[?25l[?1c7[ ok 8[?25h[?0c. [ 11.264875] random: crng init done [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.159' (ECDSA) to the list of known hosts. 2019/02/02 20:26:08 fuzzer started 2019/02/02 20:26:12 dialing manager at 10.128.0.26:46251 2019/02/02 20:26:12 syscalls: 1 2019/02/02 20:26:12 code coverage: enabled 2019/02/02 20:26:12 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/02/02 20:26:12 extra coverage: extra coverage is not supported by the kernel 2019/02/02 20:26:12 setuid sandbox: enabled 2019/02/02 20:26:12 namespace sandbox: enabled 2019/02/02 20:26:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/02 20:26:12 fault injection: kernel does not have systematic fault injection support 2019/02/02 20:26:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/02 20:26:12 net packet injection: enabled 2019/02/02 20:26:12 net device setup: enabled 20:27:18 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@getsadinfo={0x14, 0x23, 0xa0d}, 0x14}}, 0x0) 20:27:18 executing program 5: clone(0x0, &(0x7f0000659ffe), 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x80000000, &(0x7f0000a94f70)) 20:27:18 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000040)={0x24020019980330}, &(0x7f0000000140)={0x0, 0x101, 0x0, 0x0, 0x6e}) clone(0x800000001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setpriority(0x2, 0x0, 0x1) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) 20:27:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) 20:27:18 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @loopback}, 0x10) read(r0, &(0x7f00000000c0)=""/188, 0xbc) recvmsg(r0, &(0x7f00000005c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000740)=[{&(0x7f0000003ac0)=""/4096, 0xd400}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x0) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 20:27:18 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000180)='\x00', 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) lgetxattr(0x0, 0x0, 0x0, 0x0) syzkaller login: [ 99.455574] audit: type=1400 audit(1549139240.329:5): avc: denied { associate } for pid=2120 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 20:27:20 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) rmdir(&(0x7f0000000080)='./file0\x00') 20:27:20 executing program 3: syz_execute_func(&(0x7f0000000000)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e3440fe7b900080000c4acc201c29271cc5d429271cc") r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40002, 0x0) write$cgroup_type(r0, 0x0, 0x0) [ 99.563795] capability: warning: `syz-executor3' uses 32-bit capabilities (legacy support in use) 20:27:20 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) futex(&(0x7f0000000700)=0x1, 0x8b, 0x1, &(0x7f00000005c0), 0x0, 0x0) 20:27:20 executing program 3: r0 = open(&(0x7f0000000580)='./bus\x00', 0x141042, 0x0) close(r0) r1 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0xc002) r2 = memfd_create(&(0x7f00000002c0)='/Xr\xd8\xdd', 0x0) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) getpeername(r0, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @initdev}}, &(0x7f0000000140)=0x80) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r1, r2, 0x0, 0x80003) 20:27:20 executing program 5: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) 20:27:20 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, 0x0, 0x0) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_group_source_req(r2, 0x0, 0x2b, &(0x7f00000000c0)={0x101, {{0x2, 0x4e20, @multicast1}}, {{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000000)=0x40004001, 0x4) 20:27:20 executing program 3: openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f000000bd00)=[{{0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000002480)=""/74, 0x4a}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/fib_trie\x00') preadv(r0, &(0x7f00000017c0), 0x1c2, 0x0) 20:27:20 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) preadv(0xffffffffffffffff, 0x0, 0xc718e6e4ec8ec3f5, 0x0) r1 = epoll_create1(0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, 0x0) lsetxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x0) getresgid(0x0, 0x0, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) write$P9_RSTAT(r2, 0x0, 0x0) 20:27:20 executing program 0: rt_sigqueueinfo(0x0, 0x0, 0xffffffffffffffff) 20:27:21 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x20007ffc) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000000)) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f0000000100)="d40ed457f07b49617a04b4af261dbeb769513bf5cc974b7ee8460a311405b531c8675920fed10ee4a0865a662cc7e91c143fe2ebb402cb963ff302a0f038853ace8fed9f5e0b9d748c01a2ca0be7bf7b6c6e0b5ca37f872c53593785c032985eab66166fd6eccdd3a3c0307619f93c69e4173716c7862fba34b65c38ac07ae5f71c44f06bb47e42ab3a16331ad330ad43db3240a1c283d123109768d878b65123fc205596f13b05177921e294281015657c7b7aa74c4b2762652bde12be3d793") connect$inet6(0xffffffffffffffff, 0x0, 0x0) 20:27:21 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = socket(0x40000000015, 0x40000000000005, 0x0) getsockopt$sock_int(r1, 0x1, 0x1, &(0x7f00003e9ffc), &(0x7f0000000180)=0x4) 20:27:21 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)={0