 0x16, 0x1000}, {&(0x7f0000000500)="9e24bd2f2554f7a1720f19ced08b6d6f471d259aa698870a158569f85c039fef26c571ea31a29ac8383e9ee054ec8d119dc7e3f7ec75205e1ff7452969f0b498e7e19f69a40a61b17ae3c178f8bbe05c21c31666158724c5edd347c6de6ab39c166cfea120a2b3ff4ba850578d6524f62bf347cf21815afcd8a944196ac01c42331759a97486068d6774beadafbf68f7f1cefa", 0x93, 0x2}, {&(0x7f00000005c0)="ba8f4f4b2d2ccf5063005bfc1f4856af302cf9a992f7b563383ef6aabcf7377ebc21ed5e3a51b165a36be9d88f82da343e19fee9c937c3b1b3db7701756ccc2c4ca25271b17e90e89232c54fa1d83d5f8657c3c3977ddb4ffa5f285517dd069c545ebe6552063f252f16e46864132beca7b1ec376bdf11c5fd3790bf76538cc331844168bce4441b903b8d6a572d43ef098ab8f9d69d012182abf3f7aa7859f48b808a003ec66c710eaef093f4764f791ff7fd80d240855c551ae5672b04968672c3b7656185e4246abe440d21ea99115422e749cfbd131fa8d5a736987d24bebb4cf653bed6d184573bc8c791c8f306fa4008f2f910218436fb7023f0e11be8916d893d7aad6ddd313c79884335b163e758177df31762763a5edba9fadbdf1e424a60e9fc6ce4dbccbc10b3f40e41d15f2b6570525515297cd099e49ba34666fb33278bbcec3c899b6cc253c8f9e006a0c49006ad81df835bfdbb9f577300c723cc8294031edfd74f0762f70fe8ce705cd3f3d8e74b02e7bc4ee28fc28b3194d710a20698c48d268a23f536824b1d3bd22ff591cbe2675e85916c00e11410287cda61acb3edf6c0c1cb192bccaeb9b1efaff99c8ca26ace61fdf81d3e97f9ed0b5b6d38137165428c7a6fdc099d13af55424e25d5a8a309be1157cb1737700309b0258638f582850ada7741ffd0bbc39e103883645b9db57c44b0e826b0c0392f6330bd8be1f1c0eedb06d1d46ac4dd618a29699a9c71834447c49e4e3108f82ac5c3ca190a8361175a018ea945843075d0af85e027602babee3d6ab0ccb785ebc9ec82b3866c6fd3f0569f7102170413abf38f82adbb36d8e10a2b853efd9b96ef10be327dd14383b6f9dbe7ad2331f31d76158bb882181646b21eef46668b9149312d2998b1a552a52772119dc06fadd6f96b3d5c75400102256ba34f776add25a0a7105ccbf9914ae00ed81e7496803f9df8298e3cf11fea213008d34b0e0fae144ca2cbc89ae546665d306a83a19ef893d9172537627a1c3ae52f9661443496ab0a0a19c433454c7baff95b267a8dc1a9fc2439160530fdd122ba59c446432910774ad1ccac636cd7a55e752ae0302ce403fd103e46dbd34331d56af136a018f08aee7ec0db428954e588e8425d1b110f92882d2a2c37be91990bcd043f7c6b246d5bb1abb76773b6cf33a4d3b2c6f4bce592d50aa36b431347808deaa9729ce96d3df08aec7352694e6137a1e5f3ad6d04d595f30ca15f60f4b7c7cb667b540672816f944ed526faa72c3018c6b7f7ba84833fc22e75eb89c3155703bca2d562b65879e511acc456ee648355182e6e2b4e29f0df26f74cea3881d9e6976302d4a11709668cf981e23119d743a7e10287fc98a5b384e9c7d529e961fe5bb140fe2b9da54bc1867053bd314dd13374292877ed71784ac4b14c5dc30a83a354ef6e5de91bfad8d14a299ed0740ab4f53dc69d19b49f2eaa5c89163d5862363b9e65f7746253cac14baf4dcfe91a4679ef3dc63391887fed9a546c1df9eb4b0d409848880bb23406af009069c790a250b5ef88c8f96627fb185cdc80f3dd0215f6b147c78495f87f7215e8b1446a4c349b068309ae74cf3338f0b87f6a2fcbabb677870f58f60a66a3ed093a3bf741362adae69ae19b3f3d1291aa73e4b6038fa37a6d0aefaf951ecc8bfbc52d5b17679565e56313b0bef2b6efdb2c621eec073f2c5dcbfb3363dcf128d2e5a40adab4da185f5999227cd2aba0d1788062d5f11330b195494a0629103ae6c6aad0ab32abac3c8713e54dc3acdcf60ca9b7af5914d138d3b86b0995a5c0257c37a003e3f2e798ec250c19c3f27b32711b821a620a896868e14f847410baba80c1fa002fcf777d1dabc5cee7fb30dfe3302e4edd25f947e0f7c5cecb69494ec74473790db73cbc819f11e332d8d1bae92d0dd4cb612c395995a6ca93d3bebb51abd30d2ffaf9ae5705ca71ccc2a3eb53a27b0a642526f502c98ab758881e79a0c2c74bddba4900b439852ec9f73cf9d73e7b74ac5b983698459902b3f3e2c44e46967cf74c890c4214921ad932130c88b0d6ceb35002a2d5ee0023105c045112cd481299754401f3bf07d5c23ce5df99b10a862fbb4d9acfeee8f7a2cc52cd02904619cdac97b4f05777c0f1b3d34f3eca667380956105b66d259211199a417962c1e61d8463fa28b3df63567fdd41fe62cf0406b793ffa252b1069ba5249409b5c3631de906210e1b65384c4a39a41c7e1dac412dfa1422686d4c3e3ab9612db563a278059ce7b95842897f17c60d584be7c7697c1525d77c78e22d5b76a12ef4e2021191fe45eef9c450261de9fb13b4e10fac94f26e11aacf8cbc7c0f72d46de9f5f9a2eb59878b497751adf53b728c0ed48b7502d20b666e8cddc988a5c068e0cb299be4612ffe6d951b0fd062b72b49ac73a8935090d80d118cef1ac551f3fc0b69b9d30c504abd335b011584bb4299f3c911fc545ae9ca6d78b046201a91f241b109a2e77c6b2d250a3477c6b2b894d6bd4719a1a39fed968d7daf997c9ae1cd09e57ac518662b184801f5c6a4984ec92649e22ff55c16bb547e51c3e6093d84de1e17ec98c4ce83b13b779c156c8bb5764e9b9b6b59228f488630004eed2a4f57ee69812808b630f81b30c50ae464bdb7493e70a02561d72f3f3d4345f94fcbb95014014ae4953bd5a88de8bdb00e440d9afa66273e7e3960e0d869bc0eb510de23120f1ad678b688ed5cf3a203bcc61af3eacb514c5914e09bfbbc7fe6061b8cc73284711c49a065ae8471d3cd3cac2c55d53ef7d5c80168d9ca210d8b3978a76d57ea555b4ad9d430da6e68ccfd613090afd6d6da0115bc797bb646828d77ae1211b08ddf179365b5a91e5e96059f9c493f3a2c156de018ecf8c60d49358c2246535cb636bac7c8a189374a5368941e0c8850b318893b754d520894ecaae73e6a4bd6eefc32d8f83a5eeb75f08f6c402bb8e7da80bc71500409792d5c8658610e028bf3e31913431cd66ecab460aae4b9f31fef4d9ac74a925caa27cccb81411a4367237f89b8570d813ba615fd55824d4fb754fcea31e1f93d979e80142b2e14bc08828d76cb839a84f4e8d9baf63ed93834788722b7f1414f89a906a634ccb6dba42493d6d92ca7a8540867ae6f98a1ed0a00eaff76fbdb4fb265b5d04e3d2b9bc437bb25ef1f52d4ded6ef9ae50d99db689525e80756e4a3afdb52c1f7031be936611f5253c2b1b4ee43545719ecb0e41d16fc6cf55ded5b6a863f612f3a81aa6f399aab89f0e84eb0f157f5a835b596e435c44847b6e366da2b465ed24ef218d99a714ce53d8ad20d4b2edf73f83abea5bfb869ab893f5a797d67324076e213355208a6c6a5c7cbbb32c233439f7bafa62be079a790f2b55308ac826a905f7e0c851a66e2c93f5900437595f1cb244938c3393bdd36a9d06745e399dc749a3ae87b22809c6d5995530429368b79c9af2761a41cbf52b39ad2e2122912e5a75b603d2eb71bd221065a6e0dc35d7d0b277bca866b051969eaee4d573268c0ada238ee9625d41f89c40d6374fadee83792c202b6f486cff7bc91ed8b0079091fa8f53f0ddc70f4b2d845b29719dceaeee73a82ba3432eebe6e34d44970e3e11e35563a609cd1a3e15e2f38c3eb8e8410bfa145029b1362ba0a5c3b2bcf9d158da0ec407f9e1d779151cfa728a88f62fdc8eeb39c86095fb8401890d9a58d860aeb4c85d74ccf60335db90f8306cf8ab61c404abfe8beb39e8dd904674f558af3d866dce6a742481a2affa77140a07619af32240f56db301b48eeeced5dd35c17fa3834f612331795944558d44fd9082d8115683794d0a176d2c2af8a8198997c55a20a7bb85fdb2922658743bd0eccd8c64aaed7f602ae2ecc2e26398f0578c1724afa533ec2129aa590034bacb5b50f64f634d9c707cd5d21628e779f29f2a44014507881772054eca46ba8823e524154207c62c5cdb1433b814c59cbe593c5920bce599361da9713769b82b80984ce29354039d797adf393c4e4081129b920d5f75d6bf1bb663699e14bd611dd36f0f635122887f4011b402d216920acaa4c34290e05ef49ba14a6836de7f2923e6a270148f2cca9bcbb9de3f871b24150352555daf548d9a7014e7f30fa0f840b21d70e2a252e5e25aef4554606438f928ef24aa371f593650229931dcc61560e1bbcbaf19ea19b72720e12ad8b15c6bc1b62d31d0ffe3a976d320584e2ce20134922808383224952917c2b1109ad4e6d4be44c6414babf42072f0fa3bb2a5b2ac2f936843531756be302eb749d28214feff8df19b575356062b0258bc40219f2a1cca1b96c37d42bbb27cfb794bb67e5ada2914f347d97efb79ea98e10b649f0ba415d91395eaccbc58661cecdea78b6270717cc660df6217100f738dfe7fa604be3d7ad52f1c1b222c8866c4b501afcdee63543ee987ba6d960f3c43a450b9a9287b6e44238de0829487acddecad3b173c16161e5c3708a1bead5a7e40037520fd76a577609ab93b25e8aab00972412ac0d188ec942a6ef777e9c7eee95a68d5b7da5e62a7b544ba61bb96dc359e760f96842923e6d02cfd02b1d95b35a9f7cd85bad9306ceb1d82546366cd3385813ecb0fe672bc56a647c90249c52aa23671d7d095cbaf0eadb8af61bfd018f877225fa2e2c9769480a00295bbfc477304ed1046117ae8517ab33255fb00d5c9c954744d61d72cc13fd4e21ae1275a38740acf7516845362bc6bbe5c4e21e152f0a63053cb0cffc7147705589ad7b82a0881a1e3bf0936edb5442d48e6ed808d99fa06033502fca12159fc7332fef89a25c51ff629808bc4abfe25bad4c9020d8d02d9d550f77a313751ca0e3fd86e74fa2daa9019b397d71631edfcfdeb80dba58270634d5493170e12d93a961bcddcd1508e2204115bd44c130a49f059e9b40f2c1848babd6743568f12a88a05f55985288fab1345fe729be6cb4248f48f5abd4a12e35a2dcdf75b327a477317b584479ebfada249589eb1958d2d72ae0e23db25968217b514d55ed041e13e75e579da22fe0ecccce33dcbb1812d6e6d58a334bb0a4227016e81d84dd38aa427f2d70e5b8c8c85a40bc1fa4797933b8bfc311d325f95c6623057833f5ca89800d7940f104998972e1446755495bca27d59cd28f81fa38f166c8cf3d0468605271f1fb7b6b421aa08803f5ce3d6e7ec7ea566f50fee24f9715a0ab015d8be9bd03da1193128a2f8f6e246ed8fb7d6eb0e7ff9d76a9f27568a82f9ee3631518afc5b36e063bfeb486c70ae492a9b400f4b1d7daacfb3d250fd990641d222369da4ba935d2797868cee4b47d5fb06cf7666b33070c13e95c96f8cf7244a9425b098f7f47baab0c86abac87732811b15078c8a06af0870388a4663b796298f450c6bf8670982fff4f4cf6a599fc08bd8bd64145b8960a72722a3ad102ace636a88a4175060ca75d37283ec8c142cb14a57e7ad7415d95b630f41fab209b359d168663e22a2e502f5516560ee0032a11c88b0f94ec65ec32c621db2a4f687ea51b8e9e05eaa394e212e6767e74026364196eaf0e8743c042608d6c9b0044f0eb80f36a72971c484f4b94cd416666e7226e08d332e574984e3bff8be06bdf2e852ae9338887b895e5e309d68384e1b7f283f0b89e520f676f4ee350d920835adce3ef7e54342bac5ed52ecb23504678cf70fafa237a636fcf88e071f72a99ff93697e4ebad6e2b515849513693290247820131649d86ec1e0e2cfdd1c69a0bcbb120d5696b6", 0x1000, 0x4}, {&(0x7f00000015c0)="37faef61ff7931", 0x7, 0x2}, {&(0x7f0000001600)="8b26915eeb2cda984090bba7d112638f6e600bc5f07fec49a83add001407b47ce8e7434521d7be512c5770dbc67d0bc4796e0cc8f768a094849672aaa664acfbe4213df926e2ac371c45d9fe9454b7e5677b558cf118d2519b47b65228cf9402523b0ea7989b20f33f0c889ca0498c3f7abe23a440b77b45bc15a4b66e9a46755b3171a27c821424e90d22c01d43f336b53bf8acff85051709b2cdd64ad2a5c1894a1845f5e2b31abe52820fd7e746a85df2d8a4cd46eda4320efcf5ebce7625aed2628d73d40bb78cee9e5ff704e0d026166d44517dec3180d42b7e2dc5b24c96a53c28e5c68550136d7567a9dac1af1355bdafc4e43043b2b0f8b61e2ec6c81ecc7012459897d1f3aa868990da3e8bbdf71ef8c91f33e6ac2aed519fa184a838b0bb145470c7a7f5b4c088ad9b7bdd8d9a38bb0ec142afd930e0154101f66e5c6ebed2877ed939c483e5bea14bfda804a2ad143b6c9b42418eb80339665664cc9d23dfcd661fdef8f97fdf90f190d7ce66e18c2270dd7d89f63c7cbc4c6a277418d5aa0822e2aa96ec6aba0c7c7a499f6dfafcb2116f7a101bd4439c47925bb55a56864b0570a9acebc4b34dc846a825ee6386f4036af6da00b30f7c72e78b984973cc0f40de09ec825991c32d34dd0cd0406b61a6b97f50db299dead76fbffeac415778d905a4c665b73554b14a930488292ce0841995b782bc59b783fa4509f038ad2e19195cf011862782427e0c41ee3d6b0d6913fa41c23267fb8705d78b51609c4684f6159cc2af836509d314cdb1d1cf2b9e483568d5979066c9041b9949ad4511a578b48281757e76ecfea0759468ae3387f70b577f2f0b7fcd5989cf950199401504dbd3fd358a159df5c5c5d762145fbaafc718d5fa94e6456d79be11ac0263e0c20ad4fad102fac711e39681e0cc12a8b766410896101fb8785f6bdd6620df5e488bbfe91a6998542dfad70ae6489f1d570bf1623ded83e1cb99e43395fc2214f7a903639c545908b26249bceeb3838b859b1f9139c82b09a2900f7d73bced75caa38d739c46e1de0e24fbf75840dd7ef10e56943c0107f972d3de1dcd1f0f939fd7e739919340fe2c5837e29406f31cbe4b6aec0771f5f8682ddea47bb13f1820a0e8e021296bdc582beef996b11932b576eac840dd4917566aba0ad9b796b0ee5ca3de3c406a2779177157f8712a42e92a657a3894ac3cb51d6de6a7ae47ca59ebb5dd09bfe6bd591680ed8ecab974fcb106c14fd42b99462e7580ebb7852661a57cd95ea72f6222fb13f7cdbac4a5909b3ab50f1304f1356e515553674aebe27cea27c7385c1d617c0219f2a18c7aa1891978ed53cfeeb8f997fae9b3aebefb50057141cede13b899ffc5bfb76dff9281a03fe058a0c330277a1e66f6d666361b87894b4544a55342fd097a25ce5defdbbe61b7388e743ac37f527da3464d279df91b4889ca4ea297c141a3c222798a79d79a480e062889c4a1abaea446d226abcec47eca9f2ad674fd1f0fdd57f998717b127e0c01db9c56d72f500f8b1ed77cdba1fd948e93ab5af3e336ba3bb045a5de5f37f4c4646c8208a904278b439eda3beba1bad62b49f70caa51b4175ac59aade8440547eb95e568e08ad44eaf8a9973b644b4deffae13df47501655cd5cc97a1369c571347ebc44c03cde603c5a121cb03386000391ab03ba0387ef42f639fc19324606b5a6301203b332b6915674864e0202f0c4b47dd1fa0f496d5e861426ff0528144b8d77ababc723982f09667c7242db20b1a6c6a85aea799f8ecc77241e9a6bfebd05bf20642a598416e8afc4d9ca4f8cbb6f11cd659a1dc19d5918003709cb6a95e786ca563ec6d71a228ddc74eea116b88ad3818f5f3230cc6d453c078ca9d442bbe6f271dcfd52229c26e4175960eb0f00974d30702d8d7c2d2e1018a3058e00668977c002464eda872dde70f377f3f0bca4649cb0f843498f09c7425d97b33e58279b885b91cd38faae7acf11b0e19f1683deff92a40704257461b3938dcc3469681db9fee7c7442affa7b754d3ecea4cef133c3267204966c08d5444dfc3b521ff91aa684a52482dac1705d818045fcc261ea0ce6ca7b3425c35d5232d9c36f329febcb1946fcf0303ee85a7348a3646a06e78668bc928cb441b8b8547cc561ff81bfcc23565810ab79eeb56f6885f3908d81205b6d3259f0128b22c9a3e44b5060cb71948dcbded5e894206e7df232fe74b8a0eabc5699bc3cdbdcc8f6546df04f1e886359866e7f4ce884dd14f2884b9ef6c96aa5a42fd5b889b4fe8d425d27fe9cbd4b67bb519264958a26e54309827cb1b8325bfd8545fc8277ef99f7db55e501341f7ca69f45dcd450dfcc289b35647ab65b38b65a976c1f8dc138b7df6eeb22f0e1dc3de8001165f472120788f5c4b547339970de9095fdfac1838596c54991764bdaabf23a2ac2f0f1a0b0cad2da9e25e80a517e2db945c0a200399453507a8751d1b324cb513798a012c4a4ad2714fd30762cb987e17574a186908f28b61ab57c7c7243be8f44e12864a5e0122b21e83b1785cba06d0d0315cac2f8f4b0b8b45bc48299926502ab41d5ef2c286011b0087a663d2135e8f6b1a336c9adb9312aea6dbcfd017350f98ed400c0d885edc6125c465dd0b1368f34b8e55e7a51d19c61ac043f2c23452eadca34337a0e583e99653d4cd195e53240d033cb7637e0ae15a3fe26631d3b7c995b1295037eeaf4671c338ae306559eee13f7d6fa6c723a9b8d5288c8d8e1a58c7228c14441f225d9b99f00d9119ba64d6228702061d4e9ac1141f3ac87952569f09f5fed1f14910a70639c8ebe40ac6c259643448b505732bb8a0c55daba60cecbf1a1c23349a4c7c2141a7ae68a607563696b3678c6f369b4b8ccb40356b2b3603b6f805c7931278102ee5c83d392ed53c6b5d92cc1b69d5f9a608d20ca9e936bc7856aeecdaf8ed6f8b86cffb73575154511cc043b2b06f56a966c09905c3f5507a0d0953fa9e78cfa614eba3bb5765435f0428842011c7a6ce1c7cf6695f7cabc85dc0b722d0994060441a7461ec2821594a4357ffcbc6534133575c643b0330332302ee8db5a7c3dba533eea0462edc912e411f74e5dfd8ab2d7db8b22a3e0ac4365f135ecd04fad3831428de022dedf50cfd10f4d8d851b31656e9bc28b807bbafce22a073599a697e03f0f84bf61cbe534ee43341da10fa979530f207884c0dba7cf41ab9ff916216865688b99869b609cf5242b70f5ba242be0db0c728cec5f2ffbc00a9cea835952a1fe28464906f0a911d2c51bc3734d091f74c543ae2e99907752b9b0eeddc829d2e16caedcf01ad5d5661f7131fbc4099498675849c9e248d0f17b9123bef277d18e31e2dfe43056eb4abc1659c0b8e093ab541a1c34482b74708d28a2361d5ed4d28c60bab3a13684cfddf19c3d9869444297e4b1ae3e04b5f57867129255591e6c77e6e70ca0eb7159c34907694f3db43878d863be9198c1e8099a944b6b640e6abfeb993f1695479d9798e47ec95b86613baa6712595f181f98a2cac1fcd74aa0ec92cf5be1e2ed803fbb33b009a52baba8efc206df541fd2ba40413bf2bfdef1fd34606bbb3829f9ed28f271defa4a1af50db257dfa28f1afde51ff68335c787287eab0d1cc0f4d56c1beede3fe0f7d76818d598e41fcdb2dd358f6001fb59bbe0ead9e17324e0de95653aeb23a2d433b028907ec25e2f7a3dd1954c66aa93f50dcac1a4f05b0fc46b3059f07305de9431a21e3f648cd02c623d29481d3cc42698b7e0d21d64fd2b1ddcc302c33e197365e838401e9ff4344ea4fa449a882089c7ad39d36a424fe0fc7dd1b90e5ee97aabccfe97dd362b2b31404378b8096979becd0e63f129ead30473f776132adaa4528a981f0b221774a72b9ee8c06091a533bdb00bc68ecf04cbfdd6ee07629d9e511f95f18c00cbb8daabf8ee13489f200e96a8e4eaf14b6e20a7cb0403ce3b01a5ddd0a3d1bc6e06da2cd62aa311882a4dd3ed1317b0a1dca882f0416bf1d18a12a8ea55f9feeb0c1b05c276ce6ee08c86d9e4baddc262f1c08e4538d9550a7a2475aba58932669c6e8e7b5c53990b5fcd46c3f11bb7825afb339bb9684785a0779ab710d4ec2b0a5155b3b3532503f6da8aa91ee8866f954835a076413cb1896a36e67a6294c7a6dbfcaa8b2c962f861242e85315f3f603b57090be5e3f1087e211671c2c3b43bb82203cd430dfdd2b5d8bb12efec880d7318b10fc694ba4cd93caf1568f759a680ba6ba14d4e7fd67051d4e49559fe1e5663359374204b33999f56bee007c84477bee902c4715df0575482c46ed0d5a9ef1e215382bd78107f872454a7dbcd954f8b4f336680228faed3f0cf739195a059fbe9b9f763982b3d4a4e636622fc04a7f7354ed28b692be1cd204cc48d77f1ab74ec5dc2bea1a997c58d0c41efda51d4211ba37e8b856f7be84d166eda32c43b550f05a56adb4006d7f9ea3a3aad280301b3a2eff3fdeae1f2297c3d1c9c187263023f3944afc7c1fa0239d2ea6394cdac795a271aae89274441859af53635d0c16e7de3e00c9efbeb2b1aaa1357e33e54acd0768e2342e52a3b667773bffbeebdc10afda0f641ecd7bbb25bbdef4e3046ac32e292d724d8574ad1ecb7c90a834cea97d52ee6b635f4d5d5cd959c4208a6087f3bf729e7ad6c3d8c630405d80b54da79e8b30908ad273d0098d18289bdf355acd3195413fc506d63664589fddd8f03b065142a67b75855e0819408df1312e975c0017dec66184b0bcc531349c4846615c5fb654e3dda2d380dd048059c6a03cd914cb0a1920153dcbb55a5bd5b51d15cdf613b9fcc59f38a3235bb9f6708b7ba36bdec7f1d44a92a65455777b03306ca620c0b9e157097881c2bcc5dc8cf8a6f26284d77345f45af16f91a7f9cb1ff07f077c151d082ff9a18c05efc1db87733b773960872672b3dd62339079678104354eee92bbc909b48b4392465104af8f63c4ee064ea9768aa3ac2b743d18b4e1145aeab6ec746bff1fa383137ca4ef59d60372647da637907350df6d79a11b1ed632dffa709c4ddff501740bdfa0e221d87e685bfe0693a2dec20def6a26e021b418d652d50ac66d65bc0eb09b7483050ffe5ea9bb98b3cea397fb35f4349a55e960b34168bbcd72b1294978a08ad872a8723ebbca3bf9f9b09e37a3823bdbd858a0a5c3028b655fab788ebf548ab8438dc01f0ea73bd28671bc7d5149b51c2af1dcee82aca6ca70f4d6249fe6fe582d855cc37ed6b35bc5b16931d77d2b42c4d2dc7d1e43cc26b869ff04aeea0b8547d9275e73c3a1d996d754b859a522cbe1c9d93b49ce06c516577834b3d08491b003652d8cb1de50dd965515196c8128a323bec15a15eecd03b949d5684ef4be5752bf437d2b209cb59e6306d02f838ccd87d6cd52232067e241b8cf0352c46e1287c8670e5d2442a547210122e7bbb191fbe7d2871969c1b95eadb6e0f3c4fa1e5ae19b23e849a7d528d24cb6f55a2df057fe59c208f8e610a80d6c2bb054bc8e155c0f3e283c9493a30186ca2dfe2266fdd902c98e4e0bf376d8b6c372c786a909ede1d5981961abc404186c8844c5be94c0769a842c99da9fc24a7e92784c783b19bbb4f421577736260ac0d82d5fa48d3ba1b75c8996eca2c5f98b9e2d582be99dd6963e6909f27dc45ada63f721433dece15b3952da8cca330ebeda30ae6f4d98a12d2e08997b7aacffafb710e137d0c42f0ed3bb56e290432ae1a665381b05b88634a01a49ce634ae1d", 0x1000, 0x9}, {&(0x7f0000002600)="460855b2a3e41a452d8bbb6f6c844c137448895d435547549386ae3c89361665b12c766e8ddf8e9675227974b2566d9ee21209ff465657a11e409a8a60e79359877984438c788bbf5b95be4a3f403da62d77830996961776ad5cccb7392c0f5568fca660c8995270d666b10100ad55624f0c011e0eac574c820ea62f94ac1e040b6e06e76c757c2c4a3d11b59d5bcf37a322337fb4d729af84ea32cde35e8fe6b2460b1a418a08f9ebb4bb0aff826cbf77be35673577ada697bb769f5b0dc8f60e921a3c8b57afc83af651c3aaf135cfb88970be94c4937945863e65b904c3c2b4dd3e8898e51af4cd6ae1f3e6", 0xed, 0x80000000}], 0x40000, &(0x7f00000027c0)={[{@acl='acl'}, {@nospace_cache='nospace_cache'}, {@nodatacow='nodatacow'}, {@subvolid={'subvolid', 0x3d, 0x5}}, {@nodatacow='nodatacow'}, {@user_subvol_rm='user_subvol_rm_allowed'}], [{@euid_lt={'euid<', r5}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@hash='hash'}, {@dont_hash='dont_hash'}]}) r7 = dup2(r0, r0) r8 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r9 = dup2(r8, r8) ioctl$TIOCGSOFTCAR(r9, 0x5419, 0x0) r10 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x0, 0x0) ioctl$EVIOCGREP(r10, 0x80084503, &(0x7f0000000200)=""/102) ioctl$TUNSETVNETHDRSZ(r9, 0x400454d8, &(0x7f0000000180)=0x8) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) 04:51:42 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 777.999050] ? memcg_kmem_put_cache+0xb0/0xb0 [ 778.003580] ? get_mem_cgroup_from_mm+0x156/0x320 [ 778.008429] memcg_kmem_charge+0x136/0x370 [ 778.012667] __alloc_pages_nodemask+0x3c3/0x750 [ 778.017958] ? __alloc_pages_slowpath+0x2870/0x2870 [ 778.022987] ? find_held_lock+0x35/0x130 [ 778.027072] ? copy_page_range+0x124f/0x1f90 [ 778.031491] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 778.037050] alloc_pages_current+0x107/0x210 [ 778.041498] pte_alloc_one+0x1b/0x1a0 [ 778.045346] __pte_alloc+0x2a/0x360 [ 778.048987] copy_page_range+0x151f/0x1f90 [ 778.053254] ? pmd_alloc+0x180/0x180 [ 778.056980] ? __vma_link_rb+0x279/0x370 [ 778.061098] copy_process.part.0+0x543d/0x7a30 [ 778.065742] ? __cleanup_sighand+0x70/0x70 [ 778.070002] _do_fork+0x257/0xfd0 [ 778.073464] ? fork_idle+0x1d0/0x1d0 [ 778.077195] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 778.081957] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 778.086725] ? do_syscall_64+0x26/0x620 [ 778.090710] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.096079] ? do_syscall_64+0x26/0x620 [ 778.101284] __x64_sys_clone+0xbf/0x150 [ 778.105279] do_syscall_64+0xfd/0x620 [ 778.109096] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.114288] RIP: 0033:0x457fda [ 778.117498] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 778.136406] RSP: 002b:00007ffc40f2ede0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 04:51:42 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(0xffffffffffffffff, r2, 0x0, 0x8040fffffffd) [ 778.144210] RAX: ffffffffffffffda RBX: 00007ffc40f2ede0 RCX: 0000000000457fda [ 778.152089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 778.160318] RBP: 00007ffc40f2ee20 R08: 0000000000000001 R09: 0000555556e18940 [ 778.167678] R10: 0000555556e18c10 R11: 0000000000000246 R12: 0000000000000001 [ 778.174949] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc40f2ee70 [ 778.229979] Task in /syz0 killed as a result of limit of /syz0 [ 778.236750] memory: usage 304868kB, limit 307200kB, failcnt 4435 [ 778.243302] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 04:51:42 executing program 5: bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x330f, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000400)) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getgid() readlink(0x0, 0x0, 0xa) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/fuse\x00', 0x2, 0x0) ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4004}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) sendmsg$key(0xffffffffffffffff, 0x0, 0xc080) getsockopt$netrom_NETROM_T1(0xffffffffffffffff, 0x103, 0x1, &(0x7f0000000080), 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) 04:51:42 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r1, &(0x7f0000000040), 0x10) setsockopt(r1, 0x65, 0x1, &(0x7f0000000080), 0x1d0) close(r1) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000d40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x8044010}, 0xc, &(0x7f0000000d00)={&(0x7f0000000ac0)=@getae={0x23c, 0x1f, 0x100, 0x70bd2a, 0x25dfdbff, {{@in=@broadcast, 0x4d5, 0x8, 0x6c}, @in=@loopback, 0xffffffffffffffc0, 0x3503}, [@tmpl={0x104, 0x5, [{{@in=@broadcast, 0x4d3, 0x3c}, 0x793f02c51589a62c, @in=@rand_addr=0x6, 0x3500, 0x0, 0x1, 0x100000000, 0x7, 0x95, 0x4}, {{@in=@loopback, 0x4d2, 0x3c}, 0x2, @in6=@empty, 0x3506, 0x2, 0x1, 0x8, 0x3ff, 0x1f, 0x10001}, {{@in6=@mcast2, 0x4d6, 0x6c}, 0x2, @in6=@mcast2, 0x3502, 0x1, 0x1, 0x22, 0x32fb94be, 0x10001, 0x7fffffff}, {{@in6=@dev={0xfe, 0x80, [], 0x1f}, 0x4d2, 0xff}, 0xa, @in=@broadcast, 0x0, 0xe, 0x3, 0xfffffffffffffff8, 0x8, 0x1f, 0x2}]}, @encap={0x1c, 0x4, {0x1, 0x4e21, 0x4e22, @in6=@mcast2}}, @algo_auth={0xcc, 0x1, {{'sha1_mb\x00'}, 0x410, "ce65da4af1649f2f2ee3f0d0010da58ec98ac5cfcdc8c54e23cf897d5822f55722ba4554af5e4a7ea4df2db79a37281ba22f8edcb644fb8862d0b9ff35ff0f885b144f669e2c5258aadf170206d063871939c9e582c7dab93fbc81eb3131daa7608979b6e12dccedc3f753e2dc6846dc8936af28460abfd4f04c8930ba9e82ba8fb9"}}, @replay_val={0x10, 0xa, {0x70bd25, 0x70bd26, 0x2}}]}, 0x23c}, 0x1, 0x0, 0x0, 0x24084}, 0xa0040c6) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000000)={@broadcast, @multicast2, @broadcast}, 0xc) write$binfmt_elf64(r0, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x0, 0x6, 0x1, 0x7, 0x2, 0x3, 0x146, 0x323, 0x40, 0x6, 0x28, 0x1f, 0x38, 0x2, 0xfff, 0x5, 0xffffffff}, [{0xd8e9caa7, 0x800, 0x7f, 0x3, 0x210, 0x8, 0x100000000, 0x400}, {0x4, 0xe0, 0x301, 0x1, 0x100, 0x4, 0x3, 0x5}], "3f9c7b0688bad3f34d81b10baab9ceff49b781d82f6913b82bae169bbcf4c0b8fd737b977f4fec75a315530a93e590193d6a99c908dafea7f147be90d0ce8b93", [[], [], [], [], [], [], [], [], []]}, 0x9f0) [ 778.271653] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 778.286967] Memory cgroup stats for /syz0: cache:0KB rss:227560KB rss_huge:190464KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:227492KB inactive_file:0KB active_file:0KB unevictable:0KB 04:51:42 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r2, 0xc0305616, &(0x7f0000000040)={0x0, {0x1, 0x7}}) dup2(r0, r0) syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x1, 0x50200) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) 04:51:42 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(0xffffffffffffffff, r2, 0x0, 0x8040fffffffd) [ 778.419156] Memory cgroup out of memory: Kill process 14704 (syz-executor.0) score 1113 or sacrifice child [ 778.435867] Killed process 14704 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 778.465752] oom_reaper: reaped process 14704 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 04:51:43 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500fd0000005f3f000000000000000000"], 0x38) [ 778.606314] SELinux: ebitmap: truncated map [ 778.625293] SELinux: failed to load policy [ 778.656061] SELinux: ebitmap: truncated map [ 778.661903] SELinux: failed to load policy [ 779.587238] net_ratelimit: 14 callbacks suppressed [ 779.587245] protocol 88fb is buggy, dev hsr_slave_0 [ 779.597448] protocol 88fb is buggy, dev hsr_slave_1 [ 779.602624] protocol 88fb is buggy, dev hsr_slave_0 [ 779.607735] protocol 88fb is buggy, dev hsr_slave_1 [ 779.997276] protocol 88fb is buggy, dev hsr_slave_0 [ 780.002467] protocol 88fb is buggy, dev hsr_slave_1 [ 780.227202] protocol 88fb is buggy, dev hsr_slave_0 [ 780.232576] protocol 88fb is buggy, dev hsr_slave_1 04:51:45 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f00000000c0)=0x1) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x82900) r3 = dup2(r2, r2) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$KDGETMODE(r6, 0x4b3b, &(0x7f00000001c0)) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) fsetxattr(r4, &(0x7f0000000100)=@random={'system.', 'ppp0\x00'}, &(0x7f0000000180)='/dev/rfkill\x00', 0xc, 0x3) ioctl$VFIO_IOMMU_MAP_DMA(r3, 0x3b71, &(0x7f0000000080)={0x20, 0x0, 0x10000, 0x7}) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x10000, 0x0) 04:51:45 executing program 5: semget(0x0, 0x0, 0x20) stat(0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0xc) setxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.capability\x00', &(0x7f00000001c0)=@v2={0x2000000, [{0x648, 0x5}, {0x7ff, 0xcad2}]}, 0x14, 0x3) ioctl$KVM_GET_MP_STATE(r4, 0x8004ae98, &(0x7f0000000080)) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) bind$pptp(r5, &(0x7f0000000100)={0x18, 0x2, {0x3, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x1e) syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x10001, 0x8000) 04:51:45 executing program 1: mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f00000000c0)='.', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000440)={&(0x7f0000000000)='./file0/file0\x00'}, 0x10) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x200, 0x0) write$capi20(r1, &(0x7f0000000080)={0x10, 0x0, 0x1, 0x81, 0x5, 0x8}, 0x10) dup2(0xffffffffffffffff, r0) 04:51:45 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(0xffffffffffffffff, r2, 0x0, 0x8040fffffffd) 04:51:45 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500fe0000005f3f000000000000000000"], 0x38) 04:51:45 executing program 4: syz_emit_ethernet(0x3a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa00080046002236497c3c5cfe5290789f141400ac1400860490780000000000000000000000000000000000000000000d186804efcb25f490fdf98cccd6"], 0x0) set_thread_area(&(0x7f0000000080)={0x3, 0xffffffffffffffff, 0x4000, 0x80000001, 0x58, 0xff, 0xe23, 0x8fa6, 0x3, 0xed}) syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@broadcast, @dev={[], 0x12}, [], {@llc_tr={0x11, {@snap={0x3, 0x1fc, "b233", "a6e8df", 0x15, "281406b758ad8d4285f14955ac1a5d0e03a47b03ea1aba8f80944bfc2342d79a9455a04d3639807354437a1e34010273e3aee0d78edfad"}}}}}, &(0x7f0000000140)={0x0, 0x4, [0xb46, 0x7ba, 0xe7e, 0x646]}) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0, 0x30c) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000080)={r6}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f00000001c0)=@assoc_id=r6, &(0x7f0000000200)=0x4) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r8, 0x84, 0x11, &(0x7f0000000080)={r10}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000240)={r7, 0x8, 0x101, 0x2, 0x80000001, 0xca0, 0x20, 0x5, {r10, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x8, 0x26, 0xfffffffffffffbff, 0x5d, 0xfff8000000000000}}, &(0x7f0000000300)=0xb0) [ 780.668559] SELinux: ebitmap: truncated map [ 780.673394] SELinux: failed to load policy 04:51:45 executing program 5: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0xb1) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) 04:51:45 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000001640)=[{0x0, 0x0, 0xfffffffffafeb47e}, {&(0x7f0000000640)="5244534b377c0626", 0x8}]) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) finit_module(r2, &(0x7f0000000040)='/dev/dri/card#\x00', 0x0) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, 0x0) 04:51:45 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000040)) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:45 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:45 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185500ff0000005f3f000000000000000000"], 0x38) [ 780.928848] Dev loop1: RDB in block 0 has bad checksum [ 780.942095] SELinux: ebitmap: truncated map [ 780.946693] SELinux: failed to load policy 04:51:45 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000013) 04:51:45 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x8, 0x20000) ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0) r2 = dup2(r0, r0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r3, r3) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000080)={r4, 0x1989b6bf77fc9d2a, r2}) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) [ 780.966663] audit: type=1400 audit(1569214305.342:5136): avc: denied { module_load } for pid=20703 comm="syz-executor.1" path=2F6D656D66643A2365A7827724202864656C6574656429 dev="tmpfs" ino=107143 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=system permissive=1 04:51:45 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:45 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0xfffffffffffffe1b) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000200)='8', 0xfffffffffffffd84, 0xfffffffffffffffd, 0x0, 0xfffffffffffffd62) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000240)=""/139, 0x8b}], 0x1}, 0x301) 04:51:45 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855f3d31800005f3f000000000000000000"], 0x38) 04:51:45 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x86cb6a7df8722f23, 0x0) write$P9_RREADDIR(r1, &(0x7f0000000180)={0x122, 0x29, 0x1, {0x4, [{{0x0, 0x3, 0x7}, 0xfffffffffffffff7, 0x10000, 0x7, './file0'}, {{0x0, 0x3, 0x5}, 0x3ff, 0x3f, 0x7, './file0'}, {{0x20, 0x1, 0x6}, 0x5ef7, 0x7fffffff, 0x7, './file0'}, {{0x2, 0x2}, 0x6a, 0x7ff, 0x7, './file0'}, {{0x20, 0x0, 0x1}, 0x9, 0x7fffffff, 0x7, './file0'}, {{0x48, 0x3, 0x4}, 0x7, 0x8, 0x7, './file0'}, {{0x2, 0x0, 0x8}, 0x4, 0x70, 0x7, './file0'}, {{0x44, 0x1, 0x8}, 0x1, 0x82, 0x7, './file0'}, {{0x40, 0x4, 0x5}, 0xdc6, 0x7f, 0x7, './file0'}]}}, 0x122) r2 = dup2(r0, r0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) [ 781.354224] SELinux: ebitmap: truncated map [ 781.366533] SELinux: failed to load policy 04:51:45 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:45 executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000040)={0x4, 0x8, 0xfa00, {r1}}, 0x10) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$VIDIOC_G_SLICED_VBI_CAP(r3, 0xc0745645, &(0x7f0000000080)={0x2, [0x6, 0x368f, 0x1, 0x4, 0x5c73, 0xfffffffffffff6dd, 0x724, 0x80000000, 0x400, 0x5, 0x1, 0x1f, 0x9, 0x4, 0x5, 0x4, 0x9, 0x566, 0x1f, 0x4, 0x8, 0x3bb5, 0x607, 0x8001, 0x8, 0x2, 0x4, 0x3, 0x9b24c8a, 0x6, 0x1, 0x4, 0x6dfb, 0xfffffffffffff65a, 0x6, 0x36, 0x6, 0xffff, 0x6, 0x7f, 0x7, 0x5b, 0xe9d, 0x0, 0x4, 0x1, 0xffffffff, 0xb12c], 0x6}) 04:51:45 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855990dcc75005f3f000000000000000000"], 0x38) 04:51:45 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x11000, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x9, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r2 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2) r5 = perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = dup3(r5, r2, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x1000, 0x0, 0x1000, 0x2, 0xffffffffffffffff, 0x6, [], r7, r6, 0x1}, 0x3c) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@local, @rand_addr, r7}, 0xc) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, r7, 0x2}, 0xc) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000002180), 0x4) 04:51:45 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 781.627774] SELinux: ebitmap: truncated map 04:51:46 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e918559f0dcc75005f3f000000000000000000"], 0x38) [ 781.656927] SELinux: failed to load policy [ 781.667231] protocol 88fb is buggy, dev hsr_slave_0 [ 781.672504] protocol 88fb is buggy, dev hsr_slave_1 [ 781.791054] SELinux: ebitmap: truncated map [ 781.795898] SELinux: failed to load policy 04:51:46 executing program 5: r0 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000140)=ANY=[], 0xffffffffffffffdf) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x8000, 0x0) renameat2(r2, &(0x7f0000000000)='./file0\x00', r3, &(0x7f00000000c0)='./file0\x00', 0x5) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r4, 0x10c, 0x6, &(0x7f0000000040)=0x80000, 0x4) 04:51:46 executing program 1: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x44101, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = dup(r1) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x100, 0x0) ioctl$TIOCLINUX7(r3, 0x541c, &(0x7f0000000100)={0x7, 0x600000000}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x5, 0x1, [0x0]}, 0xa) connect$rds(r2, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) 04:51:46 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e918551fffffff005f3f000000000000000000"], 0x38) 04:51:46 executing program 3: capset(&(0x7f0000000000)={0x240200399f1316}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xff}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:46 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) 04:51:46 executing program 4: lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'L-', 0x7}, 0x28, 0x2) r0 = socket$pptp(0x18, 0x1, 0x2) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000001040)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0x80044dff, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001280)='/dev/mISDNtimer\x00', 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r3, 0x4018ae51, &(0x7f0000000240)={0x16, 0xf2c, 0xffffffffffffffc1}) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x0, 0x0) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x1, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r5, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000080)}}, 0x18) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r4, &(0x7f0000000140)={0x11, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="00fb7000fb7fcb5406f0d4871e4f05c40127550c56c7f24e6d7ba89b9d939bc4fb72bc1d7f07fce65b5ce35ec8d757d7a63e2c59a28592b7724604535f947d11bdf3df8e30c21ef0421e8dfb94e11b76cef34596af6b3e73e5499f1c2aeb648d97026bc4be44"], 0x70, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0x80044dff, &(0x7f0000000040)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}}) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x4800, 0x0) r7 = syz_open_dev$evdev(&(0x7f00000001c0)='/dev/input/event#\x00', 0xfff000000, 0xe4c2df3dbed329c3) ioctl$EVIOCGRAB(r7, 0x40044590, &(0x7f0000000200)=0x1) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x400042, 0x0) timerfd_gettime(r1, &(0x7f0000000000)) r8 = dup3(r1, r0, 0x0) ioctl$SIOCRSACCEPT(r5, 0x89e3) ioctl$SCSI_IOCTL_DOORUNLOCK(r8, 0x5381) [ 782.053682] SELinux: ebitmap: truncated map [ 782.085174] SELinux: failed to load policy 04:51:46 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2d0, 0x0, 0x100000000}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r1, &(0x7f0000000080)="a7a4e1a8d9bd92ab0f5616b4c02f01d5b92a6416a50a88ab5b3a065ca7b7813c1d285672a0081f5bea9c9fe8e50dcbe209fe4db1633e54cb1266dd31bd3fd78c8251b710bfa8bc6ac8c68761af685a48d4aff1271ea83213062af408dc69187fb776ad5dc9fff906ef666bd33ea04d202a699f640827fd4b286a8dbee37279f36b546cc1f0b295873d6647ed908498e1db1cab6828d43e63db", &(0x7f0000000180)="8d8aac1feb7d99419825b807f2a4f8221fadc53290af79f2c67f994cfcb3f7319f317d8180e3bbd68a3608b8f9187714a83df866e6acedab29b36f464f3a4961410a22ecddd9f7b9cf25b345c4b82612ac12d3318a6f589f381fbc745384b1c4856f03eda06bd8420329097fa7526bdfe8e0bb1d02268e845ed3e692a2578befa79f4a5f223e23cde7ad101215b3d156367ea282a3186f42655207d0b953b1cc0b4a83933f", 0x4}, 0x20) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x200000) r3 = dup2(r2, r2) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) write$P9_RCREATE(r5, &(0x7f0000000040)={0x18, 0x73, 0x2, {{0x8, 0x4, 0x4}, 0x401}}, 0x18) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) 04:51:46 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501020000005f3f000000000000000000"], 0x38) 04:51:46 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$describe(0x6, r0, 0x0, 0x0) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$describe(0x6, r2, 0x0, 0x0) r3 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$describe(0x6, r3, 0x0, 0x0) keyctl$describe(0x6, r3, 0x0, 0xfffffe6b) keyctl$reject(0x13, r0, 0x288, 0x1fa6, r1) r4 = memfd_create(&(0x7f0000000040)='\x02@\x94\xb8\x03P\xcaC\x8a\xf9\x16.H\x80\'\xc5\x8d\xab\xf9\x1b@\xd6\xea\xd24\x95\x94\x165\x8f\x18H\xdc\xc9\x98M\xf9\x8d\xcdmp\xf8/\x86h\x8fZV\x16\x83\xf1\xa6-\x9347\xda\x1e\xe4Q\xe2\x8e\x05 \x8b]c\xcbQ#\'O\xb9\xbb\xe5\xf3P\xf1\x81\xf7\na\v:\xca\xdc\xe9yb\xb9\xc7p\x92\x8b\xe9\xfdEWW\xad\xd50\xd27\x13\xc1\x7fXo', 0x0) write$binfmt_elf32(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003000600000000030000000038000000000000000000000000002000010000000000000000000000030000000000edffffff0000000000000900000000003d2e9000"/91], 0x268) inotify_init1(0x40800) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000140)={0x8, 0x9}) 04:51:46 executing program 5: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x302080, 0x0) ioctl$VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000100)={0x20, 0x1, 0x4, 0xfffffffffffffff7, 0x4}) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000080)=0x9, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e20, 0x580ec80c, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1f}, 0x1c) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) ioctl$EXT4_IOC_MIGRATE(r4, 0x6609) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000c80), 0x4924924924921ae, 0x0) 04:51:46 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) [ 782.384296] SELinux: ebitmap: truncated map 04:51:46 executing program 3: capset(&(0x7f0000000000)={0x60f025695595226e}, &(0x7f0000000140)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x412800, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) close(r0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) r3 = dup2(r0, r2) ioctl$VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f0000000180)={0xb, @sdr={0x47504a50}}) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000080)={'security\x00', 0x3, "1ab02c"}, &(0x7f00000000c0)=0x27) [ 782.465117] SELinux: failed to load policy 04:51:46 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501030000005f3f000000000000000000"], 0x38) 04:51:46 executing program 1: r0 = socket$can_bcm(0x1d, 0x2, 0x2) io_setup(0x9, &(0x7f00000001c0)=0x0) connect$can_bcm(r0, &(0x7f0000000140), 0x10) add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)="0500000093c21faf16da39de706f646800580f02000000003f420f000000000000580f02000000003f420f00000000000000000001000000", 0x38}]) 04:51:47 executing program 5: syz_read_part_table(0x20000000, 0x2, &(0x7f0000000280)=[{&(0x7f00000000c0)="ad5f3d4601d68cd575d09fe5176ad9d63fc4456d2c8cd948e713a1727860f41055a440c805d723999a533a3461b599b3ca88c124385859d53372450bed8d6eb8792986c8646eddbf53712db221c43b2a880f33aef3a570741e6f86ff69f8bb51717f3eccc98ed62ef5e8ba63fcd9d2d65ce8dc57ef4b8f16840511cc1aea84ed3283ad4de23cdc042eb611285942c141a102e713177d0e46246cd541996c1c84d084b7a6a48b87e3276fcd151f99a336243c39232134b06cf3", 0xb9, 0x101}, {&(0x7f0000000180)="5c8f5769e4b1d4bb9d4411d3af4bb632909d69fca2cde8df29c56f09ea26c5458d89ce1bfca2e1bddcc09cbd0dc3e5fc2d737b9dc0fa7ec599c98a587a7cb5595c5113f8d7793dcbc7bca8b6211944fec4c474dbfed6d25197b5741f552bb011b938451bb8af600e3ebb14e6a0a632798b48beb98c37992662b4bb295eb3548a752eeebec462bd64dda6d799565f554d98277eaf82f6b87da4d43eb34c72de9446d98ba3aec7ef3eaa52d8c575063aad320b94abe233e82ea8d5d5005ddf281ea559734b94b2ab4294145c2d421b6421ad7ad725edbf606763cbcad9032ccd83f7a99a09a041343acea669", 0xeb, 0x6}]) mknod(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0) mount$9p_tcp(&(0x7f0000000040)='127.0.0.1\x00', &(0x7f0000000080)='./bus\x00', &(0x7f0000000000)='9p\x00', 0x0, 0x0) [ 782.695285] SELinux: ebitmap: truncated map 04:51:47 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501040000005f3f000000000000000000"], 0x38) 04:51:47 executing program 3: r0 = getpid() tkill(r0, 0x1000000000015) capset(&(0x7f0000000040)={0x24020019980330, r0}, &(0x7f0000000140)={0x10000, 0x0, 0xf, 0x0, 0xfffffffffffffffd, 0x3f}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) [ 782.735021] SELinux: failed to load policy [ 782.844056] 9pnet_virtio: no channels available for device 127.0.0.1 [ 782.876379] SELinux: ebitmap: truncated map [ 782.885235] 9pnet_virtio: no channels available for device 127.0.0.1 04:51:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b400000000000000620a00ff000000009500000000000000"], &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x2, 0x28d, &(0x7f0000000240)=""/195, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffe59}, 0x48) 04:51:47 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501050000005f3f000000000000000000"], 0x38) 04:51:47 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) 04:51:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f00001ed000/0x4000)=nil, 0x4000, 0x0, 0x4012, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) getsockopt$netrom_NETROM_IDLE(r3, 0x103, 0x7, &(0x7f0000000180)=0xa, &(0x7f00000000c0)=0x4) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f00001ee000/0x2000)=nil, 0x2000}, &(0x7f0000000040)=0x10) 04:51:47 executing program 5: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r5, &(0x7f0000000700), 0x100000000000000d) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000000280)={0x7f, {{0xa, 0x100000000004e23, 0xfff, @remote, 0x91}}}, 0x88) 04:51:47 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r2, 0x0) r3 = dup3(r0, 0xffffffffffffffff, 0xad51e1485c9e689a) ioctl$VIDIOC_ENUMSTD(r3, 0xc0485619, &(0x7f0000000000)={0xffffffffd81c6b96, 0x100, "985e190c5824f1cf6b5dcb5ace8b1acdb09063e6c08a1c3e", {0x3ac, 0x401}, 0x9}) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f0000000040)={0xfffffffffffffff9, 0xfff, 0xfffffffffffff801, 0xfffffffffffffffb, 0x3e6d}, 0x14) setsockopt$inet_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000080)='w', 0x1) [ 783.041715] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 783.063269] audit: type=1400 audit(1569214307.442:5137): avc: denied { map } for pid=20854 comm="syz-executor.1" path="socket:[107324]" dev="sockfs" ino=107324 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1 [ 783.159138] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 783.217393] CPU: 1 PID: 20853 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 783.224469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.233837] Call Trace: [ 783.236446] dump_stack+0x172/0x1f0 [ 783.240271] dump_header+0x15e/0xa55 [ 783.243997] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 783.249109] ? ___ratelimit+0x60/0x595 [ 783.253008] ? do_raw_spin_unlock+0x57/0x270 [ 783.257716] oom_kill_process.cold+0x10/0x6ef [ 783.262231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.267781] ? task_will_free_mem+0x139/0x6e0 [ 783.272312] ? find_held_lock+0x35/0x130 [ 783.276407] out_of_memory+0x936/0x12d0 [ 783.280922] ? lock_downgrade+0x810/0x810 [ 783.285347] ? oom_killer_disable+0x280/0x280 [ 783.289853] ? find_held_lock+0x35/0x130 [ 783.294086] mem_cgroup_out_of_memory+0x1d2/0x240 [ 783.299289] ? memcg_event_wake+0x230/0x230 [ 783.303712] ? do_raw_spin_unlock+0x57/0x270 [ 783.308143] ? _raw_spin_unlock+0x2d/0x50 [ 783.312316] try_charge+0xef7/0x1480 [ 783.316400] ? find_held_lock+0x35/0x130 [ 783.320483] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 783.320501] ? get_mem_cgroup_from_mm+0x139/0x320 [ 783.320522] ? find_held_lock+0x35/0x130 [ 783.330198] ? get_mem_cgroup_from_mm+0x139/0x320 [ 783.330224] memcg_kmem_charge_memcg+0x7c/0x130 [ 783.330238] ? memcg_kmem_put_cache+0xb0/0xb0 [ 783.330256] ? get_mem_cgroup_from_mm+0x156/0x320 [ 783.330273] memcg_kmem_charge+0x136/0x370 [ 783.357483] __alloc_pages_nodemask+0x3c3/0x750 [ 783.362443] ? __alloc_pages_slowpath+0x2870/0x2870 [ 783.367486] ? lockdep_hardirqs_on+0x415/0x5d0 [ 783.372113] ? trace_hardirqs_on+0x67/0x220 [ 783.376491] copy_process.part.0+0x3e0/0x7a30 [ 783.381015] ? mark_held_locks+0x100/0x100 [ 783.385546] ? __might_fault+0x12b/0x1e0 [ 783.385569] ? __cleanup_sighand+0x70/0x70 [ 783.393859] ? lock_downgrade+0x810/0x810 [ 783.393887] _do_fork+0x257/0xfd0 [ 783.401486] ? fork_idle+0x1d0/0x1d0 [ 783.405225] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 783.409996] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 783.414774] ? do_syscall_64+0x26/0x620 [ 783.418757] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 783.424157] ? do_syscall_64+0x26/0x620 [ 783.424178] __x64_sys_clone+0xbf/0x150 [ 783.424195] do_syscall_64+0xfd/0x620 [ 783.432145] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 783.432157] RIP: 0033:0x459a09 [ 783.432173] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:51:47 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r9 = dup2(r8, r8) ioctl$TIOCGSOFTCAR(r9, 0x5419, 0x0) r10 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r11 = dup2(r10, r10) ioctl$TIOCGSOFTCAR(r11, 0x5419, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r11, 0x4008ae89, &(0x7f0000000100)={0x7c, 0x0, [0x4b564d01, 0xfff, 0x0, 0x7fff]}) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xae80) 04:51:47 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(0xffffffffffffffff, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) [ 783.463710] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 783.472059] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 783.480120] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 783.487783] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 783.496031] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 783.503317] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff 04:51:47 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0x3}, 0x20) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x8b0, 0x101000) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000000)=0x3) ftruncate(r1, 0x8000) sendfile(r0, r1, 0x0, 0x8482) 04:51:48 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(0xffffffffffffffff, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) 04:51:48 executing program 1: write$binfmt_script(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x2, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) getgroups(0x0, 0x0) setregid(0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000c40)={'filter\x00', 0x7, 0x4, 0x480, 0x258, 0x0, 0x0, 0x398, 0x398, 0x398, 0x4, 0x0, {[{{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @rand_addr=0xfff, @remote, 0x9, 0xecd4d3b9173fcb66}}}, {{@uncond, 0xf0, 0x118}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0xd9c, 0x8001, 0x2}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@remote, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0xffffffff}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4d0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file1\x00', 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f00000001c0), &(0x7f0000000240)=0x4) unlinkat(r0, &(0x7f0000000300)='./file1\x00', 0x200) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000140)={&(0x7f0000000040)='./file0\x00', r3}, 0x10) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f0000000100)) mkdir(&(0x7f00000002c0)='./file0\x00', 0x20) [ 783.644633] Task in /syz0 killed as a result of limit of /syz0 [ 783.674959] memory: usage 307200kB, limit 307200kB, failcnt 4481 [ 783.704383] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 783.719024] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 783.734591] Memory cgroup stats for /syz0: cache:0KB rss:228368KB rss_huge:190464KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:228388KB inactive_file:0KB active_file:0KB unevictable:0KB [ 783.788382] Memory cgroup out of memory: Kill process 14796 (syz-executor.0) score 1113 or sacrifice child [ 783.818941] Killed process 14796 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 783.838476] oom_reaper: reaped process 14796 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 783.858173] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 783.877904] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 783.883684] CPU: 1 PID: 20852 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 783.890650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.900099] Call Trace: [ 783.902701] dump_stack+0x172/0x1f0 [ 783.906335] dump_header+0x15e/0xa55 [ 783.910480] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 783.915574] ? ___ratelimit+0x60/0x595 [ 783.919450] ? do_raw_spin_unlock+0x57/0x270 [ 783.923874] oom_kill_process.cold+0x10/0x6ef [ 783.928392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.934002] ? task_will_free_mem+0x139/0x6e0 [ 783.938509] out_of_memory+0x936/0x12d0 [ 783.942484] ? oom_killer_disable+0x280/0x280 [ 783.946979] ? find_held_lock+0x35/0x130 [ 783.951067] mem_cgroup_out_of_memory+0x1d2/0x240 [ 783.955995] ? memcg_event_wake+0x230/0x230 [ 783.960340] ? do_raw_spin_unlock+0x57/0x270 [ 783.964754] ? _raw_spin_unlock+0x2d/0x50 [ 783.968901] try_charge+0xc4e/0x1480 [ 783.972804] ? find_held_lock+0x35/0x130 [ 783.977377] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 783.982212] ? get_mem_cgroup_from_mm+0x139/0x320 [ 783.987600] ? find_held_lock+0x35/0x130 [ 783.991684] ? get_mem_cgroup_from_mm+0x139/0x320 [ 783.996610] memcg_kmem_charge_memcg+0x7c/0x130 [ 784.001995] ? memcg_kmem_put_cache+0xb0/0xb0 [ 784.006581] ? get_mem_cgroup_from_mm+0x156/0x320 [ 784.011509] memcg_kmem_charge+0x136/0x370 [ 784.015758] __alloc_pages_nodemask+0x3c3/0x750 [ 784.020421] ? __alloc_pages_slowpath+0x2870/0x2870 [ 784.025449] ? lockdep_hardirqs_on+0x415/0x5d0 [ 784.030249] ? trace_hardirqs_on+0x67/0x220 [ 784.034601] copy_process.part.0+0x3e0/0x7a30 [ 784.039401] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 784.044696] ? delayacct_end+0x5c/0x100 [ 784.048866] ? __delayacct_freepages_end+0xe0/0x140 [ 784.053869] ? __lock_acquire+0x6ee/0x49c0 [ 784.058111] ? __cleanup_sighand+0x70/0x70 [ 784.062331] ? mark_held_locks+0x100/0x100 [ 784.066909] _do_fork+0x257/0xfd0 [ 784.070460] ? fork_idle+0x1d0/0x1d0 [ 784.074163] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 784.080217] ? kasan_check_read+0x11/0x20 [ 784.084528] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 784.089271] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 784.094026] ? do_syscall_64+0x26/0x620 [ 784.098420] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.103766] ? do_syscall_64+0x26/0x620 [ 784.107740] __x64_sys_clone+0xbf/0x150 [ 784.111705] do_syscall_64+0xfd/0x620 [ 784.115490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.120663] RIP: 0033:0x45c3d9 [ 784.123841] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 784.142810] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 784.150504] RAX: ffffffffffffffda RBX: 00007f5e2cafa700 RCX: 000000000045c3d9 [ 784.157766] RDX: 00007f5e2cafa9d0 RSI: 00007f5e2caf9db0 RDI: 00000000003d0f00 [ 784.165017] RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa700 R09: 00007f5e2cafa700 [ 784.172270] R10: 00007f5e2cafa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 784.181358] R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 [ 784.190502] Task in /syz0 killed as a result of limit of /syz0 [ 784.196621] memory: usage 304988kB, limit 307200kB, failcnt 4481 [ 784.204944] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 784.211892] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 784.218260] Memory cgroup stats for /syz0: cache:0KB rss:226256KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:226220KB inactive_file:0KB active_file:0KB unevictable:0KB [ 784.239441] Memory cgroup out of memory: Kill process 15076 (syz-executor.0) score 1113 or sacrifice child [ 784.249375] Killed process 15076 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 784.261783] oom_reaper: reaped process 15076 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 784.267152] SELinux: ebitmap: truncated map [ 784.276902] sel_write_load: 1 callbacks suppressed [ 784.276907] SELinux: failed to load policy 04:51:50 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000680)='/selinux/avc/cache_stats\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000006c0)={0x0, 0x9}, &(0x7f0000000700)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000740)={0x4, 0x7ee0b7fe4c08b7d, 0x0, 0x5, r2}, 0x10) r3 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) 04:51:50 executing program 4: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000b06ff00fd4354c007110000f30501f908607ea2685b0aaa06ffcd", 0x1f) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) pipe2(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) getdents64(r2, &(0x7f0000000400)=""/79, 0x4f) lseek(r1, 0xfffffffffffffffe, 0x1) getdents(r1, 0x0, 0xffffffffffffff18) r3 = syz_open_dev$sndseq(&(0x7f0000000680)='/dev/snd/seq\x00', 0x0, 0x20a81) r4 = dup(r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x14, r6, 0x1}, 0x14}, 0x1, 0x6c}, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="00012dbd7000fedbdf250200f7ea46b70000100004007f000000080006002c0000000400040008000500020000001400010000000000000000000000ffffffffffff100004000400000000"], 0x3}, 0x1, 0x0, 0x0, 0xd6563a5f7d3ecdf1}, 0x20000040) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) sendmsg$SEG6_CMD_SETHMAC(r8, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x5}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x7}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x3}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x40060) sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xa000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r6, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @remote}]}, 0x30}, 0x1, 0x0, 0x0, 0xd}, 0x48000) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r6, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x28046009}, 0xc000) 04:51:50 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(0xffffffffffffffff, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) 04:51:50 executing program 1: rt_sigprocmask(0x3, &(0x7f0000000000)={0x4}, &(0x7f0000000080), 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0xa4, 0x0, &(0x7f0000000300)=[@decrefs, @clear_death, @increfs, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/7, 0x7, 0x2, 0x33}, @flat=@handle={0x73682a85, 0x1104, 0x2}, @flat=@weak_binder={0x77622a85, 0xb, 0x2}}, &(0x7f00000002c0)={0x0, 0x28, 0x40}}, 0x40}, @increfs_done={0x40106308, 0x1}, @enter_looper, @acquire_done={0x40106309, 0x2}, @enter_looper, @acquire], 0x6a, 0x0, &(0x7f00000003c0)="625a278c1e0e6d9092758b2c7b6f5b21e77f96496e751d7fcb354d10f6641f877a78a844493aa109b61ba544b4f364e43747a7d9390590701d4a19c654f67bc0cefeb619d327d19ba46c7cacf72ed3ffc030cff958d77031f109fbaa0b1d5f61bb5622de79001b6be08f"}) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000100)={0x0, 0x10000}) fcntl$getown(0xffffffffffffffff, 0x9) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r5, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r5, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYRESDEC=0x0, @ANYRES32, @ANYBLOB="44d9463669893fddee14af366c553f65dd1ec5acb82cdb535a7477b0992635a4f56ab956ca3c60b32d24c317d4038bf1f0fbdf531238d2760b5d256f7c2f8fe375a15f470082cae766ab5ec2c913da33ab517ee329ca5f4f784c04118402690507a224b5761e1265638727ca0a2d31f08b1e0608c01d", @ANYRES16, @ANYPTR64=&(0x7f0000000740)=ANY=[@ANYBLOB="07e779d0f73afe159bfdf89f4f2e461ee669663dfea3c9e26bf9571adf75cff2af33d1679e5a5705f147a4ad0b1f92d6963675599528a687858cb2282b0e225dcbe3fefce1102d833af98f06c7a546dc5fa31e685960558b8c4d6be22d9d759ea293fd4bb90f7c9a7b406b8afc835c0f1b02590b3f21363bbfb387ad5b3f7358e8e291f2e9cb6e009e61f0fcd327851cbaf977fd6af5153b49292e78a32075e8a3c0bc6b558809752979ccf26eb6ca301e79", @ANYRES16=r2, @ANYBLOB="10b0c297f281a4c3e189962f1786b452a60d5b8eeb9ebd92e9ea465f825574aea9c64b119e0aea166ee9c1e287f22198c25b293476872a8e40c7676f2bf90d59c0e072c61165b3babea7b0d0b781290cc92c4113f63bc5d20939dce3193773fa77e296755466b4732baf108c853019e1a6ba70b61a271f9277aff2a0c4396140f0464a985d7e2ffdb7dbfe64e7c3387ce9d1dc7f415c4abee334aef0e6896279cac34592750199a6e02b680bed45d914c91d7825565d3f812fd64fc06310da7fa83e42afb47c108b81af14fb49238a00ca0ede6869f1d0cda5218e0a9ac07eda228e21db06cd1e11048cda3d65c8f149a57ff75a4ca428574109a3dca126976824d4cf69ff87519ec0a8877c3c1ffe7b70ecd8edeabc0c47f649b5953874c05c11ba24c916c5675ba54386e1d43f1c14c852b67fb91d4ac4a99fec922547c32b598cf6ece51fba20d5cbd87ce7228034046ae10f91430efba173953c9c90aa66c8adc7329934b477497abae78852d145452b7afbea5c3a6f038b8da37bf8a08ea6048cb554f72e4a32b0db6cc378a53fa7c77087ee65950fff72a8a29f926c43a648f8ec4cafe135aa31a181ef754776a54ffd237266e1a5f1677fa8344a8fbb53ec1bdf1412afed3e769d70a29e86a120e0de808865ddd0d18cb9512c5b6dd57d7bc8733c489ce937087cb696b8ceec6ab503ad08813c7a32ec0c7087d43e0fc870b4446a420848debc824b21ea603971dbf074adb37bb683f7f02e5575258eec8e37f1b33fb38808c4476caf0c9b91f8b527a0760df43b5b657455da2d178c46ba5bb129c53ba92665f50f709f48de973a1c06de0b787c0c2190b8ad7c1890e4c602d4913507ef8438a3adc351e25173233cb3d056c79d6290d93d3cfd007b0c913c1805d573a858c46d15959c9162e9cf39033d7e866f1299200765d0d166201a8e82eda11f54b7b0426024c99e3670e85bef271182eb6f8614bbb86370be583cc4518926da0c5502f305d94d2c3576c3a2360634a5269c311662aa03de77e76a783bfeb86294acd0f1a11565d857a65afa0acf87067f1de5f9623ff93198afaf4879aea2271ca69bf7f9b560e8072c41950ba2a9c3381f2e7ce55cfc6a0977b48aa5f1bd3efc6597f23952df75ef9dcaf6a0e3840c59a997cfe12c2de6be2019912d6e951ff8c835a3da1dcc76bc0c3e14a855521c7db3c942963508086cb366a31b8e30a93825939dccd8acf8897cbdb4ed919d7cfe3939cddc2183aef40c97ed527838b26ce1e871ae7c5812c9cec210f6364f9a1c474557935d59c8ebefe0bc1e22f79f5c3aea160729e605d6d102291fc6fb9cc1c84decdff0ce2f66e3371af423dc89cb652a6d9d0d8aa9b5e9d237afadc395dd98e3a56ffe79dcd23a0379f72d347ed7d7789dd9da5043863e58f266a194c762075472903381a97f9f9f4646bab1bcb0b1bf67e8d7866fd6e8acd3bae08f48198426442b43451c3bf34820aa1d519702aebd9f1f84e39e8ae95534130ace8e10891fe81f95c0b4f36b653d32e97f6d4361254e659afb19507424c799aeaa1052e4d4a52aae5cdb3f2dc0837eea5e9afb393515638196417948a3db51ce09e62c2f15c1f341fd3be517b4af682c442585c381a67ce9bc15a6aa343863606c740dd2563e4cdb94e55983297439bc71f9c0823d54c833a63860250be79b299a74ab7dcba3c4844176e99dd4d6ba54cdeb21f96cfaaf30d320a28a20eaeb4beb79ec5c3f67aa9b0e06b64626eb3c85206ceea206f93b0c90dcc6a27306b675b4a49071f77f03aaabb763a1ccdbdf08c1e97f124ab59659d2b71967fa8f6e583c9c2c36c57a204c4845c812acfd5ce0ba9c9d1b772b1e796f7b93ff967e27dec2783333c51f4922635a86f5629033cb6d623ae17ac0fd856d175b4d65700dbaeffe8b295b888e5fcb94c800bc9d763bd6c7b6eedbcd5b8b97630881c3cb2528ae96ba29b61b7260eb9fb82ed248cc0e0d054cc4224f14d2b7edd8af0d5592ec389dcf1c9262d3a9d07b35c03b61a6f97f643d4275305c185250f19797d1c98bd9efac8ac4d48ad03b12ecc7c92675cbd3d3993e1b977b707dcbf3a751c16857d1cb245bc7491b33dec72c3a77736224fe575bd5cdede403add7d478561c218b1f3db334fa995795d57bcba75e9229ad1410de7a88ffa8e9b0828865caeba1dba583b2ccff29a66589389b5182efb34ae2080257a46388abf6fd2e9a495cab2076983581c1e72a975542b596788dac5b5c9a50acd09ff99a66e998dfe7c931c893cf6a8f530bf47f2fecb6fa94ac2abe77a0b04b91445f14cfa17d75d3767e0583ef4bdc320611a0a8d35750a26de977bfb04477c8d59f55fe75890e62e5539b9d1d8e6bac42e4d487aa583eed403e115a7bfff46af8fccec320ef5987d5105109d24811e8a0dfb8f4927eb21a16bc2726d429e29f27552012b55b8fa21af47eb20002af000ed978ab62e2a756b9edac7d568fa5014332d74985716172dbd3cf980c29b1131ac978e8065afeed90d99385e0c0f089c2cdfdce35a1d68efabbc422c08ea91e4c84ea5f991f5c3c85406ec7c67c1ec6af5a79862bc2bc3b6d3b9ec4cf6442bf4efe96b2ac44548686e1cc8c643a3b7bfdf3ba741ce5299d2f036000ed0c482bd44aa551c98a65bac7d1f3b112e2b444ea64c6364854b18a0205675ba3d675c6b190a85a97b42973305738a2210bc308507f811b3bd3edcec94caceff3e40a9712f702af846aeb9f96b1c1fed7fe092caac752ebe2f7bdaefafa2d10e6a55b7df857c8638c21abf7fd10e719c0c023df432b761bfc13417e403e6bbee0fddffd128741c0cae32dd86f290184fec424fe14e191658312f0fce8a6254a4c732108d4ed02527e45acc219d45333d54f9fe16f331cc9da9ef2d0b71bb283326a84c513920810bafc6afd04c58f97bcfeaa4199bd02b55240701da4dd113aeb214467e1e33940b3663a2f9e913af61fa43230a352ac6e86259b71a711010a409835d5d292c83640c344bbc6dd1871df679447d4bdfa27da2f55515ba2767663dee1deea50edffd299d6a13d4de8705efb7bd94e5c86a68832fe861f50cdd0d7a3cdab32e8d5c4d1d24b7b7a25a94740a0b5aa91ac5eeb476352b4d15e4490686652142029f63fa2dd8b6ad9b971cdc031369fdd0d2669e001f422750394d7659cf22af1e3d44a724cb5af67b8fe1b0358c6b49c6786b749d946132c0ac61f13697066e3e8693bbec2ff303afa00a14a41dd1a05a3b02342d8cd81d36bde267ce7373fc02727ae478cb9088dde4287ac140aac1b34a4bd6b4a9f85f182778f9a6bfeb91b12686498fa972a0b515a67c99123879ab92cbeb114d815036d2a4620d1b74cf91c3ab3c885122b4b3b97e1ca3122f7a2d061fed816523e778bffd8ff8886e1ccbe1c9447366bda91ca693df382a4913863d619c28ed543dddb12b7d4a0bacad8e40e33eaddb88467ebdd320b131eca9fed5cf2a9fa6f7b7fdb25965388cb89f436fe2776ac1d1986c40f56731caa3c79e7603f9353678e6f411415a436f7e72f8568be1e0a752479aea6b6e229a443aa72ff0f1d601b7ffc14a8f2000defd8ac9e160a223478dcc4ed099d1e1c961b2e35d44c337b70f92b680ae646a5bed672cd073c44edcfcb92bb849ee69fc77b6b374324c2890bfa47f89d22848b111c345cf46fa199220faef3077654be69139aac78ec7788f67fd0319ca7daeb9af7749c0caa045ed7f2ea57a10095bfb2278015e61552ba56c947febec94c4ef6358aaae01bfb431356040623bbd7aaca1f9ece746fd5b75410b7a205555f37e9857471a3897ffcbd73d517d1315b07d05e1c84529558864f5f9668f61dcb40e8f15d68249cb6eeb53658984c04fee7cf9f46ef5ed857ccfd79bcfc3a733455fa958d67e632d96af5a5dc57b172101f104544b62bf0f01c909475477e7e59b0d4d72c7f37d0e169dc95a4a55be892b5b781840a8a5e6d74e9493a097e71037131b74425757629bfe64ab29c36cb187c459be49937e83e391045ce2792ea3ad9c9b85f3f81b671773973b24514a07b4a40ae83ba133d48e7ad4e1a74131adfc5254cfc03e736ae76b9317ad0d2e7e8b8059f9b24c04e83d1dfaa5dc87d1de7cdff734fa7c42da20bc3e3a889856add56fb116a2f684b659ac805d97c96bd26d663e53207330c696ce16062110acfe782be833fa030559d5812c1e1005df2021354ca7b57371b1b6ab29b9b2d4ac04fed378ac1be66fcb3082c2cc157704c8d84c89c5e6383a60fc3a68f43263a2df5d8e633f86380a9c1aeaed280ee0f8612cbeae82a53ea16cea8a0f88053798a91777a73c48972e0ca51e45b70c93baf705e3eacb78332010b8b8d6f0d4a5ff18eaeadab9ea46508ca914e568bc7b2da010f6475214c5755f3b35e8af374dd7513df1d732b5e4f9f168cf635875a3814ae6b23ec4c9ac43572c1c4713c2312313776e05482d0501bb21f70e59984b7198da78f776da261053c539c7265e16664bdaf486baa92cc86b7ad060adb45ac0af5ef732f6e5e9f09e588a976f9e1f2ea7b90e9fe92aaf4aa9560ecb291feb9e5ba817a33204b4b35b3744afc188300f3b1b53ad4e0616c8ad67134f99959f6960f4523c235a1da613fc75f3133e41248f658a4676ad2d2585e64d35e31487b9964df5e5ba59cec00a57f2283e952206a8de32a066d7de9429c1e083661767144ca7969d8dce82628cf80883cf3bdce3a9740fe859b165b89cd08044a6c47bd934789433b1285d73e73bf362aae3c39c3fa1255a82b4c3d47728447d3d172f33625e8b649f3622f3108f2219bdbe342caca66eca8f7d7f832aa5c0afe7aba9415a2692d247af7477ada98692282cf50cf95d2437410a58a9f3e4c986b99f8cba13e8767a7ab2c493dfef020b84fefe52755359df7e9819ce7f192d6c4ea0cfbd1afa1dde50279e0a3204f91668263e5a19ec0211558e09ace06931fa7c496a0e8c0b1288a7ca48f0e969954dc821ec3d4ed0a578df19ded3ffc07cd38adc9a2391e5a3dd66e9edf3cc53fc435703c17631b23639efbd6f18a59b74004844744237de1ada55da59904ad4eb9a364ab37c03102042a9742e5d931fcac499364095bbe60dc5ce81fbc6a4c73984870a674b36c2ebc3c9e932e98ed2192b719bdc24c8ee4fa80fc16630cf0127cc7274bfc84aea05c7bd26543f982ec4e92641792b2290812a42b2ad803be37cb1749daac23c45014cbc9df00120b29eff5e934aa52dffa4764c168fb7d539cd68ce0776ddf805bfb9306facb5fc9f426a813880393937822ea91aeb70fa9b50413e7fd3e334890f660b6529593c290342beb3a7c73482e378fb7b9e6d622a30685892bfa5e97091cd31d482a46bb9ca42f222f28b9c36039c5eb90a7d2c7a67dc6199fb41dca0758cf816248759cb1f156342922d2e4955684e9470ba5fea4b45987843bf6d8b8b58d07c92f7075e14852fc5b41460654c539cb71a424a1902ddf2ea6ac00b363c7472fbb771acf20d1ca91eb40d993cb8961d88b94d31810a57b0939285030b9eb67fee558002bf849dd3d9890c7fe17783864f88e12790a294250335129f3278eaebb86b3a50cc382375f076ef3ac088c2650a11e74d242539d3223f7a56435a273b0ffb06d019a70a8fed3ad92c737a4eff6352bd452eb90018b5653cdfa7f201ac28ae0616bb3b47fcd7c13e19d75b57058fecc702b2cb3b6fb3b0912458ba3483442592422bb0f9f7d55cc38e5ffb1c70066852837dc", @ANYRES32=r3], @ANYRESDEC=0x0, @ANYRES64=r4, @ANYPTR64, @ANYPTR64=&(0x7f0000000180)=ANY=[]], 0x9}, 0x1, 0x0, 0x0, 0x8004}, 0x40) 04:51:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000140)=""/19, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000000)="120000001a00e5ff007b00000000", 0xe, 0x0, 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) syncfs(r0) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x4, 0x10000, 0x0, 0x800}, {0x100, 0xfffffffffffffffd, 0x7}, {0x2, 0x2, 0x8, 0x3ada}]}, 0x10) sync_file_range(0xffffffffffffffff, 0x8001, 0x0, 0x0) unshare(0x40000000) 04:51:50 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501060000005f3f000000000000000000"], 0x38) [ 785.823497] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.4'. [ 785.832332] net_ratelimit: 14 callbacks suppressed [ 785.832341] protocol 88fb is buggy, dev hsr_slave_0 [ 785.832399] protocol 88fb is buggy, dev hsr_slave_1 [ 785.832494] protocol 88fb is buggy, dev hsr_slave_0 [ 785.832544] protocol 88fb is buggy, dev hsr_slave_1 [ 785.876553] SELinux: ebitmap: truncated map 04:51:50 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x400001, 0x0) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x4e22, @rand_addr=0x7f}}, 0x0, 0x6, 0x0, "d1d9bc788b1f35754bac337d582e95377b1565b51eebcf3705b7d4516f364fb1ca7a6226582a41e66ec9ba4eeb55362d4a1431a1b1b0acefda304dd776073a5ad3563174bd9aa789113935379544d290"}, 0xd8) r5 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r3, 0x29, 0x2d, &(0x7f0000000300)={0x100000000, {{0xa, 0x4e20, 0x0, @ipv4={[], [], @remote}, 0x80}}}, 0x88) r6 = socket$can_bcm(0x1d, 0x2, 0x2) io_setup(0xd, &(0x7f00000001c0)=0x0) io_submit(r7, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r6, 0x0}]) io_destroy(r7) r8 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) ioctl$PPPIOCGFLAGS1(r8, 0x8004745a, &(0x7f0000000100)) 04:51:50 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501070000005f3f000000000000000000"], 0x38) [ 785.921242] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.4'. [ 785.939372] SELinux: failed to load policy 04:51:50 executing program 1: sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB="0d05c135a264142201000af13a35e50ef83d5a93564106a94e5cfcf66a8538ca16ed8b581429c34e5ca531dd5e480c98e9064ee49cae897559c1ca0241107b49d2bf0f2654bda7598e0f89cf8477cd78f10019a40bf2ded3badb2168442aba7e3a0c9564fa6c5bf470868a5eb69f89140ba0807e6298f3fb575c3223b27755392eaec1a17ef4181d087cd60c244b449a8e9f9937cafd59799fd732b1407f505810d8991b219deaa68de90c8df064b02fbfacc1f9"], 0x1}}, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x0, 0x20000000000, 0x1ff}) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[], 0xae9d8214) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x3) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r1, 0xffffffffffffffff, 0x0) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}) read(0xffffffffffffffff, &(0x7f00000000c0)=""/19, 0x79e2494) read(r1, &(0x7f0000002780)=""/4096, 0x112c) 04:51:50 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 785.993807] IPVS: ftp: loaded support on port[0] = 21 04:51:50 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000200000002, &(0x7f0000000180)=0x2, 0x4) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/policy\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x3, 0x2, 0x4, 0x6, 0x413}, &(0x7f0000000140)=0x14) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x800, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000080)=0x10000) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000040)=0x6, 0x4) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffffffae, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getpeername$inet6(r0, 0x0, &(0x7f0000000200)) [ 786.116322] SELinux: ebitmap: truncated map [ 786.135192] SELinux: failed to load policy 04:51:50 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x4e23, 0x0, @mcast1, 0x5}}, 0x0, 0x81, 0x0, "e1e5db7864c08ac92371b9f806f48e46d60e568e66598752f01cf2cfb4394937a187577461262d23ded649cbed985c690f938e67dc12fd696b42738f42b60030188431378c0322d4beb7994e0af7b7cd"}, 0xd8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x7600, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 04:51:50 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501480000005f3f000000000000000000"], 0x38) [ 786.227505] protocol 88fb is buggy, dev hsr_slave_0 [ 786.232999] protocol 88fb is buggy, dev hsr_slave_1 [ 786.248808] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 04:51:50 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 786.370973] SELinux: ebitmap: truncated map [ 786.417685] SELinux: failed to load policy [ 786.467207] protocol 88fb is buggy, dev hsr_slave_0 [ 786.472376] protocol 88fb is buggy, dev hsr_slave_1 04:51:50 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855014c0000005f3f000000000000000000"], 0x38) 04:51:51 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 786.612369] SELinux: ebitmap: truncated map [ 786.623827] SELinux: failed to load policy [ 786.709383] IPVS: ftp: loaded support on port[0] = 21 [ 787.907204] protocol 88fb is buggy, dev hsr_slave_0 [ 787.912622] protocol 88fb is buggy, dev hsr_slave_1 04:51:52 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0x2, 0x2) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20480}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_NET={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44090}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, 0x2f, 0x3ff, 0x0, 0x0, {0xa}, [@typed={0x8, 0x3, @str='\x00'}]}, 0x1c}}, 0x0) 04:51:52 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501600000005f3f000000000000000000"], 0x38) 04:51:52 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x4e23, 0x0, @mcast1, 0x5}}, 0x0, 0x81, 0x0, "e1e5db7864c08ac92371b9f806f48e46d60e568e66598752f01cf2cfb4394937a187577461262d23ded649cbed985c690f938e67dc12fd696b42738f42b60030188431378c0322d4beb7994e0af7b7cd"}, 0xd8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x7600, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 04:51:52 executing program 4: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000040)={0x4, 0x20}) mremap(&(0x7f00003fb000/0x400000)=nil, 0x400000, 0x7fffdfc04000, 0x0, &(0x7f0000bff000/0x400000)=nil) 04:51:52 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) 04:51:52 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501680000005f3f000000000000000000"], 0x38) 04:51:52 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) accept4$x25(r3, &(0x7f0000000100)={0x9, @remote}, &(0x7f0000002440)=0x12, 0x800) kexec_load(0x5, 0x6, &(0x7f0000002380)=[{&(0x7f0000000040)="737267ee5ba722dda882e9b3d7e003e55e66b304055fe3c00829587f15d67796fb3a29fe418bd9a8032565a7fc77b4fa72c738047ab8b8849abf2d047cf13229dfcf533ff9fe96e37ea110d64d5a286e44d559e564162eaa907559dbab04e90ab2f60100b808ceef4249d2bda5f5520ed25c2abcafca47c56ed275aca80071858bbc0f8295d69049016d89d4fd9653328e397a9b13c82d64d394962c8677b0b9b1dde973cf870a5517e18de2f2e3b76f27310d", 0xb3, 0x1, 0x7}, {&(0x7f0000000180)="ae692241f1d3a24e51d45abfe69f1331727a3399c0e705721d2daa0195066e1eebbbd57d44a91a8ef9108935b7f09494345835de3928d237483f7bd6a8c4188cc3bc3be0a932db1a9c47177e800cb3de3cb01f762e7dde4d5aae501b7c1890a1702bb490785a0a74eae388958fbfd616ca58685dc36d630df53109a054a313dc9df85195c359b5341342c5ba0f9fd99e1f977e88dcdf57b83d9a3edf22279e3e81d9cbef04c2693c05dfa446d1d7eef9989e3f6c9d7cb45bf1576de2d5c05d00a6fd88d39109a443a4f12b13666880f499f8f97516a5a5b5017e3689139c880c13195b9ce5243db4c486a8c6368359f5df549de6a15e52a382428aef22d53b487368fbf22552334cd19de63fceb252ede6b810a8e6c3ac5fc6dcf39034324b47afcaa9c9d13cfc6b273c187a389abd426f5af2252e0f237db5523bca1b26b94ee21fad6b0b843d03d8faf027c582f5656339c4763a7d880c8f5ae1bf089145e816d2f4f106f8ecf77a4314d0edbe21ef917837414d5454e147f733b1ea76b93b60c5706cd6eda5904c34e507b90ef9989997b7be638757a21dfefc72a1f99b3152930ae57638877a96e51c2792f908a223df407ef309214cfd0d09fcc5e7ad668f94d8696bde078e03f47dd389d13812fb19c5c1d70bc15dc73fb15818e25ab21e79c74db40fa33c987f1f465f60f7b17b57eeb581493b6c5f55fb02a2e28742ff924b9ee659672093c58b5dadc8cb8d5746c426aed41d7a113f6f5cec77b3c4727175202a7c993ca9c84a7d6432c89f793d042364e40429cffad1afa6bf126efb2138dc98fd972ed2cc33c8ad0d0a71be0a50bbe1ff6228e6a5c27fadff88a4cf867ab649ddccd9e0e919c75e1cc3b8634a6bb4d90c6a09242544a9d65cdd0caa66f57cea68e24df2d12deaa27e0aed9495a3a995a924eed0c70a8dcbd19abc54d57760f03ea1f4e9357c7c7e54d8d7e1710938625585e228e7019940239b78cdd770b8d9fe7d0c2f86a298bc9cfe77bef8f19bd7ceecfcbf0d95d2779dadd50b4cae881b8d40d59f8df9c0f8f181794a9c01a32c0cc7e1d6d75f416efe9f798a4647f277ea86404c039bcdd991dc20e03fffe81b9bb4597701a7601e0ac8718ae01956305317c26c3c53d5c56c6b4cbc6ce78cc5d0319abbdf525e1aed3edcb8d5dae947a298c8b077c1073300b4f2c29907d93beaa119705dbb569ee8567ed9bafc750e154c34c6cde4903100ec6e5de02e6179f63c93b6d47a4ef9aa6372820c133df1d57791463d9f7d44949e4d669c8b248b0ee598a02d9c48115ccded0d4201af2dd3adfde8c0efcf10c137fef6184bb1de784b304ecbf4850ec43ceea9d56310314e4cff253db7ef5861122cf10518be0c2de0c50462388d0f75d85e3c2f65c8887c5e3831a5144ee07135466cc20b121072305dd39bff9aba9322d30c548178dbb4865ec7f3fff23b76a0c259cac53bfc9936834e550061b486f76cb4b9a96ac7232ab84df4d53132561cc48b50a1f161f2b0df011d956bb81f1e8ac584b99c9b690cca1adb25b2bf129eb933a78a5b33830ff81dab7a64eaba42b4840d38ee32a20a35defcba691e6976aec49ee0ab4a2c905d743529d107e4c45fe0d20159dd1332e55b0152df80c24adcb0872f7821f5fe468c17ec463c57029a6f9e792322223cb865d3f54a561bcd8bf75efee2af90fc93a3aa3f9dcf9865068470ce958faa522b1a689353a1d17c9f38158a3c1c9b5870246ae78e4b356dbd92e7810326ef7bd297314dda0b1a636cf4e0d9fb71ac6a2f003c32e0207b2d8a1ce322fb51b167199250187eef926b0444168de4cd6196af45c88c3f15d6ef6e9ac9839e397aa56609f0edbcfdb2feb664a6548038b320eac5e3c64dcedf2c28103ad9bc7ea1c7506dfade8d5c39996926c727e6a8634be3a2791d93b05e8b29007a9a0146b9c35bfbb87954f6c6da23f484f6538ae7fb8236855cd973e7db008edef411fe61eefd99c70bef3d733180cbc85ec62a0fadeec4ad5f6dccbf9e03b18b70771bbabeaebe4e1f1f46f149c5337678b40ec33cad16212a9333ad99a745f3d40df8fbc5c261883b719dbc06c2e7b3d2488bcb3d090094b78dfe0444ffac4c537b11942d9eaec4e82b22e983d3591d0b0d110c871b00337a5e36d80770aff58f07cf1eaa53eff00c42a1577a24a3679501749de2b5e587d526432b8115d9a827be331961bcecfcb7e4a02702e173b2878fcc1940aac9417dfd32d6113be5ca6fddfd97ec518fd931a7be042698ea1b4ce92faeff9aeb6c9599207f0da6bda840039b2fc112d6a16b58095021e4f4c5b6979a7d3d11b0fb1a2edbed328fdc9deebd76b49f49770bb68f2f90ab665130cf5603af41f01b2f32c30e5cfdf7058565fa3036dac7c9e95f1e7f6b79d2aa3ce6a4fa2ab2db5a39b309da89a5ced36b65aa5619f91aa9d08a48fda95b5e45269e1e39895839f88b594356611be795e80daf5bbeb1990a5273385048e1f586dbc5747110dbbab69a0a25822584f272d2412d304dc5eceff67dd17a0364feceadd83f98ccb24dfe2f8ddbda075eff9472fd25acc6c8fc1e78da77f8c0cbba2a64e444598c8a8626d38b021a0de495c8f5b5ae7f48ecd7db171c89179542061bbec6e18a68c6ed8dc2ba5222ec8e427c0d179e9b96c892ea04eb842b8c8352bc4a8c0d6531de07da62e1802ff9bebbae7764ef1140e446029eb817e1d9a39736311e2671969e642c3d59856f5bb9bca02aed4ef8caffaeebf9bc8ffda7c524bf2c6c0e5e7b197c41e67d107d0b95794d453d2d5dbd86ae94d48da9d0b5ac9952c9bff092529b2f9f06aafe30d8a9ea3c3a379d7f2886f200037a96b787e2e7b0f4af37bf09ac76476abf40f7ef4b9380f752e02f2fbf9908d5ba5016cceab768ea8750f16cfadb0e198ab07e14aba9f2a2bbd13a5d8e13d539a02a97e1ca46b367ba88f0e9d0c990d505d87c3dbf77067de0f6d8872b384a0fffadec9de13eb3d302c6bb0764ec0b557652621e05f2fcabc5950034bbb6dd99055caa9c1032aa120e8b3b7d4cae19c02b2eb0ada15dfae409bf26c6eeca03924681a832da326d3507300952eaad88809beaedf3158962a50e1bbe5de82e3e5ee5178a95f4a3d7ed131cfdf765eb1a8092dd0e0a4d82ccff30083d208def1eac3f87609eef8a3f03ddd8aa9bcf36aaae03689703458936408636a4319b123b5695d98edb3ffb1b0c913b4cc019a12133c788f2b57fe76d15efdf6e9ad17660a7883eac71c1f6cf679b4c0be20b19d2bbde95dabb9abd23ce95dd69ea86a3ac98628759da72f0d090c1f45a9396879e2e7cf68bb3c95f2ec0171647a283da1b030e56205d324653cbf25107b441e1d3553482d2708f5411f400331480f453e28926f056c61dd4a0d4ea5d61b281b9e66b75e063099ca5a4a737ba5204796a26f33823ee7b67cbc1df28634bb14c159e8e95618f8cc7a22723e48779f529c6c5a409b37f30f9304728869984844b75f0f8b0080318d870b0ef8bafb3c68950ef0605be69925c0acd590c95391c276852ff2d6e801f599e02a3f3ef198ee2d1d562c6e4413a9a7bba5567f7cd4395c85094dc04354797df25085a89064c6e049adec2c52fb7d93e14da234d5b8717125cddb7064942eb0f3c0d95f90a91919fee6065af4b8655ec87e3be2730051a26aa5696926003c4af2b082e401de086978a18c5337e6e9a7a54def8d61ff318ca44db4406456cf0b33ea6ac2281c64d4ab68ea64a4ebd28f83f9845f19f0f5c026d6c39a50401700f775ba625baf0c657f386950cc22e4f4f0c5e3028a422cd0a402cccb460aef36d49a2d501ea76e997249d3c81fe70cb7a762aea9f8fdde1341c3bf76bd18523f5dc0cbe86cd403b280ff5555ba5134a8383be7bc72c0074a3111a35b56b0aef57eed718335c28e72bfb9981d6a05b52c7d30ad4fc41043c6a51714db4d857c4fd20c9712555b571d42635ac669a29eb6fcc392557816b3789852dbbd1cf7d3aa63d44e2606ee97735bf9b6418a539cc2a1219e53f94d9c73b4ef1c8fcb2900f8c2d0d196359cc17557d3f30256d9ffedfbbbc437b013682a8ca52a0b7e8fd55088f43be6670f0697972cd19f0770662c01bd9f2b7058ce0200695238006e97a4cc6d576aedc26b3089acff4937f77f240a0385000b951776485707d21bf8b8e7e0f237577cb28fde90e4e82ed1193f547393cf3dcb52c57bdec58200ff28dc5dd6f765dfe208330c4bd432b4e32ee59c3cac76a1f394ffa219484d6b86441b9ef2aba79cdcba66b9a97493e2431d2d6b036163a64e4a83d85ba90fa106368fe79eab8924df16aca010f5b24cde5d1870b25a762f5a9a02b62cdd73eaf7f72999b5f58e8d91d0bbc27908aeb25632c8708ff4ada1c7d9551c935ed0ae538fed7cfcd0508ffce76ab9d9e15d60a374d0bcae19405e6a6ef9468ea5944656d057e24e815464ac7703b1d868d17d06fc23b69e2b29119ee8702c65629d3633262159ecdb0d3fd48962bce816b446e065cd6023085fda6b3f64c5d5f3061549744261e49ce796ee13fe8027d4aa4fc8f5a05e25c08f9946be3f241c45255c759024733ede55e74a303760e4b92a36ecc1b850475b468fc0e7c869d30f7e8304fa2fed11f71ed2510ffa6eda8299198e6b390c54d5be31ef099b0acc763fd9fd2254020520c1725dbce3f6123f612f8812ee274a3d557212ad39fe63d06c6f55208c76418e42d2f35e5c93a582232e3c3caf51d5ada1f15d991aecd41c5405730528375df177d374464c14d63b7c3aa418ac6abd9a20149030be1fc0eecc9ae61fb4a2c9352ba5b9c18c3bb9e96bfde8e58754b5d0e6dc7b6fefac14a425ee74daa6879aec413000265bdc262bb42789dff8d28b8b3f067d710d27ac04967f6ff16e8030f4ae85672cb4cc99d8f56cef39623e1da8d497aa563e8b3541e028dfae46295261a6e6a84d45d650fde42cccebcc2620de09c640083237da36f12a95847684cdaeb634522c185216c258b67a742e39e096f72a67687632b5d264b50247531a0e8c3d2ae46ed82befb4a510f32c86c795d46e9cc51328b2cba43060585470b52eb01d378a55b975c296955f8e4accc922b8203667f2f065dbe2edb97247cb920d7d3a7ebbb452c451680e971290703b98c1a7c62df81e97bde5dc726124003b0646beff3b4cd0df05732b9af7fe90670d3f64864fbc77b9093dc463f5128f3d4a446e78ad272268a4b3668c114d5b267c389e09095542ff3af6ca17a7775ce5b2ec0b2bfde82ad708f96549e430be0ca9815318f4507333623e1f5c3d472bb0cf721d711ebe0816e406cee714f354e4448b8335df2879bb48ee342752fe45b8f13e0dde4fa2c52a4e8e7de19062e4998d1d792163b6f1ee552ce7923abce602c6c82de53e65f89e0760122daab2a578ea8e2573d92392f47105012ab117afb595ebcbb8ccfc840d6be5db2d2210b4c810754fde2f52cf9c8541299a49be27deb0318a81366251dae8750c6c24ab442077bbaf298856bf1f4a9131fbc976a2756c5a43f57311fe30c72f0564954f5b4a785bb8d1ac654b44af71e280bb7474d1f5401257e49c502d3b3c6bf0a0946454eaec45bc11c803f674f8c8d9813974b917f41c024f457a192aa7216e3043d21a8fd2f0ab5cbc07fbb5c5944b59a8e37741d5270cda708c2d1cde3bf841b49be181a64e88d10e5a1cbb19e543c1cb8affc095cb836c2af49fd6fd15cdf74bc0c13420448b4f4cca712ee50dedd2fee3259", 0x1000, 0x5, 0x3f}, {&(0x7f0000001180)="cfaf3bb9b6fd83b7ce12deff788f1cbf0ebf7ea8174cdc12ef9e3e25531ce167d4dc0839fa20bc10f345e445d0070a1a8957266d6a9920a37a4d66eddf7a41e77e81865b76bf1e9bc9517ad4d2a1eb377c542aca4e683885082aec3efb22528403e3849dae70918abc4b9d5078f6dc906048a0a8593432765db0deb34c170db884da79a25868a4ad4f23c1028e5de387c2671d2256b0170649c655e838fdb79f1751d7abfca3a0a6ded27ff07298292308ee8514ed23bf83d8", 0xb9, 0x8, 0xb614}, {&(0x7f0000001240)="239955ae132210ad0f1d625f02efba00366fed0219606811ce207286e9ec4e8af2a3f969114bd35443173bd4f4c32737a23d37a842ef21e810b8cb6e1348720c15be5c9d6a6b71df74dca75c91c8e864393d534aedeade520d530736dc743e64ada32d2167c94cc5c363f0e817df1be962982ecb24e90d39632228fdff81d590c25f9f346702261047aaee0939c9a57e24aac77c", 0x94, 0x1, 0x1}, {&(0x7f0000001300)="71b54f3b3c50a634cc805d4240583b4059cb930afb024a17e7dce14ff4a63b295e6f2605f14df1b2f0356fde924a6ccecacafdaa11c950a798c9c9e3d714ee3583f73d706907f59421c76d177beb53d4c089eb447046bbed1fd7b07441a108e9133823a8f51721c00becbf530d90e3ff3196f74c1b6d1e2b57f35dcb26bbc30c3b3f9ebe7990b173005c60a0b3460ee1a52c854d6b80f4501176eb146bdfaa8ee7b65d9a90ecf889b02085d51edfe1f07bcee78b3f5cee86ba9d8df60b441fd8cd0604eef29f2a0697010a5c63ee1237eeaeab13fe7e473d08d2d6a6f431ccd4e89075877ea90119fc6cbd05e22b04635dc97ed448d1d4bcf5bf8364a406bd81749103a9400b136c5bd40db21459fe9de90ff3758e59310e08a988973d61154b349fafd9da030d64a13e034eba8ec7dfa4acd613e56b8fd83071bccb54526907981b45d17db2b48824edf39431404c743dade47c6b8c5a7998054c0ac6ec7cdd910b273bbd67234c4e677858ce75d47e47c416d6f50d24da44e56662ab7535914f5457f9db7851a5eebe107f22d6d2c955029586f77747518a52340c9c57e7b4c077ac75bf04aa185800fbff028e9e2d67988d4cb099b0972aae2bef3bd54b76131524959f626c9b96d800edf8faff1f0e3df4060752083cd5b7739046503d9c2991a7152549519c80200dab9bb858037625c81dc96ecbea2ab4372c192a9e10781b261b3fb343b331d266e0f66cef21bab1e44e972bea657aaedc448e8997624b8d3c15dd57a5f7d16c9a71ae1c7cfeadcdce7bfdc41146c8c467014e3b6457a1044c0a7be7919f20db5fc6041ef7e72b43e3c2c82afec9172eea00b6bd3bbe298de820cc12c026f9f5478d62012cd6a92415233e077f0a292fb76dff099e33ee6dc90824e7c0140fb4c3f8ac1744ff5b4cff69c32b20ea6eb8a2e893100c55c19273ff8eec0c6918f869aff7f02ca73eabbc1dbc7bf1c9f008743ca10a78b2658a418363d259bc83ea0238801ed47c0d0a614003be8dc38ef3a427a8bc063b5facfc6d96b9c60899365727d75432e2c9afdf12951a9963126c35788a45473fbad4bf590ac1f77b0aaf8a550bfa1b1adf5fa766772e3afd51bec872241545bc27bfa0d6edc2328166840b3f32a0c08610f7a03a932495adcaa8128ea27af0648f23544d24fede0db385c9492c529ec12120d894dc4fa4875ea44004cdc1a06c792fed23cedb96599e24e1ff59b45b25ce1c027779fe20c9d0828c84ee774d617658fdf0264b6c20492c7e71fbc7e943dfc481af73b3c0f085cc7f184b151edc1ba11e7c1b77b444d7614cd429e0844a03a50ede8be866a56f6502309b74cebdb366e77984dfc73f30686142b17589bf767c61369187ac9ea2ea4cadaeb5af24d165043cb955637b829f72c6fe7b865c3ef433f3e5de0b515bcd42f47ebf09f25a75249e174032f2630d6c37072973aed7472070f2bb58212a359fc52a56712e2f04f547c8e4cad0d652acc16d243453fa1bc6a829f5fe0739da1551906f3dea18b70cc584e5c116ced753ad46fb7e678957401ebbf0e908c2eab1e274cb6317dc473b18481f03d559c5843671bce25a1d5d7d844eb84111087a686f88f116a6b20b32e0cf1ff6f2356af33ba16b76fb2e44d3fbb5379235e4b12eccad5f1f8a472bcffc960552e1cce593833643fd4a1ffe63e6a61941cb73c2610291649eadd7ebc6dbf04c0f609ab6f26532c84b77e2c989258104eaf16fe7d5614c50a8772d4085851e519cbc5266e3f8c4f2b50b70d0cec768da3fd133258805d60ad047efb1f3c1e0f1482449c57c3ae4ab66479d1792e11a080922fbd8490d417fdbd93918cb83424c77dc0b2c6e1fe4ffd37e399144f90555a859c47a79547d74609400f6895d62effe973d9101eda6c2520699f7caa2e01e49d3830350ddf38e3a383b49b04ae0b26bf3b74d40bddd8fe5427684adb346821d55942238a94bb6790a1abe346a47803aa79613ba9b104977279d5346c60465cdc09a47f996b692cf051e8291f8fa934545bbaefa5b1f4c2140ab20c0ac4c3b8cb1850ce96045d6af76790d2131c23d73dff054c1bbb6ec896ccada6340da1115dfe2273be1dd7f2ac1cfe0bab071ee24341eee59d1283593883cafeff839de422288d17e2e0ee3cfd0ad8f4ce93e1d1e173380f9b1e55b54d3edfe8f7faa4696b7894cf518afb36819ae849117c1e1483a8a5d1afb83ca3f52569b4f5c0beeea19c658d91cd59423a4e33dcefd4e68d12bf8364178cf03d09e8833e96f3c6d405965808580acafb4ac7cbe96e1e21211ace0ef3a5706663c12805bb9a30639d4962857136a134ebe14466ccb76971053f4a740e3a5ce80097326e1665d6045887482ab654a0b4e3390dfaa19caabc57b9b98eef5409134f9595d5ea14ce8e39b07306d906f268263fd88e73808cc4f11e67709425a1c2831cdd4f69170ea034e7c5959c44aaccd933c77fdba325fd0034a4ad662dc4c547a5805a3db6fe8042409e54cbb063147c0dab40cac86fd8bc00e071c55b4710c2defce1076f30380e892d995828a1584082cbfb3da80cbb9a7316e7cb127e1fa2a4be338a9131bacd3b82260bf664c2c426c92db206eaea7aa3d80a9509e0f8aa09475b20537d78e3a0550803c1782a04bbf4f7cf4ca618491891ee2bb6a2b13f751c30fa0b0eaeb340c842afc7cd7e23f762a4cdffbef7d15e0c39776f76ae7ccf8a68b65d0cb4069176e219461192e140969b03ec84d5eddc60584990b0c5e55cd87aa4cf9e9f499fe9ee8cce9cecc6d34a30ea981ff54d65354702a6efe0bc5da81369a7e8aeaa4a508afb38e1096334b8b0861d8f125abe49013f4d59323f53190bdc3bf972c919e92436c186e1c5a98db979bd6022e4ae0b8e0a7da5352886bfa74b9f8c28a3c451bf07c9b8a2082a7fcf0423830775fd8e69b5039779ff0d30622f4b491e1998958a95d8fa60bbbfa2b9de91b0140e0f1a77b31e79cdfb47f1c82d35a4cf0ca330ffed85f81df5b4d24c29b4454f6a56d8549312273d77339bedffc9e11f83b1ad514fa6b1d942ca5d6552662923325bf6a9f267f47163496117aa9eaeada97dc389db44c8c8e8cb0367489b3389d6b624eb0996465e9cc9d3c531f7a358db742478b0446bbc10ad18c1d8b2e0bfaa17aeed940d3500adeee8f5db1afbad4ebffab67db3ebcbd200c464cac328fdede4be5eb54810e1a09592cf166c11e79992d90f55e0023c7b4d4dba9886e8513c7298c8883fe4d6775b7f77ce384b99e357a4d494fcd5db6501152337c8548d370b34f5d4b99c3bbed569d8e602d3c7ff3b931aae6fc060adb68d0c1555385952ce35fbb86aae32163c19d070cd11f264ac53e6282622f5cba688bc909d1e50cfed14f65b3496bafcf295e9ab69ec43c887f0307d447a67b0333ed985fc858b829aa97873bdc6548e010de8068420e65ec471f290572ab8983c77132e8579294181886893bc4d62d2301623bab604273a2bbe28ac71b04b0a91c19311d80fec616d62402f63059b213cee02cce7619400725a5ea5517b59081093a6f59a02dcfb4ae96225f452589b5c697ac1d7872f8f64d6c7a4d6eaf2323730a6bbab31ffb409fb22a016b5e79953b7e27a371631e126512587151caba9c19c5a0fde3d890f28aeb78b74ed92390d147edb2076fec78786302ec5b2ff607795ffe675153e76483cd26807a20fc3b6c269380ed7f1733be27ccd4f5c73db93f5839de0f00690602a5e63cd5b5b7c8b5dd44c2cb5c225219c2cb003e69ee56cc1aa1d2e71523156f1b53414ce6974e0a55e14df1a9f1418254f417e2e721420cadc79b6982ee5793c35011a15260089f4a448c35475cc727165ee9bda3317a47c4fe7fff57e7e0270514ac3bf378e967fc16d02e783ae1ecea1f6d14c58658e923078e60aa3fff72c5cb6a9c2ee9269283e459437bc5aced4b4a6eecd4b23aeb3a21605615de5a44fd06dfb2587cc060c629e5ef41d73e872bb770bc2c694b21590a55af6c0499003e532bc25ca9a92c767750b7b7c38f9ef2c6b6740bfa2fd71ef41f41e54d385e64b783fa753950346ac6bf86cbed15f4792b27a442d5d01715ae0206004640c047abcb215c3df5b0bb3cbd97ae35e4534bf5b49a8c05c81ae859ca0a9eccd6a1770d65c4f95745f45b7acf0f6609dc471a01504757c2ff1fcbab34d287d5d5a13eda9ffa034be3e013ba99bb90cdb496f545b340fe0dc9946953167142462e168dcaa8546c735bd9e17a9c433ce067e42fda5b52b6f6abd7ff5cde28e6a2e5787426fbd35ca59636698c499cc597871e9bca3e1626b1b197c46c3becd793dd3277870e4419f7b39c27e682a2c9b89a3dcec522e4630199da92e3aae4b657ae628a22e7c96f40382c4e27816fef732a3eeb946be152ddb2e39bcf187e876c7126c0510cdcfdc1c1c7833c6c923adc9aa5d9b125331d99ac5a9f257adf820b8dc71e7a97851dd7104f3eb920662512ac5318b9fd96dcf956bb51b9209528a1c0cfcc03438ebd1cd710089a6039f7164539a4636895ba01d0a5f2c2cc22f6ca8da96e9a7c7143922e26b24c98b3eaba94fd6e12cf6638bd8a3b19f1c9992496cf5a7c321b68f8c6c2a6d92b1e72949460f0e28e081243c23f757bb462b26752508238702742e9050001b84d4d881a2825396d8b09e2f49fb143fe05f6cc8b1d2a4a6fad6c91762f51fbdc50a183499fbbf4916044b276943e789aa6e5d98aaae0a0517a00155c4d6995f06212231f98449982f836ad4fc7295b33dd872cafeee5ef09553199cb787035c7f5139343335abd702e3ee08e37acfbe8e3928270952097abb8647eb0ddfa72848515bbb6c093b87e8f37c3ee68f96a5994688c6bbe12eba6447b5a3f8525cd32a271d759b73fb29683774f88edf4f60427dc46862f75a9f0285edece0b353b6cb248980f0cbf06d5953ebe4614aa44d5b55298fa2a7adca839342ca42e6e4678d68978cf09ea1b4f30cca76ec1e1abffa335bd3f6a36d8fe4752026988b79af04ac3c8bc449a6a8489b87e05e924ccadec20d45df0c963130d860d2ed87fc5fe98c086993fb3209022ed6b9e40c4ba4ef2c2e3ca77b549be39b5b025d16d1ff337ea22baf18e107aadcdb60c082469f1ce8bf9c50410b8bf7dcc9352e5fe93e87d7a4dc3360d81ba486c584a7c0f34a103e1ea272166d1447f7257d742d4d3e26a865c3b0bd2ee5ccd9cc77f49b88c562e6acb1364231eda6658a60427944892db04580095fcfd7f1126cd38f169c09d4a20f844cbddff04a25f741049b4773271ba162221d44e5b165b7c777b65d560e692caa49cd4de816c1b5c965763e8fef51b78aba77e9395a5cf1025fae9c000986cb1198fd9b61e93be89c445d2e94560dc2cd484a3db3c67dd0d033a2da95dbd6dba9349ee080501fafc103310d71845a00a8ff2ed3775e274becbb91398b7c831e51c69992f53ab8be63161e69de66d6556782b6898d7c74bf8736547e9d355ea51740a74c680a1f0b7bc0c0adcb63f56a621ea3d7e43c960c1320429fd98de49056aee807c2e27d9e3879c78eb8543872a89e316f8318832e9eb15bb6f7ac84410061bab24695ce3f914e9dfa8ef6851896457fda5161113a76d2d83c8261a07b447e5850653b0aaf146a82731b5b0de642c9e884e2d4282eeacbd459d5bc5f42bab43b98007bf940c5a72eeea5a75a2488b3855536db8300ac590c2bd7d66828636be9224d811000f964ac71c627170c56958426f3996e24776b83cd6", 0x1000, 0x8, 0x3}, {&(0x7f0000002300)="ab183976995ca5557cc7534fc39e44c04111bb78e58c6bde9a340acf9571a90f18ed39ff8c6e414001ee0785e9601f53faa8120de6401c2aa5c1ae0366e029c9b5802aff37", 0x45, 0x7ee3, 0x8}], 0x280000) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:52 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15a6da3e65877158, "1f42d60f8121dbc8f082e86c06c4076d630e342d13503c6775328776eca1d5b1c524935efe93c27b7327c299bb44ff9e13e99456501f2a04e31543690bfb71cd", "b3fe3efc5c3d2674619331303e544c52a1934d40b72d5e924b08b76a16bbe6f0737a00b081c7d396516270e421e25b0bc157f28522de52b1bba313aa4baafcde", "13546504b75a0dbf9ee6f6783bbf580537d49a084e583900f59f913d752212e9"}) [ 788.550835] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 04:51:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='\x93\xa9nk\xd9\xa9Vg\xff\xff\xff\x01\x00', 0x290480, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'eql\x00', 0x809}) ioctl$sock_ifreq(r0, 0x400000000008923, &(0x7f0000000000)={'eql\x00\x00\x00\xa9[\x00\x00\a\x00', @ifru_map={0xfffffffffffffff9}}) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffff8, 0x20180) write$uinput_user_dev(r2, &(0x7f00000001c0)={'syz0\x00', {0xc0, 0x4, 0x10000000000000, 0x2407ae7b}, 0x4d, [0x1, 0x507c, 0x8, 0x326, 0x1, 0x3, 0x5, 0xbc, 0x4, 0x6, 0x7, 0x7f, 0x3f, 0x10000, 0x914e, 0x8, 0x6e01f0c2, 0x2, 0x9, 0x5, 0x10001, 0x8, 0x200000002, 0x4, 0x6dfd, 0x4, 0x7, 0x400, 0x1, 0x7, 0x8001, 0x400, 0x100, 0x1, 0x5, 0x80, 0xcf65, 0x5, 0x1c, 0x5, 0xff, 0x1000, 0x7f, 0x200, 0xf, 0x5, 0x0, 0x0, 0x1, 0x1, 0x2, 0x7, 0x6, 0x7fff, 0x0, 0xffffffffffffff62, 0x7c4, 0x2000000040000, 0xfffffffffffffff8, 0x0, 0x9, 0xe93, 0xffffffffffffff1a], [0x16e77102, 0x7fff, 0x7, 0x5, 0xb1, 0x86, 0x8001, 0x0, 0x6, 0x1b, 0x9, 0xffff, 0x5, 0x1ff, 0x1, 0x7fffffff, 0x8000, 0x1, 0x40, 0x0, 0x2, 0x4, 0x1000000000000, 0x0, 0x200, 0xfffffffffffffffa, 0x4, 0xf3e6, 0x9, 0x7ff, 0x10001, 0x6, 0x2a2, 0x5, 0x3a, 0x1, 0x1, 0x6, 0x3, 0x5, 0xac8e, 0x100, 0x1f, 0xdd3, 0x80000001, 0x0, 0x5, 0x3ff, 0x1, 0x8, 0x9, 0x1, 0xe6, 0x7, 0x9, 0x81, 0x40, 0x6, 0xdbecdf9, 0xffffffffffffffc1, 0x7, 0x5, 0x2, 0x80000000], [0xaa3, 0x9, 0x80000001, 0xfffffffffffffffb, 0x9eb7, 0x10001, 0x6, 0x2, 0xfffffffffffffff8, 0x0, 0x5, 0x8, 0xba6, 0x100, 0x1f, 0x7, 0x800, 0xf8eb, 0x3f, 0x53, 0x3, 0xffffffff, 0x0, 0x200, 0x5, 0x8, 0x7, 0x6, 0x7, 0x4, 0x9, 0xbc9, 0x0, 0xffd, 0x0, 0x1, 0x6, 0x0, 0x6e8, 0x3, 0x4, 0x7fff, 0x1, 0x8000, 0x7, 0x4, 0x200000000000000, 0x10001, 0xc6e2, 0x8000, 0xb4a8, 0x5, 0x9, 0x80000000, 0x4, 0x2, 0x1ff, 0x1, 0x80000000, 0x4, 0xd085, 0xe2e, 0x7, 0x8d32], [0x1ff, 0x7f, 0xf91, 0x7, 0x776, 0xff, 0x1, 0x0, 0x8000, 0x1f, 0x9, 0xffffffffffffffc0, 0xf8d, 0x101, 0xf4, 0x2, 0xbe4, 0x4800000000, 0x1ff, 0x7, 0x5, 0x2, 0x3, 0x5, 0x2, 0x5, 0x81, 0xe1c, 0x7, 0x3, 0x3, 0x0, 0x0, 0x4, 0x2b, 0x1f, 0x2c, 0x5cb, 0x7f, 0xfff, 0x7, 0x20, 0x1, 0x7, 0x5, 0xff, 0x0, 0x9, 0x4, 0x1, 0x1, 0xfff, 0x796c, 0x8000, 0x5, 0x0, 0x1, 0x7, 0xfffffffffffffffa, 0x40, 0x5, 0x0, 0x80000000, 0x5]}, 0x45c) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r4, 0xc0845658, &(0x7f0000000680)={0x0, @bt={0x280, 0x80000000, 0x1, 0x1, 0x80, 0xffffffff, 0xc7ef, 0x40, 0x57, 0xffffffffffffff00, 0xfffffffffffffffe, 0x3, 0x800, 0xfffffffffffffff7, 0x1, 0x4}}) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r4, 0x408c5333, &(0x7f0000000740)={0x200, 0x70000000, 0x7, 'queue0\x00', 0xff}) timerfd_settime(r6, 0x0, &(0x7f0000000140)={{0x77359400}, {r7, r8+10000000}}, &(0x7f0000000640)) [ 788.637623] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 788.643083] CPU: 1 PID: 7615 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 788.643092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.643098] Call Trace: [ 788.643115] dump_stack+0x172/0x1f0 [ 788.643136] dump_header+0x15e/0xa55 [ 788.669253] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 788.674374] ? ___ratelimit+0x60/0x595 [ 788.678277] ? do_raw_spin_unlock+0x57/0x270 [ 788.682710] oom_kill_process.cold+0x10/0x6ef [ 788.687228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.692777] ? task_will_free_mem+0x139/0x6e0 [ 788.697284] ? find_held_lock+0x35/0x130 [ 788.701368] out_of_memory+0x936/0x12d0 [ 788.705376] ? lock_downgrade+0x810/0x810 [ 788.709540] ? oom_killer_disable+0x280/0x280 [ 788.709556] ? find_held_lock+0x35/0x130 [ 788.709583] mem_cgroup_out_of_memory+0x1d2/0x240 [ 788.709596] ? memcg_event_wake+0x230/0x230 [ 788.709615] ? do_raw_spin_unlock+0x57/0x270 [ 788.709631] ? _raw_spin_unlock+0x2d/0x50 [ 788.709650] try_charge+0xef7/0x1480 [ 788.709665] ? find_held_lock+0x35/0x130 [ 788.709684] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 788.709697] ? get_mem_cgroup_from_mm+0x139/0x320 [ 788.709712] ? find_held_lock+0x35/0x130 [ 788.709728] ? get_mem_cgroup_from_mm+0x139/0x320 [ 788.709752] memcg_kmem_charge_memcg+0x7c/0x130 [ 788.709766] ? memcg_kmem_put_cache+0xb0/0xb0 [ 788.709784] ? get_mem_cgroup_from_mm+0x156/0x320 [ 788.709799] memcg_kmem_charge+0x136/0x370 [ 788.709817] __alloc_pages_nodemask+0x3c3/0x750 [ 788.709835] ? __alloc_pages_slowpath+0x2870/0x2870 [ 788.709863] ? find_held_lock+0x35/0x130 [ 788.709882] ? copy_page_range+0x124f/0x1f90 [ 788.709896] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 788.709914] alloc_pages_current+0x107/0x210 [ 788.709934] pte_alloc_one+0x1b/0x1a0 [ 788.709949] __pte_alloc+0x2a/0x360 [ 788.709966] copy_page_range+0x151f/0x1f90 [ 788.710003] ? pmd_alloc+0x180/0x180 [ 788.710016] ? __vma_link_rb+0x279/0x370 [ 788.710032] copy_process.part.0+0x543d/0x7a30 [ 788.723745] ? __cleanup_sighand+0x70/0x70 04:51:53 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000000040)=""/239) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r1, r1) ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f0000000180)={&(0x7f0000ffa000/0x4000)=nil, 0x1, 0x3, 0x92, &(0x7f0000ffb000/0x2000)=nil, 0x1b8}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x6002, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x60c) [ 788.790900] _do_fork+0x257/0xfd0 [ 788.790919] ? fork_idle+0x1d0/0x1d0 [ 788.790943] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 788.790958] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 788.829129] ? do_syscall_64+0x26/0x620 [ 788.829144] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.829159] ? do_syscall_64+0x26/0x620 [ 788.854602] __x64_sys_clone+0xbf/0x150 [ 788.871851] do_syscall_64+0xfd/0x620 [ 788.871881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.871897] RIP: 0033:0x457fda 04:51:53 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x8792ec048722f2bc, 0x0) ioctl$NBD_CLEAR_QUE(r0, 0xab05) setsockopt$inet_udp_int(r0, 0x11, 0xa, &(0x7f0000000040)=0x4, 0x4) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x1, @multicast2}, 0x4}}, 0x2e) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r3, r3) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r4, r4) ioctl$DRM_IOCTL_RES_CTX(r4, 0xc0106426, &(0x7f0000000180)={0x6, &(0x7f0000000140)=[{}, {}, {}, {}, {0x0}, {}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r3, 0xc010641d, &(0x7f00000002c0)={r5, &(0x7f00000001c0)=""/201}) r6 = socket$inet6_udp(0xa, 0x2, 0x0) r7 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r7, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) r8 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r8, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r8, 0x0) r9 = fcntl$dupfd(r8, 0x0, r6) ioctl$KDGKBTYPE(r9, 0x4b33, &(0x7f00000000c0)) r10 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r11 = dup2(r10, r10) ioctl$TIOCGSOFTCAR(r11, 0x5419, 0x0) setsockopt$inet6_tcp_TLS_RX(r11, 0x6, 0x2, &(0x7f0000000080)=@gcm_128={{0x8eb58f113b21bd9e}, "e3f6b0c45c600077", "828622bf652aaee746d0502ec145b7e3", "517500e0", "e2d9955213ab6992"}, 0x28) 04:51:53 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) [ 788.871913] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 788.871920] RSP: 002b:00007ffc40f2ede0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 788.871936] RAX: ffffffffffffffda RBX: 00007ffc40f2ede0 RCX: 0000000000457fda [ 788.871943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 788.871952] RBP: 00007ffc40f2ee20 R08: 0000000000000001 R09: 0000555556e18940 [ 788.871959] R10: 0000555556e18c10 R11: 0000000000000246 R12: 0000000000000001 [ 788.871968] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc40f2ee70 04:51:53 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x4000, 0x0) setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, &(0x7f0000000180)="4bd24f998741a7c37fcbb19a0028ea8b68cd5723d1f2a848d2f6795c58a55d827d312ad76bdd34336b0303b64aca3701aef82bf23b4ddbdc7410d301938ba16cbdc8741c2661585e6a954eaf47990d56931007b624340856fcb4e6c0b7d7a74371392b9d559d4ae0a0ba1aff9554cb97f7ee67d8ded413bfae816821ff8ce304bdca5a5c4183f0fb7e0521380a0c0fe1bb007d744fb92836ddf43f2fb256809ef16cb520af84dcf7d685eb515b486eb8c62c", 0xb2) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) readlink(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=""/38, 0x26) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000013c0)={0x8, 0xb4, 0x8, 'queue0\x00', 0x5}) capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0xfffffffffffffffe, 0xe540) dup2(r3, r3) syz_mount_image$ceph(&(0x7f0000001480)='ceph\x00', &(0x7f00000014c0)='./file0\x00', 0x0, 0x4, &(0x7f0000001700)=[{&(0x7f0000001500)="32ff23e6ab013e4040624c7f2a9686", 0xf, 0x20}, {&(0x7f0000001540)="30cac2d41f217dd2478fe7789977369f20d3ef634530e7de4506c962067577f620c7ab4beda2ed194e443d3532cbf1506a08f0dc89540c6e5b38c9fd1cf092d328b7c043cff27bfb7d62a61097d9dd4a689b859ce1c353e724a4114019df88d9c75794ea2b91edbcc0690755f0d6", 0x6e, 0x6}, {&(0x7f00000015c0)="c7d788551697c9b8de944659aab77eff8be433d03e8af074b260d14d56bd5957e7daa503918df520f7aad02399288bfe1b943c115422815dd0812f6d86804a4413f4c4aae1959e97de18d6f60f694a6a50971c28279226c51bb38a6ba241ba2a487b03dade39bf72a8b80bdd020b88d064fa599fceecc0de2133c19c129e4031abaadc299a5710", 0x87, 0x8000}, {&(0x7f0000001680)="f2fd1f6a39477ca83a70d4d97cba5e55a4ef6fbdb533a90ee53140297183d797d840681f021ec74c6aee9e669be0b1a1289a097281fcd59cd4c2f5006a3e07c6b1babd9587c1fef12a0a99a1a7e3468a7b96529c59059ff3a2b764", 0x5b, 0xe958}], 0x20, &(0x7f0000001780)='/dev/dri/card#\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r5, 0x0) getgid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r8, 0x0) lchown(&(0x7f0000000040)='./file0\x00', r8, r6) readlink(&(0x7f0000000240)='./file0\x00', &(0x7f00000003c0)=""/4096, 0x1000) r9 = geteuid() stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f00000000c0)='./file0\x00', r9, r10) 04:51:53 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4000000000000000018100000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) 04:51:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) io_setup(0x4, &(0x7f0000000080)) io_submit(0x0, 0x0, &(0x7f0000000180)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0x2000000000000000, r0, 0x0, 0x22c, 0x2, 0x0, 0x3, r2}]) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, &(0x7f00000001c0)={0x0, 0x3}) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000200)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @default, @bpq0='bpq0\x00', 0x7, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x0, 0x0) setsockopt$TIPC_MCAST_REPLICAST(r3, 0x10f, 0x86) io_setup(0x8, &(0x7f0000000040)) io_setup(0x100000000, &(0x7f0000000140)=0x0) io_cancel(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0xffa1, 0xb}, 0x0) 04:51:53 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB="44000010", @ANYRES16=r1, @ANYBLOB="3100000000000000000009000000300003000800030000000000140402006c6f0000000005000000000000000000080008005e0000000800010000000000"], 0x3}}, 0x0) 04:51:53 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) [ 789.353963] Task in /syz0 killed as a result of limit of /syz0 [ 789.370459] memory: usage 307200kB, limit 307200kB, failcnt 4515 [ 789.376778] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 789.385980] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 789.396025] Memory cgroup stats for /syz0: cache:0KB rss:228252KB rss_huge:190464KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:228384KB inactive_file:0KB active_file:0KB unevictable:0KB [ 789.474957] Memory cgroup out of memory: Kill process 15246 (syz-executor.0) score 1113 or sacrifice child [ 789.506998] Killed process 15246 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 04:51:53 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855016c0000005f3f000000000000000000"], 0x38) 04:51:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000280)=0x3) ioctl$TIOCVHANGUP(r1, 0x80047437, 0x70e000) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) ioctl(r2, 0x0, &(0x7f00000000c0)="fd883f821966c4f8ac2fa485be0cbaa96637d56d1a3b3f41cf9732fd270d4895e458968f071e42facccca15aa58f735d53683dca39731f720164aa7f8e77eea744e4e92973f079b48c12b6db16ba40673f0c0a8e0ec44baa84c389fd5df51fde744048bf35d2d4ca1141b2754569945fc992d41056ee2ba4b6444b70") 04:51:53 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@initdev, @in6=@ipv4={[], [], @multicast1}}}, {{@in6=@ipv4={[], [], @initdev}}, 0x0, @in6=@local}}, &(0x7f0000000180)=0xe8) syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x1, 0xe40) ioctl$TIOCGSOFTCAR(r0, 0x5419, 0x0) 04:51:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x0, 0x0) dup2(r0, r1) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f00000000c0)={0x3, 0x100, 0x0, 0xfffffffffffffffc, 0x6, [{0xfff, 0x4, 0x0, 0x0, 0x0, 0x904}, {0x9, 0x9, 0x0, 0x0, 0x0, 0x882}, {0x3, 0x8, 0x8, 0x0, 0x0, 0x2}, {0x2e79cb86, 0xaf, 0x8000, 0x0, 0x0, 0x401}, {0x1f, 0x7, 0x20, 0x0, 0x0, 0x2}, {0x0, 0x7fffffff, 0x800, 0x0, 0x0, 0x1200}]}) r4 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) connect$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x8, {0x7, 0x1, 0x1, 0x3, 0x8, 0x2}, 0x1, 0x4}, 0xe) 04:51:53 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:53 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) r0 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r0, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x1, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) ioctl$EVIOCGUNIQ(r3, 0x80404508, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r2, 0xc0385720, &(0x7f00000000c0)={0x1, {r4, r5+30000000}, 0x7f, 0x5}) r6 = openat$autofs(0xffffffffffffff9c, 0x0, 0x800, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) ioctl$PPPIOCSFLAGS1(r8, 0x40047459, &(0x7f0000000180)=0x615bef8570dcd0ae) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x14d114775de95e04, 0xfa00, {0x1, &(0x7f0000000140)={0xffffffffffffffff}, 0x200, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r6, &(0x7f0000000a00)={0x8, 0x120, 0xfa00, {0x4, {0x0, 0x3, "a11fd9bb777ed6d2de013aa84c1780812dde64019c3679140f98742d991c188999137e2c0c273c01ce5ee4a98e9a5f9621977495adc63b5e42cfed5f869c9b9c3762653da39cff6f836d3d8c2f820218e7f36d69edfe4f612f003ba171580d5d229a27995ec89a2ae6ea35537a994f882cb14b30ea1e81f4ffce42d406d795b1667439abc3912178aa17fed740c80915b5df43ad2e40db2e0c07023314ebb582148f97bf4b7f329a3f160dfa8dc19707f955096b143bd08da435072e87ba883dfc7fec35c82353166a54e432bd274068adc33e99bed553bae5b0410241e3d969c47980bfb66acc42eae3297dadf62b3f5d48f2bbbae626416b7f89ba77f540b4", 0xb9, 0x4, 0x0, 0x2, 0x100000000, 0x1, 0x3}, r9}}, 0x128) ioctl$DRM_IOCTL_RES_CTX(r6, 0xc0106426, &(0x7f0000000b80)={0x3, &(0x7f0000000b40)=[{}, {0x0}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000c00)={r10, 0x3}) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000000080)={r10, 0x1}) r11 = socket$inet6(0xa, 0x6, 0x0) close(r11) [ 789.542583] oom_reaper: reaped process 15246 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 789.562423] SELinux: ebitmap: truncated map [ 789.567532] SELinux: failed to load policy 04:51:54 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/drW\x1ecard#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:54 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000200)='/dev/bus/usb/00#/00#\x00', 0x40000fffffa, 0x80002) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045510, &(0x7f0000000000)={0x3f00, 0x0, 0x0, 0x0, 0x0, 0x7ff0bdbe}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(r2, 0x770a, 0x0) [ 789.713764] SELinux: ebitmap: truncated map 04:51:54 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501740000005f3f000000000000000000"], 0x38) 04:51:54 executing program 4: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r0 = memfd_create(0x0, 0x0) prctl$PR_GET_CHILD_SUBREAPER(0x25) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x9}, 0x0, 0xffffffffffffffff, r2, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x80, 0x0) sync() r3 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) dup2(0xffffffffffffffff, r0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) pipe(0x0) fchmodat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x70, 0x0, &(0x7f0000002000)) r7 = dup2(r4, r6) dup3(r7, r5, 0x0) ioctl$TIOCGDEV(r7, 0x80045432, &(0x7f0000000080)) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, 0x0) [ 789.759862] SELinux: failed to load policy [ 789.894067] SELinux: ebitmap: truncated map 04:51:54 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:54 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855017a0000005f3f000000000000000000"], 0x38) 04:51:54 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) connect$rds(r2, &(0x7f0000000040)={0x2, 0x4e23, @rand_addr=0x4}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x39, &(0x7f0000000440)=ANY=[@ANYBLOB="11450000000000007fc47fc6cfc164408127f0795d13819f93a1e90eef7be3fcb1fe17f3455400f9088028eb34f1a1abefb0ad33c5e7d655190a66cc192e81ff39e828d910eaa5bee7c14e03afbbcd1d37cd099668a7d7da1403574de9699d4c72b78e0f6f16a7bc993a64647b0368084ddde283d19f172a41d7388fc295db646bcc601e27feab727861ab3f16bb14e42031b61e1e47f90b16eddede63d4bd1881847b895e08ec3a85f9b08a52eb3df28244665d2440b5bd94bec60625d1fb3c02afeb86c892da5071475392dc63050200000718000000790407000402000000000000000100010000000000050200090346200ca21a0d77ee5fc0bccde1845b87e8eab9b5bd010cba011e3f4be56898643c6064ed494a001114d559042c098618f5f299758ab152585acc7b19d925a9190b6fb48373226aa55f391cafca8f0401ffc2040000000101d87f84d3ec44e16777fa616760a7699fd03ba8179875455c9b6cdcf1d58b1750189073b71fc3d1a758780b93152ddf84486a6b49bb675a6d1bcc8ace7fe674699910defd8bf1b7e3aeee93b3b3f4bb1cbc0016571ce5298577d5160b3c875033f6d427a094d1dd66d3451e9e6cfc18e36d22341d16b1a25e82955874e3bbc2141b3305122204d46ace004baed1cc0fab791378690b43186bd39edfd77e2ae9fa06c99e7440f1bb244779e2dfec08f7b89ebc2cce26052f3b97e88f95f0e927573dc9df7694e18898bf0853a102b96be12d72fd671be395abf5c20400000000c910fe800000000000000000000000008f6dd4430210342eac1649f050bf53f80f756b8233cebc95a47dade99dfe4ba3aea921e99febdbc4742809337224b6071459420d9983cf37298c115998b95eeb11647d9709263e58fd03359d52d03863e9e959a704f563"], 0x238) r4 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) msgget$private(0x0, 0x62d3961baba1c858) 04:51:54 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r0, &(0x7f0000000100), 0x10) listen(r0, 0x0) listen(r0, 0x0) syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x1, 0x700) [ 789.915843] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.918782] SELinux: failed to load policy [ 789.923045] bridge0: port 1(bridge_slave_0) entered disabled state 04:51:54 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000300005f3f000000000000000000"], 0x38) [ 790.029084] SELinux: ebitmap: truncated map [ 790.034642] SELinux: failed to load policy 04:51:54 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x0, 0x4) capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x4040, 0x0) ioctl$VIDIOC_G_CROP(r3, 0xc014563b, &(0x7f0000000080)={0x1, {0x0, 0x8, 0x5, 0x9259}}) r4 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) socket$netlink(0x10, 0x3, 0xd) 04:51:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000280)={0x0, {{0xa, 0x0, 0x0, @ipv4}}, {{0xa, 0x0, 0x0, @remote, 0x4}}}, 0xffffffffffffff2a) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x20c82, 0x0) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000140)={0xfffffffffffffd4c}, 0x38c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x20c82, 0x0) write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000140)={0xfffffffffffffd4c}, 0x38c) dup3(r4, r5, 0x0) r6 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x402, 0x0) ioctl$TCGETS2(r6, 0x802c542a, &(0x7f0000000040)) dup3(r0, r1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) 04:51:54 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 790.377860] SELinux: ebitmap: truncated map [ 790.396631] SELinux: failed to load policy 04:51:54 executing program 3: capset(&(0x7f0000000040)={0xf1504}, &(0x7f0000000140)={0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x800000000000000}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000080)={r6}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000080)={r6}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000080)=@assoc_value={r3, 0x4}, 0x8) r7 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) 04:51:54 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000500005f3f000000000000000000"], 0x38) 04:51:54 executing program 2: openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 790.665703] SELinux: ebitmap: truncated map [ 790.705561] SELinux: failed to load policy 04:51:55 executing program 4: creat(&(0x7f0000000700)='./bus\x00', 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x2, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200004) socket(0x5, 0x2, 0x0) syz_open_procfs(0x0, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r3, &(0x7f0000000700), 0x100000000000000d) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) accept4$packet(0xffffffffffffffff, &(0x7f0000000a00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x0, 0x0) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(r4, &(0x7f0000000000)=[{0x0}], 0x1, 0x8000000000000000) 04:51:55 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x102, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) accept4$bt_l2cap(r7, &(0x7f00000000c0), &(0x7f0000000140)=0xe, 0x80000) write$input_event(r1, &(0x7f0000000040)={{r2, r3/1000+10000}, 0x16, 0x0, 0x2}, 0xfffffffffffffca6) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100), 0x4) 04:51:55 executing program 2: openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:55 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000600005f3f000000000000000000"], 0x38) [ 791.027862] SELinux: ebitmap: truncated map 04:51:55 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000700005f3f000000000000000000"], 0x38) [ 791.065377] SELinux: failed to load policy 04:51:55 executing program 2: openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 791.225578] SELinux: ebitmap: truncated map 04:51:55 executing program 1: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020185ffffff01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r3, 0x0) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000005c0)={{{@in6=@ipv4={[], [], @remote}, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f00000006c0)=0xe8) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000140)='./file0\x00', 0x3, 0x4, &(0x7f0000000480)=[{&(0x7f0000000180)="6597ab90e34c9ea569a18db54b9f5beec5df1794dae4daba9a67994852ba8c74d9416c549c8b71a34c7421b07820fa40c6075feab45d885b3187e6ee88fe3f0a0d184888e244d3f5b6fdecfa8782d12c675dbe0c10548f311f9ffff20fe5000f9052f6c0ec857d6304ffcd0d583592ed5dc7a72c3a318ec50fbcb851badffd6dbdab8ec24cb95cdef41abeeb6941874d4f4db69a28fd6a82456b90d673540c2d6e4f8511dd31244c33c817e6623dfdd01447f4", 0xb3, 0x100000000}, {&(0x7f0000000240)="0ed7d98ba808f5df192a7868c676aa1560a65fa1d08f5492bbd52d83a50dd0e84abffd5d3ca29a90a8120c5eadcd52a5738405543e72c4489a5f952e58069933ce3e440913c47c8f6ad968325b34534a9efaf3cd24abaaefa9fbb4901008f401e01450b16522c48dfdf018e527372ee39b2c915d02891e47d8ae7e208d9ccdff0bb1f03eadedb603db1985124b826c2d8e80778ccb0cba3bdef40c0f2defe5eb8900019036ee42e064aed2fa4036", 0xae, 0x1000}, {&(0x7f0000000300)="fba0c8e43e1bc4fe22e3780965a028c6e85b712dbcd01407426c11302a3fa71f2707e0c336c310895d5fa54202f9863a8a6238031194a901c7bca4fcafbddf2f37b38e4cfd4f6f17630e8cabcc3e2b5360", 0x51, 0x7}, {&(0x7f0000000380)="bd2b149b64a9e5d7f5639e0158f194cc6acd58c0df8e24257fe11b523a56323bbde8e7bdd1208ad0ebeb199de7409c5c5c0c386f92fb673c8a39fea28d00fa35fb9674149e16236c55020d5d071d16a088b24ae845c557eb4d1ac2fdf73e557d65b126460433a4d1f6d5145ced17a9f1f9e5774241531b1ae364b23272f91142e0931088fe79038844ee6920376bfa0738cca834dd23769c9e877c9a76b0bba4308ae5eec66f4d831dc53e686d61da7e429c15ebbd1dff5bee86126c30b23c747742deb9cf6c00137b45e3cc5f43b6029040ab1c3d438730016bdbd67933af0a11e031d2a95fb7924adff26a23b1939c10acbcb48c01", 0xf6, 0x8}], 0x8000, &(0x7f0000000700)={[{@fat=@dmask={'dmask', 0x3d, 0x9}}, {@uni_xlate='uni_xlate=1'}, {@shortname_lower='shortname=lower'}, {@numtail='nonumtail=0'}, {@numtail='nonumtail=0'}, {@utf8='utf8=1'}, {@shortname_winnt='shortname=winnt'}, {@numtail='nonumtail=0'}, {@fat=@errors_continue='errors=continue'}], [{@subj_type={'subj_type', 0x3d, 'systemem0nodevusercpuset)lovmnet1@systemwlan0'}}, {@euid_gt={'euid>', r1}}, {@fowner_eq={'fowner', 0x3d, r3}}, {@permit_directio='permit_directio'}, {@uid_gt={'uid>', r4}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@uid_gt={'uid>', r5}}]}) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGARP(r6, 0x8954, &(0x7f00000000c0)={{0x2, 0x4e23, @empty}, {0x306}, 0x36, {0x2, 0x4e24, @empty}, 'ip6tnl0\x00'}) [ 791.257369] SELinux: failed to load policy 04:51:55 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501002000005f3f000000000000000000"], 0x38) [ 791.342376] loop1: p1 < > p2 p3 < p5 p6 > p4 [ 791.365159] loop1: partition table partially beyond EOD, truncated [ 791.394273] loop1: p1 start 1 is beyond EOD, truncated 04:51:55 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 791.440907] loop1: p2 size 1073741824 extends beyond EOD, truncated [ 791.502624] SELinux: ebitmap: truncated map [ 791.519269] loop1: p3 size 2 extends beyond EOD, truncated 04:51:55 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r0, r0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000180)={0x0, 0x1000}) r1 = getpid() tkill(r1, 0x1000000000015) r2 = getpid() tkill(r2, 0x1000000000015) capset(&(0x7f0000000000)={0x24020019980330, r2}, &(0x7f00000001c0)) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) syz_open_dev$char_usb(0xc, 0xb4, 0x100) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffffffffffff}, 0x106}}, 0x20) r10 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r11 = dup2(r10, r10) ioctl$TIOCGSOFTCAR(r11, 0x5419, 0x0) getpeername$netrom(r11, &(0x7f0000000200)={{0x3, @netrom}, [@bcast, @netrom, @remote, @rose, @rose, @remote, @default, @null]}, &(0x7f0000000140)=0x48) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r6, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f0000000040), 0x1, {0xa, 0x4e22, 0x9, @loopback, 0x7f}, r9}}, 0x38) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) [ 791.546815] SELinux: failed to load policy [ 791.552322] loop1: p4 size 32768 extends beyond EOD, truncated 04:51:56 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501003f00005f3f000000000000000000"], 0x38) [ 791.594923] loop1: p5 size 1073741824 extends beyond EOD, truncated [ 791.622839] loop1: p6 size 32768 extends beyond EOD, truncated 04:51:56 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 791.734058] SELinux: ebitmap: truncated map [ 791.757857] SELinux: failed to load policy [ 792.077189] net_ratelimit: 14 callbacks suppressed [ 792.077197] protocol 88fb is buggy, dev hsr_slave_0 [ 792.087372] protocol 88fb is buggy, dev hsr_slave_1 [ 792.092486] protocol 88fb is buggy, dev hsr_slave_0 [ 792.097587] protocol 88fb is buggy, dev hsr_slave_1 [ 792.172956] loop1: p1 < > p2 p3 < p5 p6 > p4 [ 792.183457] loop1: p2 size 1073741824 extends beyond EOD, truncated [ 792.199883] loop1: p5 size 1073741824 extends beyond EOD, truncated 04:51:56 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:56 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501004800005f3f000000000000000000"], 0x38) 04:51:56 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = getpid() tkill(r5, 0x1000000000015) fcntl$lock(r4, 0x6, &(0x7f0000000380)={0x1, 0x1, 0xfffffffffffffff9, 0x4, r5}) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) shmget(0x3, 0x1000, 0x20, &(0x7f0000ffe000/0x1000)=nil) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r7, 0x84, 0x4, &(0x7f0000000340)=0x1, 0x4) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f00000002c0)={0x0, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e24, @empty}, {0x2, 0x4e20, @broadcast}, 0x386, 0x0, 0x0, 0x0, 0xff, &(0x7f0000000240)='ip6gre0\x00', 0x100, 0xffffffffffffffff, 0x6}) write$P9_RLERROR(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000702000f0028737973726f63"], 0x18) write$P9_RCLUNK(r1, &(0x7f00000000c0)={0x7, 0x79, 0x2}, 0x7) r8 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r9 = dup2(r8, r8) ioctl$TIOCGSOFTCAR(r9, 0x5419, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r9, 0x541b, &(0x7f0000000100)) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000200)={0x0, 0x0, 0x1, 0xffffffffffffffe1, 0x1}, 0x14) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0x1da9, 0x4) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) 04:51:56 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0xa, 0x80005, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'team0\x00\x00\x01\x00', 0x9843}) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000240)={'team0\x00\x060\xff\xfd\x00%`\x00', 0xb5}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000001740)={{{@in=@remote, @in=@broadcast}}, {{@in=@local}, 0x0, @in6}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003580)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 792.369824] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 04:51:56 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) [ 792.461275] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 792.467198] protocol 88fb is buggy, dev hsr_slave_0 [ 792.472321] protocol 88fb is buggy, dev hsr_slave_1 [ 792.514924] CPU: 0 PID: 21184 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 792.522171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.531535] Call Trace: [ 792.534141] dump_stack+0x172/0x1f0 [ 792.537793] dump_header+0x15e/0xa55 [ 792.541525] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 792.546646] ? ___ratelimit+0x60/0x595 [ 792.550554] ? do_raw_spin_unlock+0x57/0x270 [ 792.554989] oom_kill_process.cold+0x10/0x6ef [ 792.559508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.565055] ? task_will_free_mem+0x139/0x6e0 [ 792.569595] out_of_memory+0x936/0x12d0 [ 792.573582] ? lock_downgrade+0x810/0x810 [ 792.577751] ? oom_killer_disable+0x280/0x280 [ 792.582256] ? find_held_lock+0x35/0x130 [ 792.586340] mem_cgroup_out_of_memory+0x1d2/0x240 [ 792.591194] ? memcg_event_wake+0x230/0x230 [ 792.595538] ? do_raw_spin_unlock+0x57/0x270 [ 792.599963] ? _raw_spin_unlock+0x2d/0x50 [ 792.604125] try_charge+0xef7/0x1480 [ 792.607851] ? find_held_lock+0x35/0x130 [ 792.611952] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 792.616812] ? kasan_check_read+0x11/0x20 [ 792.620979] ? get_mem_cgroup_from_mm+0x156/0x320 [ 792.625837] mem_cgroup_try_charge+0x259/0x6b0 [ 792.630437] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 792.635383] wp_page_copy+0x430/0x16a0 [ 792.639307] ? pmd_pfn+0x1d0/0x1d0 [ 792.642860] ? kasan_check_read+0x11/0x20 [ 792.647154] ? do_raw_spin_unlock+0x57/0x270 [ 792.651584] do_wp_page+0x57d/0x10b0 [ 792.655331] ? lock_acquire+0x16f/0x3f0 [ 792.659318] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 792.664009] ? kasan_check_write+0x14/0x20 [ 792.668258] ? do_raw_spin_lock+0xc8/0x240 [ 792.672511] __handle_mm_fault+0x2305/0x3f80 [ 792.676938] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 792.681817] ? count_memcg_event_mm+0x2b1/0x4d0 [ 792.686503] handle_mm_fault+0x1b5/0x690 [ 792.690581] __do_page_fault+0x62a/0xe90 [ 792.694661] ? vmalloc_fault+0x740/0x740 [ 792.698744] ? trace_hardirqs_off_caller+0x65/0x220 [ 792.704643] ? trace_hardirqs_on_caller+0x6a/0x220 [ 792.709586] ? page_fault+0x8/0x30 [ 792.713146] do_page_fault+0x71/0x57d [ 792.716957] ? page_fault+0x8/0x30 [ 792.720509] page_fault+0x1e/0x30 [ 792.723971] RIP: 0033:0x40eba8 [ 792.727174] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 [ 792.746184] RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 [ 792.751561] RAX: 00000000140f25fa RBX: 000000006f5fda93 RCX: 0000001b30a20000 [ 792.758839] RDX: 0000000000000000 RSI: 00000000000005fa RDI: ffffffff140f25fa 04:51:57 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) [ 792.766108] RBP: 0000000000000009 R08: 00000000140f25fa R09: 00000000140f25fe [ 792.766118] R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 [ 792.766126] R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000009 [ 792.773610] protocol 88fb is buggy, dev hsr_slave_0 [ 792.773669] protocol 88fb is buggy, dev hsr_slave_1 [ 792.875615] Task in /syz0 killed as a result of limit of /syz0 [ 792.886685] memory: usage 307200kB, limit 307200kB, failcnt 4556 [ 792.902725] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 792.934871] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 792.980999] Memory cgroup stats for /syz0: cache:0KB rss:226940KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:227096KB inactive_file:0KB active_file:0KB unevictable:0KB [ 793.083899] Memory cgroup out of memory: Kill process 15285 (syz-executor.0) score 1113 or sacrifice child 04:51:57 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r0, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r3, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, 0x0, 0x8040fffffffd) [ 793.137904] Killed process 15285 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 793.216895] oom_reaper: reaped process 15285 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 04:51:57 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501004c00005f3f000000000000000000"], 0x38) [ 793.294136] SELinux: ebitmap: truncated map [ 793.475936] SELinux: ebitmap: truncated map 04:51:57 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501006000005f3f000000000000000000"], 0x38) [ 793.615006] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 793.633167] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 793.643425] CPU: 0 PID: 21225 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 793.650413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 793.659971] Call Trace: [ 793.662593] dump_stack+0x172/0x1f0 [ 793.666249] dump_header+0x15e/0xa55 [ 793.669978] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 793.675095] ? ___ratelimit+0x60/0x595 [ 793.678989] ? do_raw_spin_unlock+0x57/0x270 [ 793.683420] oom_kill_process.cold+0x10/0x6ef [ 793.687933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.693831] ? task_will_free_mem+0x139/0x6e0 [ 793.698342] ? find_held_lock+0x35/0x130 [ 793.702418] out_of_memory+0x936/0x12d0 [ 793.706498] ? lock_downgrade+0x810/0x810 [ 793.711010] ? oom_killer_disable+0x280/0x280 [ 793.715509] ? find_held_lock+0x35/0x130 [ 793.719594] mem_cgroup_out_of_memory+0x1d2/0x240 [ 793.724453] ? memcg_event_wake+0x230/0x230 [ 793.728788] ? do_raw_spin_unlock+0x57/0x270 [ 793.733206] ? _raw_spin_unlock+0x2d/0x50 [ 793.737365] try_charge+0xef7/0x1480 [ 793.741092] ? find_held_lock+0x35/0x130 [ 793.745178] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 793.750045] ? get_mem_cgroup_from_mm+0x139/0x320 [ 793.754897] ? find_held_lock+0x35/0x130 [ 793.758970] ? get_mem_cgroup_from_mm+0x139/0x320 [ 793.763831] memcg_kmem_charge_memcg+0x7c/0x130 [ 793.768509] ? memcg_kmem_put_cache+0xb0/0xb0 [ 793.773018] ? get_mem_cgroup_from_mm+0x156/0x320 [ 793.777866] memcg_kmem_charge+0x136/0x370 [ 793.782108] __alloc_pages_nodemask+0x3c3/0x750 [ 793.786821] ? should_fail+0x14d/0x85c [ 793.790725] ? __alloc_pages_slowpath+0x2870/0x2870 [ 793.795756] ? find_held_lock+0x35/0x130 [ 793.800703] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 793.806250] alloc_pages_current+0x107/0x210 [ 793.810672] pte_alloc_one+0x1b/0x1a0 [ 793.814658] __do_fault+0x2d7/0x480 [ 793.818294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.823844] __handle_mm_fault+0x2b0e/0x3f80 [ 793.828283] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 793.833158] ? count_memcg_event_mm+0x2b1/0x4d0 [ 793.837848] handle_mm_fault+0x1b5/0x690 [ 793.841932] __do_page_fault+0x62a/0xe90 [ 793.846007] ? vmalloc_fault+0x740/0x740 [ 793.850082] ? trace_hardirqs_off_caller+0x65/0x220 [ 793.855111] ? trace_hardirqs_on_caller+0x6a/0x220 [ 793.860047] ? page_fault+0x8/0x30 [ 793.863622] do_page_fault+0x71/0x57d [ 793.867433] ? page_fault+0x8/0x30 [ 793.870985] page_fault+0x1e/0x30 [ 793.874445] RIP: 0033:0x401aa7 [ 793.877650] Code: 00 00 00 48 83 ec 08 48 8b 15 0d ea 66 00 48 8b 05 fe e9 66 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 e0 e9 66 00 48 83 c4 08 c3 48 89 c6 bf e0 9d 4c 00 [ 793.896562] RSP: 002b:00007ffc40f2ec70 EFLAGS: 00010287 [ 793.901940] RAX: 0000001b2fa20000 RBX: 0000000000000000 RCX: 0000001b30a20000 [ 793.909221] RDX: 0000001b2fa20004 RSI: 00007ffc40f2ea30 RDI: 0000000000000000 [ 793.916496] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 793.923771] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000001 [ 793.931047] R13: 00007ffc40f2ee60 R14: 0000000000000000 R15: 00007ffc40f2ee70 [ 793.949117] Task in /syz0 killed as a result of limit of /syz0 [ 793.968477] memory: usage 307200kB, limit 307200kB, failcnt 4586 [ 793.986893] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 794.010487] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 794.042539] Memory cgroup stats for /syz0: cache:0KB rss:227036KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:227044KB inactive_file:0KB active_file:0KB unevictable:0KB [ 794.076754] Memory cgroup out of memory: Kill process 15485 (syz-executor.0) score 1113 or sacrifice child [ 794.089677] Killed process 15485 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 794.147196] protocol 88fb is buggy, dev hsr_slave_0 [ 794.152320] protocol 88fb is buggy, dev hsr_slave_1 [ 794.178014] SELinux: ebitmap: truncated map 04:51:59 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) getegid() getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000000040), &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYBLOB="8d000000c423e476e4d5f3d7092090adcf1c2d61763a30b589b05c2159ee5e0c0d0e6461a23f74124b4fd710cabf3f7f6193f181f22fc35d4fe73ca5877f479a12a76bc20e9d50bcc1849735de85c0333077e203abc58fb1c8c6cf9b75245167ff956e681ddaf3d7ee32b1ccb361913f85cfb61babeadcd15470c1617d8cc9f2a1a19b00000000000000000000000000007da7d4fda6906bb6033aca78abe74562d060989874e91da59fe5f08bc581"], &(0x7f00000000c0)=0x95) setsockopt$inet_sctp_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f0000000100)=r2, 0x4) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:51:59 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:51:59 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x1004, 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/btrfs-control\x00', 0x9000, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000ac0)='cdg\x00', 0x4) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) ioctl$VFIO_IOMMU_MAP_DMA(r2, 0x3b71, &(0x7f0000000040)={0x20, 0x2, 0x5, 0x100, 0x7}) mount$fuseblk(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x64060, &(0x7f0000000180)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}, {@max_read={'max_read', 0x3d, 0x8}}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@max_read={'max_read', 0x3d, 0x357}}, {@allow_other='allow_other'}]}}) 04:51:59 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501006800005f3f000000000000000000"], 0x38) [ 794.702546] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 794.742869] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 794.764489] CPU: 1 PID: 7615 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 794.771375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.780735] Call Trace: [ 794.783357] dump_stack+0x172/0x1f0 [ 794.787013] dump_header+0x15e/0xa55 [ 794.790726] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 794.790741] ? ___ratelimit+0x60/0x595 [ 794.790754] ? do_raw_spin_unlock+0x57/0x270 [ 794.790771] oom_kill_process.cold+0x10/0x6ef [ 794.790789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.790803] ? task_will_free_mem+0x139/0x6e0 [ 794.790815] ? find_held_lock+0x35/0x130 [ 794.790833] out_of_memory+0x936/0x12d0 [ 794.827452] ? lock_downgrade+0x810/0x810 [ 794.831626] ? oom_killer_disable+0x280/0x280 [ 794.836217] ? find_held_lock+0x35/0x130 [ 794.840305] mem_cgroup_out_of_memory+0x1d2/0x240 [ 794.845163] ? memcg_event_wake+0x230/0x230 [ 794.849504] ? do_raw_spin_unlock+0x57/0x270 [ 794.853929] ? _raw_spin_unlock+0x2d/0x50 [ 794.858094] try_charge+0xef7/0x1480 [ 794.861821] ? find_held_lock+0x35/0x130 [ 794.865898] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 794.870954] ? get_mem_cgroup_from_mm+0x139/0x320 [ 794.875818] ? find_held_lock+0x35/0x130 [ 794.879905] ? get_mem_cgroup_from_mm+0x139/0x320 [ 794.884792] memcg_kmem_charge_memcg+0x7c/0x130 [ 794.889474] ? memcg_kmem_put_cache+0xb0/0xb0 [ 794.893986] ? get_mem_cgroup_from_mm+0x156/0x320 [ 794.898843] memcg_kmem_charge+0x136/0x370 [ 794.903099] __alloc_pages_nodemask+0x3c3/0x750 [ 794.907788] ? __alloc_pages_slowpath+0x2870/0x2870 [ 794.912821] ? find_held_lock+0x35/0x130 [ 794.916899] ? copy_page_range+0x124f/0x1f90 [ 794.921841] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 794.927398] alloc_pages_current+0x107/0x210 [ 794.931823] pte_alloc_one+0x1b/0x1a0 [ 794.935651] __pte_alloc+0x2a/0x360 [ 794.939294] copy_page_range+0x151f/0x1f90 [ 794.943559] ? pmd_alloc+0x180/0x180 [ 794.947365] ? __vma_link_rb+0x279/0x370 [ 794.951435] copy_process.part.0+0x543d/0x7a30 [ 794.956051] ? __cleanup_sighand+0x70/0x70 [ 794.960311] _do_fork+0x257/0xfd0 [ 794.963772] ? fork_idle+0x1d0/0x1d0 [ 794.967499] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 794.972258] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 794.977022] ? do_syscall_64+0x26/0x620 [ 794.981006] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.986381] ? do_syscall_64+0x26/0x620 [ 794.990367] __x64_sys_clone+0xbf/0x150 [ 794.994355] do_syscall_64+0xfd/0x620 [ 794.998254] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 795.003444] RIP: 0033:0x457fda [ 795.006637] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 795.025548] RSP: 002b:00007ffc40f2ede0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 795.033269] RAX: ffffffffffffffda RBX: 00007ffc40f2ede0 RCX: 0000000000457fda 04:51:59 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 795.040550] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 795.047825] RBP: 00007ffc40f2ee20 R08: 0000000000000001 R09: 0000555556e18940 [ 795.055094] R10: 0000555556e18c10 R11: 0000000000000246 R12: 0000000000000001 [ 795.062393] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc40f2ee70 [ 795.137210] Task in /syz0 killed as a result of limit of /syz0 [ 795.144505] memory: usage 307200kB, limit 307200kB, failcnt 4601 [ 795.157175] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.171826] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.184806] Memory cgroup stats for /syz0: cache:0KB rss:227016KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:227024KB inactive_file:0KB active_file:0KB unevictable:0KB [ 795.219893] Memory cgroup out of memory: Kill process 15624 (syz-executor.0) score 1113 or sacrifice child [ 795.230402] Killed process 15624 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 795.265143] SELinux: ebitmap: truncated map [ 795.269967] sel_write_load: 3 callbacks suppressed [ 795.269972] SELinux: failed to load policy [ 795.286362] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 795.300736] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 795.314375] CPU: 0 PID: 21249 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 795.322295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.331663] Call Trace: [ 795.334262] dump_stack+0x172/0x1f0 [ 795.337897] dump_header+0x15e/0xa55 [ 795.341615] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 795.346719] ? ___ratelimit+0x60/0x595 [ 795.350608] ? do_raw_spin_unlock+0x57/0x270 [ 795.355988] oom_kill_process.cold+0x10/0x6ef [ 795.360492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.366991] ? task_will_free_mem+0x139/0x6e0 [ 795.371501] ? find_held_lock+0x35/0x130 [ 795.375574] out_of_memory+0x936/0x12d0 [ 795.379565] ? lock_downgrade+0x810/0x810 [ 795.383832] ? oom_killer_disable+0x280/0x280 [ 795.388342] ? find_held_lock+0x35/0x130 [ 795.392428] mem_cgroup_out_of_memory+0x1d2/0x240 [ 795.397282] ? memcg_event_wake+0x230/0x230 [ 795.401623] ? do_raw_spin_unlock+0x57/0x270 [ 795.406048] ? _raw_spin_unlock+0x2d/0x50 [ 795.410211] try_charge+0xef7/0x1480 [ 795.413938] ? find_held_lock+0x35/0x130 [ 795.418022] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 795.422880] ? get_mem_cgroup_from_mm+0x139/0x320 [ 795.427734] ? find_held_lock+0x35/0x130 [ 795.431808] ? get_mem_cgroup_from_mm+0x139/0x320 [ 795.436671] memcg_kmem_charge_memcg+0x7c/0x130 [ 795.441353] ? memcg_kmem_put_cache+0xb0/0xb0 [ 795.447168] ? get_mem_cgroup_from_mm+0x156/0x320 [ 795.452028] memcg_kmem_charge+0x136/0x370 [ 795.456279] __alloc_pages_nodemask+0x3c3/0x750 [ 795.460967] ? __alloc_pages_slowpath+0x2870/0x2870 [ 795.466001] ? lockdep_hardirqs_on+0x415/0x5d0 [ 795.470597] ? trace_hardirqs_on+0x67/0x220 [ 795.474937] copy_process.part.0+0x3e0/0x7a30 [ 795.479446] ? mark_held_locks+0x100/0x100 [ 795.483692] ? __might_fault+0x12b/0x1e0 [ 795.487770] ? __cleanup_sighand+0x70/0x70 [ 795.492012] ? lock_downgrade+0x810/0x810 [ 795.496183] _do_fork+0x257/0xfd0 [ 795.499648] ? fork_idle+0x1d0/0x1d0 [ 795.503379] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 795.508145] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 795.513013] ? do_syscall_64+0x26/0x620 [ 795.516998] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 795.522371] ? do_syscall_64+0x26/0x620 [ 795.526358] __x64_sys_clone+0xbf/0x150 [ 795.530351] do_syscall_64+0xfd/0x620 [ 795.534169] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 795.539367] RIP: 0033:0x459a09 [ 795.542567] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 795.561583] RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 795.569306] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 [ 795.576587] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd [ 795.583867] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 795.591155] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 [ 795.598442] R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff [ 795.645383] Task in /syz0 killed as a result of limit of /syz0 [ 795.655821] memory: usage 307096kB, limit 307200kB, failcnt 4613 [ 795.662497] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.669904] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.676168] Memory cgroup stats for /syz0: cache:0KB rss:226968KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:227024KB inactive_file:0KB active_file:0KB unevictable:0KB [ 795.698858] Memory cgroup out of memory: Kill process 15635 (syz-executor.0) score 1113 or sacrifice child [ 795.709473] Killed process 15635 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 795.804589] IPVS: ftp: loaded support on port[0] = 21 [ 795.914706] chnl_net:caif_netlink_parms(): no params data found [ 795.954920] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.962592] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.971091] device bridge_slave_0 entered promiscuous mode [ 795.985343] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.992652] bridge0: port 2(bridge_slave_1) entered disabled state [ 796.006144] device bridge_slave_1 entered promiscuous mode [ 796.034394] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 796.051778] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 796.090659] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 796.099792] team0: Port device team_slave_0 added [ 796.105754] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 796.113859] team0: Port device team_slave_1 added [ 796.119831] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 796.127910] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 796.219934] device hsr_slave_0 entered promiscuous mode [ 796.257471] device hsr_slave_1 entered promiscuous mode [ 796.297760] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 796.304871] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 796.351508] bridge0: port 2(bridge_slave_1) entered blocking state [ 796.357954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 796.364622] bridge0: port 1(bridge_slave_0) entered blocking state [ 796.371071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 796.477756] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 796.483963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 796.507658] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 796.517227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 796.525050] bridge0: port 1(bridge_slave_0) entered disabled state [ 796.532036] bridge0: port 2(bridge_slave_1) entered disabled state [ 796.539613] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 796.551951] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 796.558514] 8021q: adding VLAN 0 to HW filter on device team0 [ 796.568592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 796.576711] bridge0: port 1(bridge_slave_0) entered blocking state [ 796.584202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 796.614117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 796.622503] bridge0: port 2(bridge_slave_1) entered blocking state [ 796.628930] bridge0: port 2(bridge_slave_1) entered forwarding state [ 796.657492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 796.676176] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 796.706209] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 796.727978] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 796.738714] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 796.746074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 796.774261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 796.782455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 796.803820] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 796.822095] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 796.834053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 797.117172] net_ratelimit: 16 callbacks suppressed [ 797.117182] protocol 88fb is buggy, dev hsr_slave_0 [ 797.127485] protocol 88fb is buggy, dev hsr_slave_1 [ 797.132603] protocol 88fb is buggy, dev hsr_slave_0 [ 797.137716] protocol 88fb is buggy, dev hsr_slave_1 [ 797.257217] protocol 88fb is buggy, dev hsr_slave_0 [ 797.262376] protocol 88fb is buggy, dev hsr_slave_1 [ 798.307229] protocol 88fb is buggy, dev hsr_slave_0 [ 798.312363] protocol 88fb is buggy, dev hsr_slave_1 [ 798.317516] protocol 88fb is buggy, dev hsr_slave_0 [ 798.322606] protocol 88fb is buggy, dev hsr_slave_1 04:52:04 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) write$binfmt_aout(r1, &(0x7f0000000580)={{0x10b, 0x4, 0x1, 0x3c3, 0x200, 0x5, 0x5f, 0xd8}, "ff135e48438b276f55cb581c91caf4e8a9daa886d41fe8761aa911f9b5eb25ce39550151667a87cbf9c6ba7788067c1dbfc6b5a1a627a4301399ce4bf1fdc6bf33e533a55b38bc9d2264b5a5977107823ec93a1366d0047f13c1035d13fe1dfb7c6f9d4fd97e989ca3c39f7bcb41c679b70572afb8980fae1870fa71a9ecf83edb8281", [[], [], [], [], [], [], [], []]}, 0x8a3) fchdir(r0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='\x8b*\x02\x81\xbaL4\xf0\x9f\x14V\xda\x8c\xbfM\x8c\xc5\xe0\xa1\xcd(\xc61\x90\x18\x0f\x1f\xa9\x95\x80\xb7H\xf31\x1d\xe9!\xfag\xd9\xaa\'w\xaf08ke\xd4\xbcb\xbbG\x13\xcdR\xdbzjE\xd1Ez\xa7\x05\x9e\xb1\xa2\xc4K\x81+\x10\xbe\\=\x14\x10[\xb5\x93j\xeb}VzL\xe8\xba\xbe\x9f\xa7\t\xbbIZ\x1d\xa3 A\xd2?\xd1\xb0\x02-^!;\\-n\x91\x94tJ\x13m\xfePd\xd5\x91!\xc6\x8a]X8\xf65\bK\x9bC\x1b\xbfkE\xcb(\x01`,-,\x94\xc2\xd7RL,\x9eJ4\x84\xfd}', 0x26e1, 0x0) 04:52:04 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501006c00005f3f000000000000000000"], 0x38) 04:52:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x82000, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f00000000c0)={0x0, @adiantum}) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r2 = open$dir(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) mknodat(r2, &(0x7f0000000300)='./file1\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000000)='./file1\x00', r2, &(0x7f0000000100)='./file0\x00', 0x80000000000005) 04:52:04 executing program 3: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x814f4d160f40041c, 0x0) r1 = socket(0x1e, 0x4, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x8) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, r2, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x2c, 0x7, [{0x8, 0x1, r3}, {0x8, 0x1, r1}, {0x8}, {0x8}, {0x8, 0x1, r4}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x167}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000225bd7000ffdbdf25010000000c0005000a0100000600d89c000002001800000000000000"], 0x2c}}, 0x4000000) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000280)={0x0, 0x71, "d8520cc443e962319a3f0a56322480199146e71cf5c4f5e99a795ab3ef1217248190b7d01726742c86eb1d31d64c53f30b2ef2bb3d5ad72cb45eb7f95222b1ac63ec52f866e6e17ccb450ddfa9e08cb2450dbb35e79aa8ec45fc3e5615170882e2c689c1a8afc34aa125d484bb9a96ce69"}, &(0x7f0000000300)=0x79) capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) 04:52:04 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:04 executing program 5: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syzkaller0\x00'}) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x2459c97e2fbd75cb, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x17, &(0x7f0000000200)=0x9, 0x4) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000180)={0x6, 0x2, 0x4, 0x5038000000000000, 'syz1\x00', 0x400}) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r4, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r5 = perf_event_open(&(0x7f0000000980)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1895, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000100)) r6 = dup3(r5, r4, 0x0) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, &(0x7f00000001c0)={0xb216, 0xfffffffffffffffa, 0x1}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x1000, 0x0, 0x1000, 0x2, 0xffffffffffffffff, 0x6, [], r7, r6, 0x1}, 0x3c) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@local, @rand_addr, r7}, 0xc) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'dummy0\x00', r7}) r8 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r9 = dup2(r8, r8) ioctl$TIOCGSOFTCAR(r9, 0x5419, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000002c0)={'broute\x00'}, &(0x7f0000000340)=0x78) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000240)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r9, 0xc010640b, &(0x7f0000000280)={r10, 0x0, 0xffff}) [ 800.126823] SELinux: ebitmap: truncated map 04:52:04 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TIOCGSOFTCAR(r0, 0x5419, 0x0) [ 800.152377] SELinux: failed to load policy 04:52:04 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x80, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) readv(r0, &(0x7f0000000140)=[{&(0x7f00008ec000)=""/219, 0xdb}], 0x1) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x6, 0x300) ioctl$TIOCGPKT(0xffffffffffffffff, 0x80045438, &(0x7f00000000c0)) ioctl$TIOCSBRK(r1, 0x5427) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f0000000080)={0x8000, 0x3, 0xffffffff, 0x4f, 0x8001, 0xfff, 0x3}) write$evdev(r0, &(0x7f000004d000)=[{{}, 0x0, 0x1}], 0xfffffe82) write$selinux_context(0xffffffffffffffff, &(0x7f0000000100)='system_u:object_r:insmod_exec_t:s0\x00', 0x23) 04:52:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuset.sched_load_balance\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) 04:52:04 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501007400005f3f000000000000000000"], 0x38) 04:52:04 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xffffffff, 0x208480) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) pipe2(&(0x7f0000000080), 0x80800) ioctl$TIOCGSOFTCAR(r0, 0x5419, 0x0) 04:52:04 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0xc05c6104, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f0000001c0007000c00040000000000000000000c0003000000000000000000"], 0x30}}, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, 0x0, 0x0) 04:52:04 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x0, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 800.419422] SELinux: ebitmap: truncated map [ 800.424073] SELinux: failed to load policy 04:52:04 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501007a00005f3f000000000000000000"], 0x38) 04:52:04 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:05 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000001880)={0x0, 0x10001}, &(0x7f00000018c0)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001900)={r5, 0x4}, 0x8) r6 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r8, 0x54a2) r9 = syz_open_dev$mouse(&(0x7f0000001800)='/dev/input/mouse#\x00', 0x7, 0x40000) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000001840)=r9, 0x4) sendmmsg$alg(r6, &(0x7f0000001780)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000040)="d2e485aad2c3d4e82b23bb9988b3784151d83712d4e45a3ee38b1857385c2864aa6e9525114c2770dc3510b01aee21f92dcbc989de24", 0x36}, {&(0x7f0000000080)="510d08b705f5e44b0f21f4fc568a2234f5cae33ce8be88d2b4b8376084546e3d2d592eb050fc2389efd69a4983173ae48e787aebffd4c2cae2aea7d1803e7288ffc0aa0d9665e261b0533723b4859d03b2d5ed1c2e717df4c75f52a70ff79f3f450ca19c37efb0ba97f181bbda0ac43511f2539dca2ab0c0eb1ce913cc0593ad57b31df03fc7fd8d56bbbf6c880375e57bdef142f6c2516a", 0x98}, {&(0x7f0000000180)="f9d06c551c0fac860d7497d9e1f5dc2dcac0f7334656a61b53342a3dc93d19acf304b9cc08ea5a16eab356dcef0ee0209a6d163136a57a629cb5f01812f200049e7bc76dbebdd9d9c172835d0d5271f9d31a8243166bc579c00e55bf3bb75e0a44b89a467847b71faa05b6f6d4506b412305ef014a34f403484b1a0c9b30d6b4d73a23fe58ff965d091bb22907d6f92083b1d1acf857cc8cdbc543b5ac8e09cee37f1982050083b0523b1d9ebfec2c6babcd477b", 0xb4}, {&(0x7f0000000240)="c9d0b95829d0981b06a74f4c2332ce79061194525f52b3128abee9a7ccf34721c48eb412d713929d15", 0x29}, {&(0x7f0000000280)="5e0b0bb4a7593e982c19645b16fc45ba437cba7cd520a31a013a382c59fce00930a7724a7b9ae5a8c1650c8de83233f780c5fff3d1c95dd3e5b80a9d859388c4b2e9a72a0c79e9752f1526f205c58b", 0x4f}, {&(0x7f0000000300)="37b22f372c6e06c6610e75301278568e83f22f9aa11a0edaffd16e7ec8c783edb84490a6ac9eec4ef7c062103626ad38e1a931cd041ff6c5827b55088aad5b34548af8994857823e1816f9ed5377de502a905a5fd781ecf120dba877", 0x5c}, {&(0x7f0000000380)="2214991e11815c03023fe8ce05ddefb53710af04e9042aed2342b41b1b0beff5b816b09d9e74354a6989760b8f00fae0cdadd6e1cfc69da339f28c185d31728119fdb2b6efcf1d25130bea720e12", 0x4e}], 0x7, &(0x7f0000000480)=ANY=[@ANYBLOB="1810000000000000170100000200000000100000158ad89cc6e92ce69901eb33ec84869fa62e00630ec80c2d973ab743433d65896b86867bb28d704f0e817e0de27c5f67aa0c639d89c55e34f829d337c6d2a19009b90e8e7da98b59609e4cfac4dbfac7d7a499351b320f06d2cb1f9d440f54a26eff2afc5d81217afe33885dd16c7434255cf38485bfb3ca3fea1de3929a3f51043e8580e22a248a2208696c03dffdfc66f841e833de2f6e5ac157b5458e6a74acef2447911e38b1670485ae84ca8c2c0f50ef94dff12479243f19e00cfbed5a9094de6a567438bce887200520fd8a6f133fc366a5824df8d4b551673c6f355aa3546b099bd5ca99107f024514c2b01e2de9d238d40fa66452802fca80af5bbbd1a1f925fb0d2c6d23e0be4f3bc6da5298583f852bcfb70f66b284f1336f34d8dbc4ccc04f3b33b7fbdfb657116c073642c3af5614cd94179f5aa5b1db5c8370fcfc6bb6509b4f1c1d9ff6c77fe7962f451c9021201bbf750aaffc5805798254056fd0b39a77490c4b8d0e9c58c0e475468801643489db1e5b08642fd01ce80f1ace1e589112a7e6fe376be3e3856c09aed8243e8a80b0b813e7ba52132eec76e6dc28570e26e3f5fa4aaeb3ecf8bda2a11bf6eaa99f9468c3df5a133176f927ce2a5eca93b060a342ebc20799508b94062f802d6117d649f20e3559e7c92e5773323588e821d75682811186bbc767cfa2fad7a921b1cfb7ed875d526fa51c10f6afd6c359afb81d1075cf51de1acd6c3c2ea5fb64e4db314b1395f560eacbc356c24663c8dfebd31a55a83c07e40dd34d100f3649c546c3b7f5bf8404e74ed6fcdf67e849a0e6f14811dbbeae8d13734019217fc23b0e5e2e7583f014f5baabba1db8570a4d015977f5e3e9dd8b19298206d2df7ba6a4e04702d051dabd4a50fbcc04b3f2a5d9e9a0da1547ac2f84931b7d6ba71eef47a00fd26e31b5841575c2bc66a1e815d910575fe17f2e0ef5c31a7f11438a1e2cb6c01ae8f3c3419a2ca1cb17546cca1a929b4b3d2c80a6aa1f83c2afe389477a9f8d5fcf55a1d9a190d38cb0635886a1f9515c7b3939e4c69550b51b696617903217da375714263c14bfc74268c8596236bb7236e21cfcd22b60e543b5b57e29dc5d2a56db4dcc755e001b99fc6f9da0c3b96c18b6f2ea5ade021a28ebe615d7bf886cbde4ab3d3fb128b919aa0b135f5642ba3ad446b5067bbfcf183bf8ef05397278db5c6d0a49e5143a3e1c8ceea9323eedc5bfb7ee485204faa3e327c25d680cfbe717581264f4ed4fc6221baf5e9fc0fd5ae1bee1f38c13aa23188186bc7843468bf0a430a0808f8734bc436d0c653f0699ed194cb45a9153dd87bca88be4c053b8e7f8b163fb33eb33acbad32a7843ceb741b3a8b6e1b5a2304bdd47e9759bff7b0d4969b5c5eda11a40f6302d79d6f943b3db0ee34f68f7cb3ae3083fb4e00caf8f67265aac71780d2a904a0c8b7dc68e234fd2c8dd2fb5b2eb085cc12616168567581523a155bfafd76516216bc82031f02bd9617c8e8148fb1346e693d2eec600802142ce1138a2100dbd6b5a409af278ab130ce2abff633b5cdbcb4cdea00caa7a62c5fc2b959372ebb00d15ae41caba763b768514ba35a3006820f545d4e326aa83b29e144a5e6bc3129577bdb437eefc66e5b205fc850fe8617215957f815ec90db7f06c7a926cb96778058a1f053a7eb7a3e19ab106f6f752cb3bdbc3f7ade3d3f86f784aaae8d4be0202d9a33c967211dae60106cbaf525fb4727b142091fefdf9b2adba5522f0b7308a50b047283dcdfcd0425949392f3ed03d4b452bf938f183a50ccf98b450bd199614c18bdd9e5de9752c83bc9748bd01cda565b95265eaff6aa9460a1eb622ef5d725443060d0335a76304a3391fe0b5afca9875d3c9cc6934083ee5a081b43f38f04e28ffe446b793832ca109289def833577f2069fe727cba9ee682b94be1187be148228a74d8d26e26f4a49f0148d6a3f051c1787ec9a77a1adb6a540a12cda615e8ad5110461b5b83d3644819bd11ee47b99e32c3b170d6b1fa7912347b8b5d0d054c714cf8976c085b68b5bbea0ea7d667c7344c79db81bd9cd93e4a1840a28a182ae9c2b25fd6a1b2ed1ab31260efdc1bb95a8d705c835c828e65eb0ff746fd5f6de72f28a0c5cd1d3d6a9ad3074d0dba1eb59de4e8c5877158da63ca41043e4324446ec4c15f9ea56555cdba1dae9cda9838e01581d60602f766a7335459b5ca66dfb1cccb40dd992e766a0988a5ded628c70c3c823497e44996a4d5a8ca80e4c51e1ad1cd22bd478c8a9c16920449fde8f253ff3280b9157315435286c4ac39b41d967c557815bd9708755e4289d447cdb3ecbeee3e59246b05f127f568a71f548f0e86828f9e9a8caeb2734fec9275e0af753d273ed5b4e430000f511b9d6f445f6381dc30dce5a036cee939755dc7bcf2ad9cbb40c53f7a13b69d44f2c4720f3aebb4db172517ccefb0596c9de0bc72c324ec93a47c886f1e340a9e4c335b0b7fc8e890bc5bad71148d1c695f4f134bfeb2ae3f787ef3d8c3e21b3ba94d61520a2fdbfe83d5f6d0ddf72777fd33a9216183e5cc45fa3d22a135fdd7b7d26631b9469e85a232b0f82d51fe5b059bbeea56bf4ce796f62fc839f962ae83ba416a05a6d940b7c93b774d83a8ba5d1d3088442655229a1c488c885c3577de2cf7d7cec0fb41facc828a0ee5602ced20416012cd8d26f9e8b7a8f9376b3577de04a8adf747352e888cb669015c24aee0045bf15591c7066df8a2a7f2b5f244df1264351aee756a08e6576e1f2702a89abdd932c1d04c7b175f9eec17e7552acd805231cb700ae23579de8b5c9d41354495fa7df4933ee5f29f6bd6f27dff72769e1d831940382777e0d088cb45f8d5f5d18dcf3139cf42a6c4cfa580086966549b9488e75a0a37c3e7a994bde0c312010495ae740b5dac10bf352ae637ca02056e92f413d3bc6e08d757d5b3a6ddb3c39bc0cf39a311d234c116e32d49355864f9a6098f6002b4a4239a531cf0bfbc4dc8f6f7ea9faec8392205eb17c4bce8a04184e718f7a4c13f719e5a4279d414b8b530c7e452c147fdb3e9314249b9e2b7872111df88ddf493173e0302b011045df6dbb4da797bcd02d2235b3eaa16a583a52266c312b4745dfa734ebe84ba3c42b804c8244d7f3e7f7c0baac095fbbee25edb6fbf27585228ae68144a6a6139628b344ef0a9be5406a07fcfa351f5f854a914f9047712dd808f3e1e5a426a81e8673d92c0307f1ddc5c210f582c6186353a20e1410d6a9c3846fb8e9ec98db73e118e3225a29adf774dfb602202e38784103f71535f1282c3edaee57442d5babe8831b7d0b78838f677e58be051e3111ecf0b89a7ca5f6d8fa5d593ff9698847ba0e868a7bed881b88cf78c7e4899fd1d9fc326d3e92384cf09fffd128fc1f091d1a308ccd54daefe6222d4482a21b68aea7e77566a050408f5d13b2fad4f45a191ede05eb72fd4245b512775a143cb45b7fc828e1b3134f88a1fa703e90733e61bf958cbf5acd0bcda82df843662d7341a86d5b376383bb0f97af10afd831bf0526198fcd6113109c1a79f8f7fd23f4e1b292b8625d836d0cd09812bc7f0e60ca0aa6a8acb8d80c6332730d44c8749945c9c588135aa780423ca30266ad4fc340e6cf2c18d8871fbc7331365e3e44b37805349b22084c04945c957fd7348381d8e9e2404923515222fb4916363c55c48dc0b4af818df0029c6f0b0d1e927e8e29c8e3cc3771cf6224f5b65ac58fcfd100039dfb2b1e6ac695211b57d315aab01a33e472221953433f434e634ec91d76f34c5c6ec893346764647e67b25ddf5424ba9a82a684c39d51fd90e8464f5a44f47ab6d40617bd3f7cebe6e18256d81943cbfe7123ce36a56fe75377bb0d1b7757af3024070b6ec425b24c559584b1b8c64d26b2884be35ff9a2abd3ab4e03aa321643121dacaa44847d4aa5f9074203619c003a4f1e2eb090418483b327d849b2f177d8d4f4fdb8b4971e5b58e88d9f1a924c096006419e40fce9ad61219b74b0f7e1c1a19efa12063db7d8dd71d46c67bcf43f360849b60c9156ca9e36b9ce1327792ab276fc594604e0ed3ddf5bdb3866ecb8b7726bb5c4ac648dd336f6d13038ddf4a2e03454d2dcdea3f2a102b1e9e426f824d916dea64c243b850c8eebb4124919644b45921e2e9a9390a97505f90fca67e74b229ce6bd228386e36fcb45dd5516289c5cbdfbab3d8952cf9615537a0431c28f32450ef4b2cb6b2227b11576383c035b1a27456fb87c73db173892873bfd79e1fb54e752f7cff7b1ec605faec28d52d98c72bd0d55a5a7a0a81cc8101b2f851aeef0f996f4a5b936bc9e822ac5e1ee626db6528ab2c21427663908477d3632a100cb60e28f61c2855cce4887ee836de3c15036ef0d998592e1a09bca87af23b5af972d8035afd60065b61ff974569cb9755587a4a31349ad9683d8b9d025e28b825f8cb91125b6b278a1a5feee00125ef3adf268afcb3a22fa37b8ff65f6cc2a00f1c704133de136557bb61d7f480071ddab3a3cccfb6f098e66d59753923db59d678d6745d1cfe66e02c5aebf4cf5d74dbf0bf1ca40150572989429a98d88f8ff80b3b106031922a09718f07530502c55c8672a4b86e015d342e5fae85b55579f596a94d3064590510b85eef60491ad4860b865baa92dd606111bf93169111676dd6f4df69cf502e49c967fe42246425a6adbe07877fb914fff69819be8b02408dd9ea5026ed02f9fbde8386c8442a066257ead3725e6743e221c6f3a76cf5043baf3e1c3b8e7883d13b7dedda55bcdfa331578252fb71904c7521f34c374ca6a06960b28573b22f648744f91a51adf4337f6aa15690e43519233f2074e0654fd33aadc1510ecd697ab2e9ac10794c73d072f7edcf0aeb6a3bc37aa5db5504a28e93d91066a3128d7a18e4ec10609390ee46b6e5582b02bc2a769b26776be608d126b707f9d770cd7a3d1711e4c6ebc4cd25d9154f9a41cd38a7b3ee89a09670afc148c65d1936f0187542f134ca69be9bd88042864b0ba964a1a4f56dd4fb44a2e1ddbe8418c9ca24cef711059066ed37189acd7486b8c1738169bb0a6b17888695f8eabe39a23436576a2bd9f43ca4c4e4d56217649e76731452436e5653ef54d78757c2fd7d3d49ed1defc8d505bc300c849876b588fa50523d30e62c04abef4c9091ede6573b786f118012226e281bc9149ce3c7fa15bfe90f186c4471aaba319860cd7ef6a129a1a21767532c7a53323b7759ba3cd773275b649e4bc435f6b87652eb3f1146cc3b6ab00f96fc69faf8ee1a55018c8acaf5b5e74a3918c999a9d7d930c3529cc67a557b27ad5b20e7f7a1b3bb9c071438fa33668ea766eae13d670cf3630fa978aa8fa87e90be7124538e088d5da22d6d61ea7c2510144027725cdd6f74a1ebd5bf9da9b4bb49d735520e71cfe46ff35367598fe985205ef87238faff16b0b2330298ccc01d30740f093aa148cf96d65295f5efd13f6e324b6e3205d67079af3ec203c28c893ae9eadb3321ea906dde4ef9802480ea3c639334ebee57c6d3d2b3b8407f554a51ab59ad442811970b57321088d01b2472ebf206293b79e6b1e5f4437fd76c965ad3f295151acf24c2e8d2e09549845c676829815e6705c23e0e12e11535ba5b2b67774e3ac94e5ccf5dcbfe3ea6f75c4dacc36bab639e0720e1020ffec038e83d4c39045b3e6a14f87bc0059ada6b9ced2e5b95b8f2b2890581c722a643dfcb2b475dd92b3617eecd3b6cf3405b0d83434d100000000"], 0x1018, 0x20000000}, {0x0, 0x0, &(0x7f0000001640)=[{&(0x7f00000014c0)="dfaecb8b10286ee57a5087230cc5260e60505aac42afdfc69f85930a1ea206a893e46c559e", 0x25}, {&(0x7f0000001500)="7889540e3e969f6e1227d668de03557cf97ba8fcfbf5b95873", 0x19}, {&(0x7f0000001540)="e0a0acbb0b840d219de50d3c7619787cddddbc899c74ab46a829d360a85c4e7c7738c3df26075009857542d735aea6cd2e84142880261b3db31ae9c4c52c457d937d0c7684090086d34fa4686ee2dc075afbb89ece8083c520cc5e0d05e1e8a189774be29c51c9ebc9e604011fb61cef70aa417e028bfa58847cced8e50c955746965e7f88f3b882ce0da11285b14aa92e78dd16518bd60b6121d622cf22d98073060971d02acff5078a92287348", 0xae}, {&(0x7f0000001600)="1ffd43c166539359976c7b35ff209ed4e3", 0x11}], 0x4, &(0x7f0000001680)=[@assoc={0x18, 0x117, 0x4, 0xfc}, @op={0x18}, @op={0x18}, @op={0x18}, @iv={0x98, 0x117, 0x2, 0x7e, "5bdb04b2aebde8aeb94ea5c93e99f6fb33bd7b233c3504cf55cad3d114611bc4ade8b157c57a9203ce2bdef9dfe7d7c2ce16ef33fda3a59abbaa7bdf9f6c5f41ae546bfe5c538f18725c2cb59ecfa33681ad0e1e17be3d0d2089a2dd7947c1d92328a14a602dd3eb109b79bf70e09136768aa608afeabd788761aa106560"}], 0xf8, 0x4020}], 0x2, 0x8000) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:52:05 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x0, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 800.740823] SELinux: ebitmap: truncated map 04:52:05 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000015f3f000000000000000000"], 0x38) 04:52:05 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x8}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 800.767691] SELinux: failed to load policy [ 800.989595] SELinux: ebitmap start bit (4153089) is not a multiple of the map unit size (64) [ 801.000948] SELinux: failed to load policy [ 802.467207] net_ratelimit: 16 callbacks suppressed [ 802.467214] protocol 88fb is buggy, dev hsr_slave_0 [ 802.477350] protocol 88fb is buggy, dev hsr_slave_1 [ 802.482564] protocol 88fb is buggy, dev hsr_slave_0 [ 802.487681] protocol 88fb is buggy, dev hsr_slave_1 [ 802.867212] protocol 88fb is buggy, dev hsr_slave_0 [ 802.872340] protocol 88fb is buggy, dev hsr_slave_1 [ 803.347241] protocol 88fb is buggy, dev hsr_slave_0 [ 803.352377] protocol 88fb is buggy, dev hsr_slave_1 [ 803.507183] protocol 88fb is buggy, dev hsr_slave_0 [ 803.512313] protocol 88fb is buggy, dev hsr_slave_1 04:52:08 executing program 1: r0 = socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x2, 0x1d8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200005c0], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000700000000000000000000000000000000000000000000feffffff010000001100000000000000000076657468315f746f5f7465616d000000736974302000000000000400000000006272696467653000000000000000000076657468305f746f5f627269646365000180c2000000000000000000aaaaaaaaaa0000000000000000007000000070000000a80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0100000011000000a98ab7ed00007465716c30000000000000000000000073797a5f74757e000000000000000000697036677265300000000000090000007663616e30000000d53fa73b00000000fffffffffdff000000000000aaaaaace98aa008d857c510000007000000070000000a0000000415544495400000000000000000000000000ff000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000001900000000020002000000ffffffff00000000"]}, 0x250) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000000)=0x6, 0x4) 04:52:08 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x4) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) ioctl$sock_SIOCOUTQ(r5, 0x5411, &(0x7f0000000080)) ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f00000000c0)=0x1) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:52:08 executing program 4: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000180)={0x182, 0xd6, 0x5, 0x4, 0x3, [{0x6, 0xc8e, 0x4, 0x0, 0x0, 0x200}, {0xfffffffffffffffa, 0x2, 0x1, 0x0, 0x0, 0x8}, {0x7, 0x8, 0x2, 0x0, 0x0, 0xe00}]}) sendmsg(r1, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0x2, 0x0, @local={0xa}}, 0x8fe7, &(0x7f0000000640), 0x11d, &(0x7f0000000000)=ANY=[@ANYBLOB="120000000000000084000000060000007ab0eb27e968195490161453138ddc3a4a0cba9d4f0fa07476625102ebe61900bd9b3e872d1aaf8287f49f6fdc7e055f893ee6a884df9d76900950bdb176051d5c256ce29e1bbf895f3bb4a779c6d670dfd4c4f3c7515af9f98cc1730048961f1d4564a5d0c2d476bad210bcfefdb74fcede19a5081c2cd91c37708cde88122b59c19bf362d845cc82daa8be8d8f19924178d2f8b606b196ea2e6c45a592dcf81d0500027654c4f7b2"], 0x20}, 0xe0) 04:52:08 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000025f3f000000000000000000"], 0x38) 04:52:08 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x0, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:08 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:08 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r1, 0x0) r2 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x122, 0x0) write$UHID_INPUT2(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="0c0000009a00bb8e4c8e3a0a33ff38577eba6bbe6cb9daed4cd37e8b6f9c6d1936c5c69de338433bc65395279ae14f504e413719be3c3b5642d2f4e20fb9930a7819cd85b0116618108d4d908724efdb97b39e05feef9a9325cd393cb4238047549be00ad4024aaa8471d9713837d5c651125ffac46c175a6304e9e9d8b683c9b28e123c0fe87662ba447d8bea709a0a2cee8f3a8e1f21dc11cfebb782eb76675f"], 0xa0) gettid() fallocate(r1, 0x20, 0x2, 0x8000) r3 = dup2(r0, r0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) ioctl$EVIOCGBITSW(r3, 0x80404525, &(0x7f0000000280)) getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000080)={r6}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000000c0)={r6, 0x2}, &(0x7f0000000240)=0x8) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) 04:52:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000600)={&(0x7f0000000300)='./file0\x00', 0x0, 0x4}, 0x10) r2 = socket(0x10, 0x2, 0x0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x3378b031cd8c977c, 0x0) ioctl$BLKPBSZGET(r3, 0x127b, &(0x7f0000000080)) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r3, 0x114, 0xa, &(0x7f0000000100)={0x3, "2aad33"}, 0x4) r4 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x2, 0x2) r5 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r5, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r6 = perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = dup3(r6, r5, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x1000, 0x0, 0x1000, 0x2, 0xffffffffffffffff, 0x6, [], r8, r7, 0x1}, 0x3c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000001300)={'team0\x00', 0x0}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@local, @rand_addr, r11}, 0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@empty, 0x67, r8}) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000240)={r12, 0x1, 0x6, @random="02878e65eec3"}, 0x10) sendto(r2, &(0x7f0000000200)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000034c0)=[{{&(0x7f0000000640)=@isdn, 0x80, &(0x7f0000000d00)=[{&(0x7f00000006c0)=""/45, 0x2d}, {&(0x7f0000000700)=""/212, 0xd4}, {&(0x7f0000000800)=""/25, 0x19}, {&(0x7f0000000840)=""/202, 0xca}, {&(0x7f0000000940)=""/203, 0xcb}, {&(0x7f0000000a40)=""/203, 0xcb}, {&(0x7f0000000b40)=""/96, 0x60}, {&(0x7f0000000bc0)=""/225, 0xe1}, {&(0x7f0000000cc0)=""/33, 0x21}], 0x9, &(0x7f0000000dc0)=""/35, 0x23}, 0xffffffff}, {{&(0x7f0000000e00)=@sco, 0xfffffccf, &(0x7f00000010c0)=[{&(0x7f0000000e80)=""/112, 0x70}, {&(0x7f0000000f00)=""/103, 0x67}, {&(0x7f0000000f80)=""/61, 0x3d}, {&(0x7f0000000fc0)=""/205, 0xcd}], 0x4, &(0x7f0000001100)=""/212, 0xd4}, 0xff}, {{0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000001200)=""/145, 0x91}, {&(0x7f00000022c0)=""/93, 0x5d}, {&(0x7f0000001340)=""/131, 0x83}, {&(0x7f0000001400)=""/150, 0x96}, {&(0x7f00000014c0)=""/181, 0xb5}, {&(0x7f0000001580)=""/196, 0xc4}, {&(0x7f0000001680)=""/91, 0x5b}, {&(0x7f0000001700)=""/204, 0xcc}, {&(0x7f0000001800)=""/168, 0xa8}, {&(0x7f00000018c0)=""/230, 0xe6}], 0xa, &(0x7f0000001a80)=""/240, 0xf0}, 0x3}, {{&(0x7f0000001b80)=@rc, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c00)=""/57, 0x39}, {&(0x7f0000001c40)=""/161, 0xa1}, {&(0x7f0000001d00)=""/196, 0xc4}], 0x3, &(0x7f0000001e40)=""/179, 0xb3}, 0x2f5}, {{&(0x7f0000001f00)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, 0x80, &(0x7f0000002040)=[{&(0x7f0000001f80)=""/70, 0x46}, {&(0x7f0000002000)}], 0x2, &(0x7f0000002080)=""/97, 0x61}, 0x9}, {{0x0, 0x0, &(0x7f0000002180)=[{&(0x7f0000002100)=""/91, 0x5b}, {&(0x7f0000003800)=""/4096, 0x1000}], 0x2, &(0x7f00000021c0)=""/233, 0xe9}}], 0x6, 0x6, &(0x7f0000003700)) 04:52:08 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000035f3f000000000000000000"], 0x38) [ 803.959452] SELinux: ebitmap start bit (4153090) is not a multiple of the map unit size (64) [ 803.987853] SELinux: failed to load policy 04:52:08 executing program 1: vmsplice(0xffffffffffffffff, &(0x7f0000002700)=[{&(0x7f00000001c0)="1f", 0x1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00') r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendfile(r3, r4, 0x0, 0x10001) [ 804.145998] SELinux: ebitmap start bit (4153091) is not a multiple of the map unit size (64) 04:52:08 executing program 4: r0 = openat$usbmon(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon0\x00', 0x41a11a1a3e5d88bc, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x24020, 0x0) tee(r0, r1, 0x0, 0x2) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000300)='/dev/cuse\x00', 0x2842, 0x0) io_setup(0x82, &(0x7f00000003c0)=0x0) io_submit(r3, 0x1d95, &(0x7f00000004c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 04:52:08 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000045f3f000000000000000000"], 0x38) [ 804.210766] SELinux: failed to load policy 04:52:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(r5, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x68, r6, 0x10, 0x70bd26, 0x25dfdbfe, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x6, @media='eth\x00'}}}, ["", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4040000}, 0x38b5751c350901ba) ioctl$SIOCAX25DELFWD(r3, 0x89eb, &(0x7f00000000c0)={@default, @default}) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000040)={0x7b, 0x5, [0x9e], [0xc1]}) 04:52:08 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)={0x0, 0x800000, 0x1, 0x0, 0x8000000c5}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x100, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f00000000c0)={'icmp\x00'}, &(0x7f0000000100)=0x1e) r2 = dup2(r0, r0) memfd_create(&(0x7f0000000040)='/dev/dri/card#\x00', 0x2) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:52:08 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, 0x0, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 804.346472] [ 804.348162] ===================================================== [ 804.354404] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 804.361249] 4.19.75 #0 Not tainted [ 804.363334] SELinux: ebitmap start bit (4153092) is not a multiple of the map unit size (64) [ 804.364783] ----------------------------------------------------- [ 804.364799] syz-executor.4/21378 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 804.364806] 000000000e5ce9ee ( [ 804.376287] SELinux: failed to load policy [ 804.379633] &fiq->waitq){+.+.}, at: io_submit_one+0xef2/0x2eb0 [ 804.379659] [ 804.379659] and this task is already holding: [ 804.379663] 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0 [ 804.379689] which would create a new lock dependency: [ 804.414429] audit: type=1326 audit(1569214328.722:5138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21377 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 [ 804.415050] (&(&ctx->ctx_lock)->rlock){..-.} -> (&fiq->waitq){+.+.} [ 804.450843] [ 804.450843] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 804.458903] (&(&ctx->ctx_lock)->rlock){..-.} [ 804.458920] [ 804.458920] ... which became SOFTIRQ-irq-safe at: [ 804.469758] lock_acquire+0x16f/0x3f0 [ 804.474618] _raw_spin_lock_irq+0x60/0x80 [ 804.478864] free_ioctx_users+0x2d/0x490 [ 804.483011] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 804.488537] rcu_process_callbacks+0xba0/0x1a30 [ 804.493291] __do_softirq+0x25c/0x921 [ 804.497190] irq_exit+0x180/0x1d0 [ 804.500722] smp_apic_timer_interrupt+0x13b/0x550 [ 804.505645] apic_timer_interrupt+0xf/0x20 [ 804.509957] __sanitizer_cov_trace_const_cmp4+0xd/0x20 [ 804.515303] check_preemption_disabled+0x3a/0x290 [ 804.520215] debug_smp_processor_id+0x1c/0x20 [ 804.524778] delay_tsc+0x42/0xc0 [ 804.528216] __const_udelay+0x59/0x80 [ 804.532085] try_check_zero+0x201/0x330 [ 804.536134] process_srcu+0x329/0xec0 [ 804.540006] process_one_work+0x989/0x1750 [ 804.544308] worker_thread+0x98/0xe40 [ 804.548178] kthread+0x354/0x420 [ 804.551613] ret_from_fork+0x24/0x30 [ 804.555393] [ 804.555393] to a SOFTIRQ-irq-unsafe lock: [ 804.560997] (&fiq->waitq){+.+.} [ 804.561008] [ 804.561008] ... which became SOFTIRQ-irq-unsafe at: [ 804.570872] ... [ 804.570884] lock_acquire+0x16f/0x3f0 [ 804.576619] _raw_spin_lock+0x2f/0x40 [ 804.580491] flush_bg_queue+0x1f3/0x3d0 [ 804.584889] fuse_request_send_background_locked+0x26d/0x4e0 [ 804.590764] fuse_request_send_background+0x12b/0x180 [ 804.596024] fuse_fill_super+0x13b7/0x1720 [ 804.600331] mount_nodev+0x66/0x110 [ 804.604031] fuse_mount+0x2d/0x40 [ 804.607557] mount_fs+0xa8/0x31f [ 804.611005] vfs_kern_mount.part.0+0x6f/0x410 [ 804.615572] do_mount+0x53e/0x2bc0 [ 804.619207] ksys_mount+0xdb/0x150 [ 804.622815] __x64_sys_mount+0xbe/0x150 [ 804.627223] do_syscall_64+0xfd/0x620 [ 804.631357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.636958] [ 804.636958] other info that might help us debug this: [ 804.636958] [ 804.646040] Possible interrupt unsafe locking scenario: [ 804.646040] [ 804.652949] CPU0 CPU1 [ 804.657596] ---- ---- [ 804.662332] lock(&fiq->waitq); [ 804.665687] local_irq_disable(); [ 804.671724] lock(&(&ctx->ctx_lock)->rlock); [ 804.678732] lock(&fiq->waitq); [ 804.684624] [ 804.687561] lock(&(&ctx->ctx_lock)->rlock); [ 804.693091] [ 804.693091] *** DEADLOCK *** [ 804.693091] [ 804.699487] 1 lock held by syz-executor.4/21378: [ 804.704359] #0: 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0 [ 804.713489] [ 804.713489] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 804.722586] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 938 { [ 804.728307] IN-SOFTIRQ-W at: [ 804.732693] lock_acquire+0x16f/0x3f0 [ 804.738143] _raw_spin_lock_irq+0x60/0x80 [ 804.743947] free_ioctx_users+0x2d/0x490 [ 804.749658] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 804.756751] rcu_process_callbacks+0xba0/0x1a30 [ 804.763167] __do_softirq+0x25c/0x921 [ 804.768615] irq_exit+0x180/0x1d0 [ 804.773798] smp_apic_timer_interrupt+0x13b/0x550 [ 804.780285] apic_timer_interrupt+0xf/0x20 [ 804.786174] __sanitizer_cov_trace_const_cmp4+0xd/0x20 [ 804.793087] check_preemption_disabled+0x3a/0x290 [ 804.799670] debug_smp_processor_id+0x1c/0x20 [ 804.805801] delay_tsc+0x42/0xc0 [ 804.811065] __const_udelay+0x59/0x80 [ 804.816533] try_check_zero+0x201/0x330 [ 804.822259] process_srcu+0x329/0xec0 [ 804.827717] process_one_work+0x989/0x1750 [ 804.833591] worker_thread+0x98/0xe40 [ 804.842779] kthread+0x354/0x420 [ 804.848497] ret_from_fork+0x24/0x30 [ 804.853840] INITIAL USE at: [ 804.857032] lock_acquire+0x16f/0x3f0 [ 804.862381] _raw_spin_lock_irq+0x60/0x80 [ 804.868080] free_ioctx_users+0x2d/0x490 [ 804.873712] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 804.880940] rcu_process_callbacks+0xba0/0x1a30 [ 804.887168] __do_softirq+0x25c/0x921 [ 804.892523] irq_exit+0x180/0x1d0 [ 804.897534] smp_apic_timer_interrupt+0x13b/0x550 [ 804.903929] apic_timer_interrupt+0xf/0x20 [ 804.909718] __sanitizer_cov_trace_const_cmp4+0xd/0x20 [ 804.916546] check_preemption_disabled+0x3a/0x290 [ 804.922939] debug_smp_processor_id+0x1c/0x20 [ 804.929072] delay_tsc+0x42/0xc0 [ 804.933988] __const_udelay+0x59/0x80 [ 804.939339] try_check_zero+0x201/0x330 [ 804.944881] process_srcu+0x329/0xec0 [ 804.950230] process_one_work+0x989/0x1750 [ 804.956011] worker_thread+0x98/0xe40 [ 804.961382] kthread+0x354/0x420 [ 804.966383] ret_from_fork+0x24/0x30 [ 804.971725] } [ 804.973517] ... key at: [] __key.50217+0x0/0x40 [ 804.980248] ... acquired at: [ 804.983351] lock_acquire+0x16f/0x3f0 [ 804.987312] _raw_spin_lock+0x2f/0x40 [ 804.991534] io_submit_one+0xef2/0x2eb0 [ 804.995667] __x64_sys_io_submit+0x1aa/0x520 [ 805.000235] do_syscall_64+0xfd/0x620 [ 805.004195] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.009536] [ 805.011146] [ 805.011146] the dependencies between the lock to be acquired [ 805.011150] and SOFTIRQ-irq-unsafe lock: [ 805.023056] -> (&fiq->waitq){+.+.} ops: 412 { [ 805.027982] HARDIRQ-ON-W at: [ 805.031251] lock_acquire+0x16f/0x3f0 [ 805.036690] _raw_spin_lock+0x2f/0x40 [ 805.042125] flush_bg_queue+0x1f3/0x3d0 [ 805.047753] fuse_request_send_background_locked+0x26d/0x4e0 [ 805.055198] fuse_request_send_background+0x12b/0x180 [ 805.062719] fuse_fill_super+0x13b7/0x1720 [ 805.068700] mount_nodev+0x66/0x110 [ 805.073964] fuse_mount+0x2d/0x40 [ 805.079053] mount_fs+0xa8/0x31f [ 805.084068] vfs_kern_mount.part.0+0x6f/0x410 [ 805.090286] do_mount+0x53e/0x2bc0 [ 805.095549] ksys_mount+0xdb/0x150 [ 805.100730] __x64_sys_mount+0xbe/0x150 [ 805.106357] do_syscall_64+0xfd/0x620 [ 805.111811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.118632] SOFTIRQ-ON-W at: [ 805.121908] lock_acquire+0x16f/0x3f0 [ 805.127517] _raw_spin_lock+0x2f/0x40 [ 805.133061] flush_bg_queue+0x1f3/0x3d0 [ 805.138845] fuse_request_send_background_locked+0x26d/0x4e0 [ 805.146368] fuse_request_send_background+0x12b/0x180 [ 805.153210] fuse_fill_super+0x13b7/0x1720 [ 805.159088] mount_nodev+0x66/0x110 [ 805.164368] fuse_mount+0x2d/0x40 [ 805.169484] mount_fs+0xa8/0x31f [ 805.174520] vfs_kern_mount.part.0+0x6f/0x410 [ 805.180739] do_mount+0x53e/0x2bc0 [ 805.185920] ksys_mount+0xdb/0x150 [ 805.191102] __x64_sys_mount+0xbe/0x150 [ 805.196719] do_syscall_64+0xfd/0x620 [ 805.202418] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.209262] INITIAL USE at: [ 805.212474] lock_acquire+0x16f/0x3f0 [ 805.217848] _raw_spin_lock+0x2f/0x40 [ 805.223199] flush_bg_queue+0x1f3/0x3d0 [ 805.228730] fuse_request_send_background_locked+0x26d/0x4e0 [ 805.236163] fuse_request_send_background+0x12b/0x180 [ 805.243012] fuse_fill_super+0x13b7/0x1720 [ 805.248884] mount_nodev+0x66/0x110 [ 805.254059] fuse_mount+0x2d/0x40 [ 805.259468] mount_fs+0xa8/0x31f [ 805.264388] vfs_kern_mount.part.0+0x6f/0x410 [ 805.270521] do_mount+0x53e/0x2bc0 [ 805.275610] ksys_mount+0xdb/0x150 [ 805.280699] __x64_sys_mount+0xbe/0x150 [ 805.286223] do_syscall_64+0xfd/0x620 [ 805.291604] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.298371] } [ 805.300340] ... key at: [] __key.42217+0x0/0x40 [ 805.307186] ... acquired at: [ 805.310298] lock_acquire+0x16f/0x3f0 [ 805.314604] _raw_spin_lock+0x2f/0x40 [ 805.319448] io_submit_one+0xef2/0x2eb0 [ 805.323586] __x64_sys_io_submit+0x1aa/0x520 [ 805.328155] do_syscall_64+0xfd/0x620 [ 805.332115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.337466] [ 805.339078] [ 805.339078] stack backtrace: [ 805.343587] CPU: 0 PID: 21378 Comm: syz-executor.4 Not tainted 4.19.75 #0 [ 805.350518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.359941] Call Trace: [ 805.362559] dump_stack+0x172/0x1f0 [ 805.366179] check_usage.cold+0x611/0x946 [ 805.370329] ? check_usage_forwards+0x340/0x340 [ 805.374986] ? unwind_get_return_address+0x61/0xa0 [ 805.379908] ? check_noncircular+0x20/0x20 [ 805.384131] __lock_acquire+0x1e8c/0x49c0 [ 805.388265] ? __lock_acquire+0x1e8c/0x49c0 [ 805.392574] ? mark_held_locks+0x100/0x100 [ 805.396818] ? mark_held_locks+0x100/0x100 [ 805.401061] ? add_wait_queue+0x112/0x170 [ 805.405202] ? find_held_lock+0x35/0x130 [ 805.409253] lock_acquire+0x16f/0x3f0 [ 805.413043] ? io_submit_one+0xef2/0x2eb0 [ 805.417194] _raw_spin_lock+0x2f/0x40 [ 805.420981] ? io_submit_one+0xef2/0x2eb0 [ 805.425115] io_submit_one+0xef2/0x2eb0 [ 805.429081] ? aio_poll_complete_work+0xfa0/0xfa0 [ 805.433908] ? __might_fault+0x12b/0x1e0 [ 805.437963] ? aio_setup_rw+0x180/0x180 [ 805.442656] __x64_sys_io_submit+0x1aa/0x520 [ 805.447065] ? __x64_sys_io_submit+0x1aa/0x520 [ 805.451640] ? __ia32_sys_io_destroy+0x420/0x420 [ 805.456388] ? do_syscall_64+0x26/0x620 [ 805.460370] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.465805] ? do_syscall_64+0x26/0x620 [ 805.469941] ? lockdep_hardirqs_on+0x415/0x5d0 [ 805.474695] do_syscall_64+0xfd/0x620 [ 805.478584] ? do_syscall_64+0xfd/0x620 [ 805.482548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.487811] RIP: 0033:0x459a09 [ 805.490993] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 805.510147] RSP: 002b:00007faf31b5ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 805.517855] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a09 [ 805.525287] RDX: 00000000200004c0 RSI: 0000000000001d95 RDI: 00007faf31b3c000 [ 805.532641] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 805.539907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faf31b5f6d4 04:52:08 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000055f3f000000000000000000"], 0x38) 04:52:08 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x6, 0x4000) r1 = dup2(r0, r0) ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f0000000180)) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000001340)={0x1, 0x2, 0x1000, 0x1000, &(0x7f0000000340)="e1daeb25f1914ef532a1c3613b4edc6632f299626bcecef7ec30131cbee07953c3ed45fc9747c6083b66ec5467ace9be56debc701f248aa77f9680dd0889ecafc109d387ed4ad6e234db05fa59848fd9b8d6a89891db6eb117349a2565859e5e6f2a56a419f4007a988a35b329c8bd0d17be3afddb71182c5cff08c3152660d917dceece70b48c0802a915dfdc682476b28940bf55acc98b1f14b45a5bfd4fb9913839d7b84f1c22e5267455febb6c0b8d06df12e413cd06ea8e2a1a80818de8a470647d86671aeb365b21fcbb92397542f7bfc10bdd064c1b5874db6d8f653cd23f641d20f521df030d0c161790037b00cb720157b76eb56984a285b32fcf49c2a1cc2182609ec8126d8874c86b735ce36b3851921d51be198e07fb8afc8d6005c1edb5d1686448bf307eba80e2b34d52f08735750f46d1bad0ce4cb60e3678a9b748717c285ce6e8066fc534346a0204852911d36e9fcbe9fc01b6a23b0eeb3fc3b79a439b0b3a351c58f8276da87d8796a71209917dafcbfe12da77a5f70d4fb87d8ae43412e3f83063dfd31d6a28937c812af5927f638de99a62671f900ce22f6e56c8ef6634498cce8f48a8d12cea69fc616299dfcc919e4c8800d46855c8d6aeefcd4d734290db0076e2cc166ab15ad9a9b67fd09f100c66c035ae36a6a8f65ebe1913df165146a056220fb208409e47b02dec8a644cef0fdc5157a03dec0deb203933ed0fd6658a8d5a4746801fd913c9ecb3fa2a098309b4c9889222215b229e2216d2bd8ff99a9401e132a88551b741dfec7c0407ef154ccc8c83833c3ecfee581eb1f166cdab964a5850cb7a61d17e7692e33f603f067e71d7e94cdcf0ab1aa32163d16dac5e3d057ea140ded92522691292f86a493816d9a0c06b6bcd933f5acf9ab815b853798661634eeb0c289dae6fdc917a790e6c68c0cd2c3167046e74cc74b43e92e4f4e7f7f848e38ac8ff3136a17e69e4b23315e6064056400e165563137856c7527550bee17f1303d38a61e679d041999f159c42a52d479f29495d4388d34925eb43285a24e82fe8b5b46ae39ffe2a06a0fc5471c844417a76ffff4a0f708ac0440e98be622d44cb20cf330739d89e01800b0ee82febf184569a30079f30862a7fc44602fed519e01d2d7c2863ee1604d50723671e04e7e96fd73701cc801113052cdcd008834eaf3f27a5c7d41a7608525fc61aa2126d468354de145af6ace8b4cfeae434cdb815413d37f4e07c6074a8e83a93dfa701cc8ff78ace5a5128e804b9f88cee135bf303094fa1a15488e4040988bcda0d05347ea5c50a55c498e93e42a1d3c2d2b15a78d8dd14975db14049872ff5e2380c9a250c9b3c71d69ac1ddd9a0bd648ed7fe5317a7d213df7769a1ca1a48cc3137918db8be73c97201a5797233076b39aac8c91edcdda715bce3875262b86607189d3e7ea4d117e98bf895e8a4259db2ad3ddbd998df16a00ed64845e200132b04f2bbed1da749cab39e7762d72553e145cb2d0d1a00a6af3cecebb5737ca9a6cb789f37415b3eb434b75bf716d5705ea32f999cc4c165186f21ef57837d0ef49039d0795b92d6ab800196ada60d9ac2ec810f6f08d83f6479b69c7d587c075529dab364540ab27076fa09aac96c3b65f8b90e6ee407d261403d35d0467c0f2b512be15c2700920721347b4f62d888546ed6b2f437a94ab6049f68af198a209fc25d751cfa40e6050a0f7e4f06d135c11232bc8e1e2d35dc20d3d8b67a6128d05c6b3eaee7418b2997cbe3282b7e96b83d602e3c279a0544eb0f12e13201339ca1ae373eea5092e5a8a1d76f4a5b014991e19d70b4454f81cd3d2caacfab66f4f3bb53313dac576d67614c9903c37f262ed77d1cd496778b6452b414a57d529a806f148b50a3d4f0d52830140f9865d88f812d0a1ae15a69bad4b3af68de19b1d8192e99e6d332efd8b42f8715e6ab52c0b0090380956a75ac000ca595d6f88c46421b3f77a708c58ef97ae380565120364607308cb7f8c9744b022c11e871234e6791456fb088e375466911a04eff5ddb91528623fb1b09107493416904ebf59af12b9009929ff79eb86e52944e58d8b4049aad11dbbd467ab2f8b8e2e579378da12a475c787f5dc5248dd142687484c360758d4f8895130e9cd46be5058b9cecbc06f3467d5f9e2d2951b3b5f5d3e5f71a86145382ae4426f22807642d930ee4b6ed38ad261cea43aa16cd68343a3ef346d2fb04518ccfd7092b66e1d0f4b7b7bc8f3b909d097831ddc5e71c11b7fd634a8ef169f7b890d35d7b92cd769f7e76ceffd1db31cae66250bd58d40691c6eeb4f3c778fd7440c521f911882811af447c9e26abca601e132363e4cae9b83e57745036401d5745b27aafed6029fd1d98d67e498ccb6c2d80cf42190181461452e8045507d5c8f704659ded8eaf439096ab0bae19faa69b0aa721394f04c6d776aa61336948f619ad3b36c7cf9ba481b26868efb7c34b3341835dc2241e4b72f09c0f0e4f2edac09bfaf5d34d5193c6b0a4bc9c8ee190b74789eb36446d5af9739fb03e9d9133633d95d96b3ed69495436c3680553987b854a4412ed99aeea540a1450c66e2023dbe1b60902e910496a931f4b93c8f7a239aba3156e478883218e5f8b7d695e1f48743bff7e94fad58ab9a897941fcdd6132abccc5eecec0315f143fb4172bb398238ffb8d033afb848242e53073d06bdca112bafdd5084f4087c19972bd2256c471c73809621d8338ad6c00a1d9140e2c6ee28ebe85c5028d9ec6e0982ae7352701347fabf71b321f2e8182eb293ac4a1ab33ecb2d339010341a0af8c43846f539c174cb71047900d1a92ead8db720e8513281fb61d20bbdac8ba99f5a7b08dc07f43af6eaa964299da81e27fbed7114f06050c96214caf6e58032be098aaeba12cdacb553b2f62f4eb9e30b9d03c88d21bace86db996ae499add19475b1280026b4c5c241452d17c466ae9a184e540c7614beca3f9a315c7f71ebf4342d2a289c06e26165c6f1475ee1fd93f3435330f1ed9f675edbc35a57232afdcfbf04103535bb330f281dca4e84c4cecda3416f6423a5c63c13d78eeca543de981ff9f42e5cc789ccdcabf06fd16fd2910c69b87a136af541a191ae6833b5d6a9992a5e189e9755b352543785b9d97bccaf4cd9778bf8c53b289e121d42148fae99e7b8ac3a54575dbe4e9467fdfc65a56a3a28276fffb17a0c885e7826ac82bf632b8c0ffc2157fdf1b3e54b1460426c113dd0d90c25cb1eff1ab9582ded7e95487cf16b4a4f29a4564dd461a63b144da3f45f5484d141a590207d99f4cd29902c655360e5273b7085d1861b203cdd10ba746c185c80f81425fc5c218567938cf5fa5dcc2561e39f48d6ac66bb3bb4d25d389ea12aba56a84b66987149f5d76d1689871a5f744354b82527812a8b3051683a995a8958a8dcae1271d462d59b2cedd71d412a3cb8bf4c6d42220bf0e7a79fc2339fd17235d1456fdd8ecf5ced3bff2bb23ca612e98a4c871c5810cb59f6676f4d88d55af632af556a38d9a51aee87d8cf127734d8f8ead0d6364b951bccb547a1d9c7da21a7d2a2470081852847dac67144aaf095d3424013253830ba240045e26a38e819b45e2a8dc1a91de2e0df63bdf410f6d54cc2210d91604ca012419297b4aa157c5d446681ee6c9f0f4c94992e20d95052561e910216b8924ad0c114b685e2d0891d8c438e01c4bf974829868c5053437b91885f99f44fad63710e1aface1ceed4086a4fcc2c9979354f71174b6c5de01e19ae7ab542544592eb3593ab41e8d65fdcbfacbec562bef0e17968615e204b99ee09c5d6e882fcedd980fa5d320ff46c42f0a8dcb41df03514c1c85e4a8232e80cd29cbebf7c6350208f301d9fdc1d61b55d96de4f831e8b18fa77a47334186a1e5079a3ef0d9872ce3fe74cf2b83d60ecd079cd8b8a2a3d3bc6b9760e9151a70e53d3121870542624a1934094afa0323774e0b846eb0eda435e5e6e70f19e9b6c0885a0379b24ea823db8eb39fce631fddae43e5fb5effb39f9fa3ec20901632aabd8ce7fead2346976ccc09e209aca5ede7d0928b34b41be0c4d24b2b74ade8ac1619e9272071ba8860a5f88762e626aac31a7c7d1ce42bbfe0f76451d46932a463ea16267adb6e943d07bd04d9f95ae3a1c04aa1f8de5cf40990480691456e5be35c7df023fdfab65e580bdef186fcfea55e76c501689d3d3eeb672a3e393b5199d0f97ffd2d2825d606988f4e8db23637b0df8b553d066ba164a7d141f6229da7527f8dab36ff35383d22dcbdce51830d24e06b498c560954d38772f60fcbd5a129bc97c71c1dcfe0a494770d732fc6e2151d1755d90155063cfe6a7893a8ece8148d912350541b29be743dbf7d13ac172be79ecb613626b0ccb526ec5ef2cdeb12a89f4d1bcb071abc406ac3ab945dcf2e95005031a1f3ff8017b9eb67e0caef19241597d6f41f3eea75d9ac10f2ca54f2347b054f7fb1c33fe708f5b6b249bb9d3081471d0844e85b4206a89a3d790d82d0e0166ea5b82720145309fe5a43f4c32bd4c6a5ea6d4072ee760f231d3393c479c9e9987f931e235d4015aa9e81f844a2709b39787feceacd35177ebfdf4d5c999112512539998ccb76912f2799e28cd624e483f060a5558334363fc21c6894a8ab7dba4e95bb4d1f27955caeede17cad0f3a272565ae27f386b9bb3ed5636c6b9b9a19683954c44db7a68e415891ce0de44d58e1f457df3ac04194e88259cd0dbe7ad4dffc9571f2b5c460621b46561bc125f744359b7ff738fdfb2bf969c3cb4a4320d7369e7ba656843390d18ef1b59a42b37cba2709cb12bd0fde2fd57388d5033c0cda0626fa8fc263d17a25586ce7c9ae725b3f76deb66c1594608ca0988f80fabda7e8d57cd21ddb44fb06f5807e035d06118531021dffafec4214864f5f89e185ae3f8b9d6323f7cf334d7deb993ba320e03917abbf263c55619b74c2be55c7f85977513ca19e492323ca6482136d81e663405790a56feb13c95a2d2dce034178faf1ee5c147aa49aa579e684cca97770aceec62b10ad915b544c5741ae77d8646351165132bff50dd7a65dec68c9c33e3f3fec549c4458c478087159622154c38359feb17bb6633190d4d95ab8f579091839b84daf8415e4704026c2644e7b01990922f2ee48c8d0cd23265a926660efb7db33f3b3c9b3f972e6ab080a73440982f7267343a665fbc7446204ac25575736987a64b90cd610e8a60df6384800d52227f49dcb145ee27f73353fe6aa4b02d863293f407db13813299bf5d1afa55006929ceaed85e079db5c389ce6367e01c499b5644a7315c2242681f8f1e9bb55e41f211fa076d98510ffccf509dc5d0ce1b5b957e53bdcc330a59b44998212390d8355aa9aa3ca2e078c8501f374eeaeb86cdf646b3897d72e6af2b06d65290b8fd04b0641bb4b135498efc8dde7f057514e1e4c69b17fd45b343feefebaeefdd8cb0b63e5cb6cf2a704df963ee612b569d8dc33e7bb78809a247d84d772430fc46659dfe30c3302c5eced36fc8c73e1b0c0fda8acaa869e343a8ec1f4accf99447b28ea99410a0c8b40f49056635538606231e6b5d78fe7549451207e810554eca78b30281a6ff2563ec2cf1c308d3570a21f2d9bc63f574c433e7f82068282a1530a7fc4730e82c604df3638852c5f780f5dafa7fc63104e4fe40ea022435807eb944427ae4490e87c9269c29f5b16945afed78bb50b3a12b1985c76049a05f4b7318c74c080d8c9252619", 0x88, 0x0, &(0x7f0000000040)="23be3f8573aa49900c438edbe58bd5fa9ded430a42876308cb25ab558ceb11850944a67c0b2d7d11adaec85aae1da5e049cfa28ac0ebb3d4a29fbfb6535b80a0513e305cb0d2d0df364cd431ae997f5e0ca65735f1ad8c561ef981a84a2e4fe3f0fd8b926a8c7568874e1d2e9caed4f0d732c6122f68a1b75d449126f68bb8eb0ed831cfc42ff206"}) [ 805.547372] R13: 00000000004c0dea R14: 00000000004d3f98 R15: 00000000ffffffff [ 805.555498] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 805.567752] audit: type=1326 audit(1569214329.952:5139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21377 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 [ 805.571865] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' 04:52:10 executing program 1: vmsplice(0xffffffffffffffff, &(0x7f0000002700)=[{&(0x7f00000001c0)="1f", 0x1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00') r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendfile(r3, r4, 0x0, 0x10001) 04:52:10 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000065f3f000000000000000000"], 0x38) [ 805.610295] SELinux: ebitmap start bit (4153093) is not a multiple of the map unit size (64) [ 805.640045] SELinux: failed to load policy 04:52:10 executing program 3: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f00000000c0)) [ 805.664686] audit: type=1326 audit(1569214330.042:5140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21406 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 [ 805.695142] kobject: 'kvm' (00000000497f3038): kobject_uevent_env [ 805.701885] kobject: 'kvm' (00000000497f3038): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 805.720377] kobject: 'kvm' (00000000497f3038): kobject_uevent_env [ 805.726768] kobject: 'kvm' (00000000497f3038): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 805.745380] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 805.753856] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' 04:52:10 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f00000000c0)) 04:52:10 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) connect$netrom(r12, &(0x7f0000000080)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x8}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default]}, 0x48) [ 805.781682] SELinux: ebitmap start bit (4153094) is not a multiple of the map unit size (64) [ 805.790508] kobject: 'loop1' (00000000bc527e09): kobject_uevent_env [ 805.793459] SELinux: failed to load policy [ 805.812922] kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' 04:52:10 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f00000000c0)) 04:52:10 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, 0x0, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 805.830264] kobject: 'kvm' (00000000497f3038): kobject_uevent_env [ 805.836703] kobject: 'kvm' (00000000497f3038): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 805.859692] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 805.874486] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 805.909200] kobject: 'kvm' (00000000497f3038): kobject_uevent_env [ 805.912308] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 805.932899] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 805.944351] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env 04:52:10 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) connect$netrom(r12, &(0x7f0000000080)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x8}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default]}, 0x48) 04:52:10 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000075f3f000000000000000000"], 0x38) 04:52:10 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f00000000c0)) [ 805.947944] kobject: 'kvm' (00000000497f3038): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 805.953659] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 805.992914] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 806.033903] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 806.073124] SELinux: ebitmap start bit (4153095) is not a multiple of the map unit size (64) 04:52:10 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, 0x0, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:10 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$BLKIOOPT(r3, 0x1279, &(0x7f00000000c0)) [ 806.091767] SELinux: failed to load policy [ 806.100274] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 806.107283] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 806.119094] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 806.126092] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 806.136081] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 806.142954] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 806.155702] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 806.163591] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 806.346834] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 806.354637] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' 04:52:10 executing program 1: vmsplice(0xffffffffffffffff, &(0x7f0000002700)=[{&(0x7f00000001c0)="1f", 0x1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00') r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendfile(r3, r4, 0x0, 0x10001) 04:52:10 executing program 3: r0 = getpid() tkill(r0, 0x1000000000015) capset(&(0x7f0000000000)={0x20071026, r0}, &(0x7f0000000140)={0xfffffffffffffffe, 0x8001, 0x0, 0x0, 0x2000, 0xfffffffffffffffc}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) r3 = geteuid() lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r6, 0x0) r7 = getpid() tkill(r7, 0x1000000000015) r8 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f00000008c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r9 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r9, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0xc, 0x80010, r9, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000900)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r12, 0x0) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000180)='./file0\x00', 0x400, 0x0, 0x0, 0x20000, &(0x7f0000000b80)=ANY=[@ANYRES64, @ANYRESHEX=r13, @ANYBLOB="2c747970653da0"]) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000940)={0x0}, &(0x7f0000000980)=0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r15, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r16, 0x0) lstat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r18 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) getsockopt$sock_cred(r19, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r20, 0x0) r21 = getegid() r22 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r22, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r22, 0x0) r23 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r23, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r23, 0x0) sendmsg$netlink(r2, &(0x7f0000000b40)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000840)=[{&(0x7f0000000180)={0xe8, 0x17, 0x8, 0x70bd2c, 0x25dfdbff, "", [@nested={0xd8, 0x68, [@typed={0x8, 0x40, @uid=r3}, @generic="f864311bab1022a092e4445bd5e2b3015e214c15f1f03edef5c3221dede5fdc19a4180b389f9e5f70644881b50f208e855ef55dbf318eb48112417c8b69a7dcd40ef84b0fb706714870a80432c55a495d32936ece8787e0d553e6a1b7acbe2d340531ebc3899974097dc8533737aa4eccdd96507a90c4a8eab4100dcf88d40574c6254f807816de1c6188b50846efbbb3ff192c3a8dfd2a926cd1292bbbba04c8c6102941d5cb145c04cf0554aeccdea543a3d3ccb2d80f89e3eaab06084a7ca1567599250a2a4c2f7"]}, @generic]}, 0xe8}, {&(0x7f0000000080)={0x44, 0x35, 0x20, 0x70bd28, 0x25dfdbfd, "", [@generic="c99a1bd9f472a272aaa3604e8bd0fba1522b4cb87f8b9db75cc2133c92cf3c3e178e5f34ef7a03489cef4bf4d586e5a8da92cd33"]}, 0x44}, {&(0x7f0000000300)={0xd8, 0x42, 0x10, 0x70bd27, 0x25dfdbfb, "", [@nested={0xc8, 0x6c, [@typed={0x8, 0x1f, @uid=r4}, @typed={0x8, 0x5c, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @generic="447c26fc353ae9338ff6dc08e6775a86b66cac42d529a6ece18471ffe0a4ecbc9c9e557ce91c19262d72f424660fe02d053afcf933673b4bd1612dc6ebaf936bd34b0b9f6fa307cd8a149b3ba1b62188fa0bcd1c8a5c948f4c5799914f492cbd3cd2973875569d00bcb72b5b408ea88eeb83e3a7d874d50c0173bf994cfb34e8be540aa791898ee0421c862032a90b032d6eedb7913abbe90267b0544e97daa0fd805e2f7eefa00eaf46c230eb59ebb4e7"]}]}, 0xd8}, {&(0x7f0000000400)={0xdc, 0x35, 0x1, 0x70bd25, 0x25dfdbfd, "", [@nested={0xa0, 0x1f, [@typed={0x8, 0x48, @uid=r6}, @typed={0x8, 0x7c, @pid=r7}, @typed={0x8, 0xe, @str='GPL\x00'}, @typed={0x8, 0x34, @u32=0x3}, @generic="858bdc349aa3f7d3653b4a3100e68af480091a99e638a0e52235e628260e2be72889fca2115db99ec091427bc15da5fac35d1a5693e536bb8ee5f5bd549be750d0a3c963b6a108bd521dbb13f86caf23c90a60bd4a816ac9b554b017d987c00daef3b71020f65974cdaba297895ae80e7a3a47244ab90635ddeb07"]}, @generic="1d68708c4d514f12a4274bcdce5f2bb9265e7f94e8638afc7eaad4f1b82c6fe2a1c697a2456ce6c8b3d8"]}, 0xdc}, {&(0x7f0000000500)={0x308, 0x33, 0x20, 0x70bd2a, 0x25dfdbfc, "", [@typed={0x14, 0x72, @str='/dev/dri/card#\x00'}, @typed={0x60, 0x87, @binary="e2ee351709a28a3f0ab26305a1eaed381803099d08dd71be37c6d0ffb6a61bc7c9769a248afd345e8761a678e10c6ad3aa17dfef28681beff61f24cf073b245da0e00d963e5e8eea8750f431d61e43c6095ec0abf9c2e5f21d3b"}, @typed={0x70, 0x3, @binary="72d96004e543337bfc2f5f5dd0e85400f32a6a0575bd89c83ed7ab3483ac4a77859bcc681196d6dc7a58327636c3bf22565fddd30f3d3858699fbaf3b49faa7b456d8bfe82cb00eecfec6cd2a804c0e519fcc20dbda4d4280bbf4b02cb0d9e8478ecd19e8367dcfcfb"}, @nested={0x10, 0x18, [@typed={0xc, 0x14, @u64=0x6}]}, @generic="89cfce578132515cbe8086dd7374c72321cb3562dbbe605718fad889726372019d753d210d16ee5522aa6a4a16bf7f9b67e891889312659bc06a3df6566baa63586894c2815496b5bc8b9b8ec7545f0fa3c0864b366a5b965a934e23cf648151d2e73dd25bde02b6a18e0057eeab5dc9c06515280730cb1b571ff0664b2d24c13e4dcda1e4c1ed69dba2fe729c35d4bc4f48db294153b4379d5ecf857f069fa019b55d2e7a22dc3469363ef88fb5664f4a36bcffaf3e5a9d44efa64adf5c80e56cf7d718fae236b41245a53ea287e2926702bc7cb4e22a2643ec11b5bdc6", @generic="ac917b287a5efa37bdc14d834c8ee805d2a5b14f4fa732aa77c2a58a62d5e31ef8eeac3fdd4f1c0fdf154b6a8f85dd979005ac4289ddd286dbe9f66ac1c51635c5f38130a91e8c103f58571e5bc7fdfe1c201113c5425e37c37001ec5b2c", @typed={0x8, 0x2a, @ipv4=@broadcast}, @generic="1ce9203ffd00a906a6bd38b8f4644a446d9cdbceae43b830de5c6471bdbd32e8af61daa63197aa7a98b4491419c043194062a00f636aaa524e410a3969233590ae9d11fd2377e469946b5b5b11f4d9d75df9fddc4c9e5cb2aed45833a360057abf7c9e2a6ea754dabace5a2f7373c8c4297fdfaa9725687a82080eff069607d499681b4d2384b27a0bcb5eacb9af7bb77e9fa76d25c6e3feebdb12b2137a44df3b20c33be44d27ea69265dfe0a45af425c19eb5e25bfe14cfee4c5866af1cc"]}, 0x308}], 0x5, &(0x7f0000000a80)=[@rights={{0x1c, 0x1, 0x1, [r8, r9, r2]}}, @cred={{0x1c, 0x1, 0x2, {r10, r12, r13}}}, @cred={{0x1c, 0x1, 0x2, {r14, r16, r17}}}, @cred={{0x1c, 0x1, 0x2, {r18, r20, r21}}}, @rights={{0x20, 0x1, 0x1, [r2, r2, r22, r23]}}], 0xa0, 0x20004089}, 0x4) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) 04:52:10 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000205f3f000000000000000000"], 0x38) 04:52:10 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) connect$netrom(r12, &(0x7f0000000080)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x8}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default]}, 0x48) 04:52:10 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f00000000c0)) 04:52:10 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340), 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 806.477455] kobject: 'loop1' (00000000bc527e09): kobject_uevent_env [ 806.483407] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 806.483930] kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' 04:52:10 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f00000000c0)) [ 806.527126] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 806.533170] audit: type=1326 audit(1569214330.912:5141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21469 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 [ 806.561025] CPU: 0 PID: 21464 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 806.568075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.577445] Call Trace: [ 806.580047] dump_stack+0x172/0x1f0 [ 806.583708] dump_header+0x15e/0xa55 [ 806.585664] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 806.587429] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 806.587444] ? ___ratelimit+0x60/0x595 [ 806.587456] ? do_raw_spin_unlock+0x57/0x270 [ 806.587471] oom_kill_process.cold+0x10/0x6ef [ 806.587486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.587498] ? task_will_free_mem+0x139/0x6e0 [ 806.587515] out_of_memory+0x936/0x12d0 [ 806.605527] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 806.607416] ? lock_downgrade+0x810/0x810 [ 806.607430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.607444] ? oom_killer_disable+0x280/0x280 [ 806.607464] mem_cgroup_out_of_memory+0x1d2/0x240 [ 806.607476] ? memcg_event_wake+0x230/0x230 [ 806.607492] ? do_raw_spin_unlock+0x57/0x270 [ 806.663921] ? _raw_spin_unlock+0x2d/0x50 [ 806.668196] try_charge+0xef7/0x1480 [ 806.671960] ? lock_downgrade+0x810/0x810 04:52:11 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340), 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 806.676383] ? get_mctgt_type+0x8f0/0x8f0 [ 806.680815] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 806.685842] ? percpu_ref_tryget_live+0x111/0x290 [ 806.690814] ? get_mem_cgroup_from_mm+0x16/0x320 [ 806.695682] ? get_mem_cgroup_from_mm+0x156/0x320 [ 806.700600] mem_cgroup_try_charge+0x259/0x6b0 [ 806.705195] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 806.710217] wp_page_copy+0x430/0x16a0 [ 806.712890] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 806.714613] ? pmd_pfn+0x1d0/0x1d0 [ 806.723988] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 806.724820] ? kasan_check_read+0x11/0x20 [ 806.738491] ? do_raw_spin_unlock+0x57/0x270 [ 806.743088] do_wp_page+0x57d/0x10b0 [ 806.746810] ? lock_acquire+0x16f/0x3f0 [ 806.751056] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 806.755821] ? kasan_check_write+0x14/0x20 [ 806.760163] ? do_raw_spin_lock+0xc8/0x240 [ 806.765827] __handle_mm_fault+0x2305/0x3f80 [ 806.770257] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 806.775136] ? count_memcg_event_mm+0x2b1/0x4d0 [ 806.780184] handle_mm_fault+0x1b5/0x690 [ 806.784272] __do_page_fault+0x62a/0xe90 [ 806.788624] ? vmalloc_fault+0x740/0x740 [ 806.792898] ? trace_hardirqs_off_caller+0x65/0x220 [ 806.798006] ? trace_hardirqs_on_caller+0x6a/0x220 [ 806.803053] ? page_fault+0x8/0x30 [ 806.806702] do_page_fault+0x71/0x57d [ 806.810515] ? page_fault+0x8/0x30 [ 806.814066] page_fault+0x1e/0x30 [ 806.817529] RIP: 0033:0x40eba8 [ 806.820938] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 [ 806.840390] RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 [ 806.845850] RAX: 00000000d696adb4 RBX: 00000000a4e9e534 RCX: 0000001b30a20000 [ 806.853212] RDX: 0000000000000000 RSI: 0000000000000db4 RDI: ffffffffd696adb4 [ 806.860658] RBP: 0000000000000002 R08: 00000000d696adb4 R09: 00000000d696adb8 [ 806.868107] R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 04:52:11 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) connect$netrom(r12, &(0x7f0000000080)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x8}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default]}, 0x48) 04:52:11 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f00000000c0)) [ 806.875540] R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000002 [ 806.886599] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 806.904937] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' 04:52:11 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340), 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 806.924067] Task in /syz0 killed as a result of limit of /syz0 [ 806.930589] memory: usage 307200kB, limit 307200kB, failcnt 4655 [ 806.931521] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 806.946737] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 806.956622] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 806.962035] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 806.963897] Memory cgroup stats for /syz0: cache:0KB rss:225400KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:225488KB inactive_file:0KB active_file:0KB unevictable:0KB [ 806.997123] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 807.005101] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' 04:52:11 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKIOOPT(r2, 0x1279, &(0x7f00000000c0)) [ 807.027394] Memory cgroup out of memory: Kill process 15799 (syz-executor.0) score 1113 or sacrifice child [ 807.048529] Killed process 15799 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 807.060144] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 807.066601] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 807.090049] oom_reaper: reaped process 15799 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 807.109450] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 807.127415] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 807.145967] SELinux: ebitmap start bit (4153120) is not a multiple of the map unit size (64) [ 807.159987] SELinux: failed to load policy [ 807.164563] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 807.171424] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 807.225568] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 807.232437] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' 04:52:11 executing program 1: vmsplice(0xffffffffffffffff, &(0x7f0000002700)=[{&(0x7f00000001c0)="1f", 0x1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00') r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendfile(r3, r4, 0x0, 0x10001) [ 807.326665] kobject: 'loop1' (00000000bc527e09): kobject_uevent_env [ 807.333239] kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 807.346031] audit: type=1326 audit(1569214331.722:5142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21499 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 [ 807.587173] net_ratelimit: 10 callbacks suppressed [ 807.587180] protocol 88fb is buggy, dev hsr_slave_0 [ 807.587208] protocol 88fb is buggy, dev hsr_slave_1 [ 807.592209] protocol 88fb is buggy, dev hsr_slave_1 [ 807.607665] protocol 88fb is buggy, dev hsr_slave_0 [ 807.612704] protocol 88fb is buggy, dev hsr_slave_1 [ 807.617809] protocol 88fb is buggy, dev hsr_slave_0 [ 807.622929] protocol 88fb is buggy, dev hsr_slave_1 [ 807.667173] protocol 88fb is buggy, dev hsr_slave_0 [ 807.672308] protocol 88fb is buggy, dev hsr_slave_1 [ 808.147146] kobject: 'loop1' (00000000bc527e09): kobject_uevent_env [ 808.153789] kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' 04:52:13 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = dup3(0xffffffffffffffff, r0, 0x80000) ioctl$KVM_SET_NR_MMU_PAGES(r2, 0xae44, 0xff) 04:52:13 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r12 = dup2(r11, r11) ioctl$TIOCGSOFTCAR(r12, 0x5419, 0x0) 04:52:13 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKIOOPT(r2, 0x1279, &(0x7f00000000c0)) 04:52:13 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855010000003f5f3f000000000000000000"], 0x38) 04:52:13 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(0xffffffffffffffff) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:13 executing program 1: vmsplice(0xffffffffffffffff, &(0x7f0000002700)=[{&(0x7f00000001c0)="1f", 0x1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00') syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) [ 809.498642] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 809.505948] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 809.509067] SELinux: ebitmap start bit (4153151) is not a multiple of the map unit size (64) 04:52:13 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r11, r11) [ 809.532360] audit: type=1326 audit(1569214333.912:5143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21509 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 [ 809.580119] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 809.587969] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' 04:52:14 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000485f3f000000000000000000"], 0x38) 04:52:14 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKIOOPT(r2, 0x1279, &(0x7f00000000c0)) 04:52:14 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(0xffffffffffffffff) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:14 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x200, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @empty}}], 0x1c) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) syz_open_pts(r3, 0x10100) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}], 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000180)={r5, 0xc5, "0a08aea3dea706138cc89d4b2b4a088015f0e1015035cfbb21b7461034e8ff9b6f13961408a9c76a20414f42185976602805fba7a940ee0b1879587eb93dac502d60d0f884524683391683a2222fc547ace6a626a853c54a3bec48adc3989a2ca07119f43d9ee20ecd39193268fb6dfce13aba1dcdf52e93f3d373b0f252ddb22f8f763409bc440aa39e0171d7abf0d68ea78d02827b6277c9d582a6f76cd7c2c937c5fe9a0cdc2306cfc9c86303888863ac9a90204836f70c608400306b4131f20ee4e7f8"}, &(0x7f0000000080)=0xcd) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000280)={r6, @in={{0x2, 0x4e23, @multicast1}}, 0x9, 0x3}, 0x90) r7 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r8 = dup2(r7, r7) ioctl$TIOCGSOFTCAR(r8, 0x5419, 0x0) [ 809.593783] SELinux: failed to load policy [ 809.640039] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 809.646647] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 809.667185] protocol 88fb is buggy, dev hsr_slave_0 [ 809.680804] kobject: 'loop2' (000000004011bb95): kobject_uevent_env 04:52:14 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) [ 809.681798] syz-executor.0 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=0 [ 809.705499] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 809.709669] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 809.724743] CPU: 1 PID: 7615 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 809.731626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.741502] Call Trace: [ 809.742182] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 809.744093] dump_stack+0x172/0x1f0 [ 809.744111] dump_header+0x15e/0xa55 [ 809.758388] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 809.761746] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 809.763604] ? ___ratelimit+0x60/0x595 [ 809.763624] ? do_raw_spin_unlock+0x57/0x270 [ 809.781116] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 809.781368] oom_kill_process.cold+0x10/0x6ef [ 809.789939] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 809.794169] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.794186] ? task_will_free_mem+0x139/0x6e0 [ 809.804422] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 809.809255] out_of_memory+0x936/0x12d0 [ 809.809269] ? lock_downgrade+0x810/0x810 [ 809.809281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.809295] ? oom_killer_disable+0x280/0x280 [ 809.814095] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 809.820238] mem_cgroup_out_of_memory+0x1d2/0x240 [ 809.820252] ? memcg_event_wake+0x230/0x230 [ 809.820270] ? do_raw_spin_unlock+0x57/0x270 [ 809.825019] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 809.828498] ? _raw_spin_unlock+0x2d/0x50 [ 809.828513] try_charge+0xef7/0x1480 [ 809.828528] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 809.828543] ? __might_sleep+0x95/0x190 04:52:14 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) dup2(r0, r0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$BLKIOOPT(r2, 0x1279, &(0x7f00000000c0)) 04:52:14 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(0xffffffffffffffff) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:14 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) [ 809.834707] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 809.838563] ? __alloc_pages_nodemask+0x377/0x750 [ 809.838582] memcg_kmem_charge_memcg+0x7c/0x130 [ 809.838595] ? memcg_kmem_put_cache+0xb0/0xb0 [ 809.909129] ? trace_hardirqs_on+0x67/0x220 [ 809.913461] cache_grow_begin+0x3fa/0x8c0 [ 809.917777] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 809.923412] ? __cpuset_node_allowed+0x136/0x540 [ 809.928177] fallback_alloc+0x1fd/0x2d0 [ 809.931101] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env 04:52:14 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="729dd1e6e2f6395dd446bd48786d8068", 0x10) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) [ 809.932257] ____cache_alloc_node+0x1be/0x1e0 [ 809.932271] kmem_cache_alloc+0x1f3/0x700 [ 809.932286] ? pmd_alloc+0x180/0x180 [ 809.941359] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 809.943389] vm_area_dup+0x21/0x170 [ 809.943400] copy_process.part.0+0x3407/0x7a30 [ 809.943423] ? __cleanup_sighand+0x70/0x70 [ 809.974010] ? __might_fault+0xfb/0x1e0 [ 809.977997] _do_fork+0x257/0xfd0 [ 809.981483] ? fork_idle+0x1d0/0x1d0 [ 809.985210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 04:52:14 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r10 = dup2(r9, r9) ioctl$TIOCGSOFTCAR(r10, 0x5419, 0x0) [ 809.990763] ? __x64_sys_clock_gettime+0x16d/0x240 [ 809.994771] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 809.995696] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 809.995715] __x64_sys_clone+0xbf/0x150 [ 810.006038] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 810.007479] do_syscall_64+0xfd/0x620 [ 810.007496] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.007510] RIP: 0033:0x457fda [ 810.033088] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 810.034909] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 810.051988] RSP: 002b:00007ffc40f2ede0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 810.052002] RAX: ffffffffffffffda RBX: 00007ffc40f2ede0 RCX: 0000000000457fda [ 810.052008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 810.052019] RBP: 00007ffc40f2ee20 R08: 0000000000000001 R09: 0000555556e18940 [ 810.088020] R10: 0000555556e18c10 R11: 0000000000000246 R12: 0000000000000001 [ 810.095298] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc40f2ee70 [ 810.097368] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 810.111514] Task in /syz0 killed as a result of limit of /syz0 [ 810.134797] memory: usage 307200kB, limit 307200kB, failcnt 4696 [ 810.147356] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 810.158411] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 810.165381] Memory cgroup stats for /syz0: cache:0KB rss:225372KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:225432KB inactive_file:4KB active_file:0KB unevictable:0KB [ 810.170558] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 810.195412] Memory cgroup out of memory: Kill process 15884 (syz-executor.0) score 1113 or sacrifice child [ 810.205441] Killed process 15884 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 810.209813] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 810.235155] SELinux: ebitmap start bit (4153160) is not a multiple of the map unit size (64) [ 810.244744] SELinux: failed to load policy 04:52:14 executing program 1: vmsplice(0xffffffffffffffff, &(0x7f0000002700)=[{&(0x7f00000001c0)="1f", 0x1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 04:52:14 executing program 4: capset(&(0x7f0000000040)={0x24020000000000}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) 04:52:14 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r9 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r9, r9) 04:52:14 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:14 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855010000004c5f3f000000000000000000"], 0x38) [ 810.306105] kobject: 'loop1' (00000000bc527e09): kobject_uevent_env [ 810.339869] SELinux: ebitmap start bit (4153164) is not a multiple of the map unit size (64) [ 810.344695] kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 810.371562] audit: type=1326 audit(1569214334.752:5144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21567 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 [ 810.378839] SELinux: failed to load policy [ 810.404877] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 810.412564] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 810.430790] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 810.446283] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' 04:52:14 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) socket$kcm(0x29, 0x4, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:52:14 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) 04:52:14 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) 04:52:14 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000605f3f000000000000000000"], 0x38) 04:52:14 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) [ 810.505755] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 810.512962] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' 04:52:14 executing program 4: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) [ 810.556592] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 810.558808] SELinux: ebitmap start bit (4153184) is not a multiple of the map unit size (64) [ 810.566881] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 810.596191] SELinux: failed to load policy 04:52:15 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000685f3f000000000000000000"], 0x38) [ 810.605814] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 810.621388] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 810.674724] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 810.695519] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 810.715684] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 810.726773] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 810.760842] SELinux: ebitmap start bit (4153192) is not a multiple of the map unit size (64) [ 810.772688] SELinux: failed to load policy [ 810.777376] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 810.783906] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 810.799595] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 810.806152] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' 04:52:15 executing program 1: vmsplice(0xffffffffffffffff, &(0x7f0000002700)=[{&(0x7f00000001c0)="1f", 0x1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x4) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 04:52:15 executing program 3: capset(&(0x7f0000000100)={0x24020019980330}, &(0x7f0000000140)={0x4, 0x0, 0x0, 0xffffffffffffff2c}) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x6) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000000180)=""/153) accept$ax25(r1, &(0x7f0000000040)={{0x3, @default}, [@null, @netrom, @remote, @bcast, @null, @rose, @null, @bcast]}, &(0x7f00000000c0)=0x48) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) ioctl$EVIOCGLED(r5, 0x80404519, &(0x7f0000000240)=""/147) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) 04:52:15 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r2}, 0x2c) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r4, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) r6 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r7 = dup2(r6, r6) ioctl$TIOCGSOFTCAR(r7, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r5, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r8}, 0xc) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) 04:52:15 executing program 4: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) 04:52:15 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:15 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855010000006c5f3f000000000000000000"], 0x38) 04:52:15 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) r4 = fcntl$dupfd(r2, 0x0, r3) r5 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r6 = dup2(r5, r5) ioctl$TIOCGSOFTCAR(r6, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000014c0)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r4, 0x0, 0x1b10dbf9acb6ecea, &(0x7f0000001500)={@dev={0xac, 0x14, 0x14, 0x1e}, @multicast1, r7}, 0xc) [ 811.177458] kobject: 'loop1' (00000000bc527e09): kobject_uevent_env [ 811.183955] kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 811.210847] SELinux: ebitmap start bit (4153196) is not a multiple of the map unit size (64) 04:52:15 executing program 4: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) [ 811.234878] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 811.247007] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' 04:52:15 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = openat(r1, &(0x7f00000000c0)='./file0\x00', 0x101000, 0x30) getsockopt$sock_int(r1, 0x1, 0x5, &(0x7f0000000040), &(0x7f0000000080)=0x4) r3 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TIOCGSOFTCAR(r4, 0x5419, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='mime_type^:vmnet0\',md5sum\x00', r2}, 0x10) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r4, 0x810c5701, &(0x7f0000000180)) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) [ 811.269287] audit: type=1326 audit(1569214335.652:5145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21612 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 [ 811.280417] SELinux: failed to load policy [ 811.322154] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env 04:52:15 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e9185501000000745f3f000000000000000000"], 0x38) [ 811.335388] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 811.352740] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 811.359990] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' 04:52:15 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) 04:52:15 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) fcntl$dupfd(r2, 0x0, r3) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000014c0)={'vcan0\x00'}) [ 811.432400] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 811.458285] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 811.477362] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 811.484741] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 811.485554] SELinux: ebitmap start bit (4153204) is not a multiple of the map unit size (64) [ 811.495095] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 811.510167] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 811.521160] SELinux: failed to load policy [ 811.523669] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 811.534985] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 811.556461] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 811.567070] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' 04:52:16 executing program 1: vmsplice(0xffffffffffffffff, &(0x7f0000002700)=[{&(0x7f00000001c0)="1f", 0x1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r2, 0x5419, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 04:52:16 executing program 3: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x28043, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000080)={{0x0, 0x3, 0x1, 0x0, 0x5}, 0x8001, 0x7, 0x10000}) capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r3, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8820}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f8008000", @ANYRES16=r4, @ANYBLOB="200028bd7000fedbdf25100000002c00070008000100ad000000080002009e0700000c00040000000000000000000c000400010000000000000060000700080001007f0000000c00040005000000000000000c00030006000000000000000c000300feffffffffffffff0c00040004000000000000000c00030005000000000000000c00030003000000000000000c000400ff000000000000000c0002000800020022cf00001c000700080001000500000008000200290000000800010002000000300002000400040008000200090000000800010008000000040004000400040008000100050000000800020000fc1f00"], 0xf8}, 0x1, 0x0, 0x0, 0x821}, 0x20000000) r5 = dup2(r1, r1) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) 04:52:16 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0x0, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:16 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) 04:52:16 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757816000000d96927940000fffffff800004000000000e91855010000007a5f3f000000000000000000"], 0x38) 04:52:16 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) fcntl$dupfd(r2, 0x0, r3) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$TIOCGSOFTCAR(r5, 0x5419, 0x0) [ 812.065283] kobject: 'loop1' (00000000bc527e09): kobject_uevent_env [ 812.080263] SELinux: ebitmap start bit (4153210) is not a multiple of the map unit size (64) [ 812.099158] kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' 04:52:16 executing program 3: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000080)={0x3b, @local, 0x4e20, 0x0, 'none\x00', 0x2f, 0x4, 0x19}, 0x2c) r1 = dup2(r0, r0) r2 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r3 = dup2(r2, r2) syz_extract_tcp_res(&(0x7f00000000c0), 0x0, 0x101) ioctl$TIOCGSOFTCAR(r3, 0x5419, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, 0x0) syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x6, 0x0) [ 812.128507] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 812.144479] audit: type=1326 audit(1569214336.522:5146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21655 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 04:52:16 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) 04:52:16 executing program 5: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040)}, 0x20) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x403618, 0x0, 0x20820000, r1}, 0x2c) r2 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r2, 0x0) r3 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xc, 0x11, r3, 0x0) fcntl$dupfd(r2, 0x0, r3) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) dup2(r4, r4) [ 812.186442] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 812.208645] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 812.211586] SELinux: failed to load policy [ 812.226560] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 812.250051] CPU: 1 PID: 21645 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 812.257021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.266380] Call Trace: [ 812.268977] dump_stack+0x172/0x1f0 [ 812.272612] dump_header+0x15e/0xa55 [ 812.276331] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 812.281448] ? ___ratelimit+0x60/0x595 [ 812.285350] ? do_raw_spin_unlock+0x57/0x270 [ 812.289728] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 812.289910] oom_kill_process.cold+0x10/0x6ef [ 812.300985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.306544] ? task_will_free_mem+0x139/0x6e0 [ 812.311085] out_of_memory+0x936/0x12d0 [ 812.315069] ? lock_downgrade+0x810/0x810 [ 812.315249] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 812.319221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.319235] ? oom_killer_disable+0x280/0x280 [ 812.319254] mem_cgroup_out_of_memory+0x1d2/0x240 [ 812.319265] ? memcg_event_wake+0x230/0x230 04:52:16 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = open(0x0, 0x0, 0x0) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)) timer_create(0x7, &(0x7f0000000340)={0x0, 0x22}, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r2, 0x6, 0x0, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) faccessat(0xffffffffffffffff, &(0x7f0000000600)='./bus\x00', 0x0, 0x400) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) rmdir(0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@fragment, 0x8) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) accept(r1, &(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0xfffffffffffffe63) pwrite64(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1801, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) clock_nanosleep(0x3, 0x0, &(0x7f0000000700)={0x77359400}, 0x0) ftruncate(r3, 0x7fff) sendfile(r2, r3, 0x0, 0x8040fffffffd) 04:52:16 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) [ 812.319281] ? do_raw_spin_unlock+0x57/0x270 [ 812.334032] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 812.334885] ? _raw_spin_unlock+0x2d/0x50 [ 812.334901] try_charge+0xef7/0x1480 [ 812.339731] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 812.344582] ? mark_held_locks+0x100/0x100 [ 812.344601] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 812.352627] kobject: 'loop2' (000000004011bb95): kobject_uevent_env [ 812.353311] ? get_mctgt_type+0x8f0/0x8f0 04:52:16 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0)) [ 812.359814] kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 812.363862] ? percpu_ref_tryget_live+0x111/0x290 [ 812.363878] memcg_kmem_charge_memcg+0x7c/0x130 [ 812.415524] ? memcg_kmem_put_cache+0xb0/0xb0 [ 812.420185] ? get_mem_cgroup_from_mm+0x156/0x320 [ 812.425034] memcg_kmem_charge+0x136/0x370 [ 812.429333] __alloc_pages_nodemask+0x3c3/0x750 [ 812.434014] ? kasan_unpoison_shadow+0x35/0x50 [ 812.438609] ? __alloc_pages_slowpath+0x2870/0x2870 [ 812.443639] ? trace_hardirqs_on+0x67/0x220 [ 812.447971] copy_process.part.0+0x3e0/0x7a30 [ 812.452478] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 812.457857] ? delayacct_end+0x5c/0x100 [ 812.461840] ? __delayacct_freepages_end+0xe0/0x140 [ 812.466866] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 812.472406] ? do_try_to_free_pages+0xe04/0x11c0 [ 812.477173] ? __cleanup_sighand+0x70/0x70 [ 812.481410] ? mark_held_locks+0x100/0x100 [ 812.485651] ? mem_cgroup_select_victim_node+0x99/0x310 [ 812.491027] _do_fork+0x257/0xfd0 [ 812.493988] kobject: 'loop4' (000000001bb786cd): kobject_uevent_env [ 812.494482] ? fork_idle+0x1d0/0x1d0 [ 812.494500] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 812.506582] kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 812.510465] ? prepare_exit_to_usermode+0x293/0x2f0 [ 812.510481] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 812.510494] __x64_sys_clone+0xbf/0x150 [ 812.510507] do_syscall_64+0xfd/0x620 [ 812.510522] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.543222] RIP: 0033:0x45c3d9 [ 812.546416] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 812.565322] RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 812.573033] RAX: ffffffffffffffda RBX: 00007f5e2cafa700 RCX: 000000000045c3d9 [ 812.580466] RDX: 00007f5e2cafa9d0 RSI: 00007f5e2caf9db0 RDI: 00000000003d0f00 [ 812.587846] RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa700 R09: 00007f5e2cafa700 [ 812.595105] R10: 00007f5e2cafa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 812.602363] R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 [ 812.611623] kobject: 'loop3' (000000009d36cf60): kobject_uevent_env [ 812.616697] Task in /syz0 killed as a result of limit of /syz0 [ 812.624369] memory: usage 307192kB, limit 307200kB, failcnt 4736 [ 812.630750] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 812.631897] kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 812.637719] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 812.653364] kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env [ 812.653621] Memory cgroup stats for /syz0: cache:0KB rss:223804KB rss_huge:184320KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:223940KB inactive_file:0KB active_file:0KB unevictable:0KB [ 812.669507] kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 812.682056] Memory cgroup out of memory: Kill process 15943 (syz-executor.0) score 1113 or sacrifice child [ 812.701360] Killed process 15943 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 812.714414] oom_reaper: reaped process 15943 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 812.725937] SELinux: ebitmap start bit (4153210) is not a multiple of the map unit size (64) [ 812.730819] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 812.735746] SELinux: failed to load policy [ 812.752543] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 812.758184] CPU: 1 PID: 21647 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 812.765115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.774573] Call Trace: [ 812.777182] dump_stack+0x172/0x1f0 [ 812.780805] dump_header+0x15e/0xa55 [ 812.784502] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 812.789603] ? ___ratelimit+0x60/0x595 [ 812.793487] ? do_raw_spin_unlock+0x57/0x270 [ 812.798016] oom_kill_process.cold+0x10/0x6ef [ 812.802547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.808089] ? task_will_free_mem+0x139/0x6e0 [ 812.812684] out_of_memory+0x936/0x12d0 [ 812.816772] ? oom_killer_disable+0x280/0x280 [ 812.821258] mem_cgroup_out_of_memory+0x1d2/0x240 [ 812.826095] ? memcg_event_wake+0x230/0x230 [ 812.830451] ? do_raw_spin_unlock+0x57/0x270 [ 812.834855] ? _raw_spin_unlock+0x2d/0x50 [ 812.838983] try_charge+0xc4e/0x1480 [ 812.842678] ? mark_held_locks+0x100/0x100 [ 812.846901] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 812.851733] ? get_mctgt_type+0x8f0/0x8f0 [ 812.855870] ? percpu_ref_tryget_live+0x111/0x290 [ 812.860730] memcg_kmem_charge_memcg+0x7c/0x130 [ 812.865391] ? memcg_kmem_put_cache+0xb0/0xb0 [ 812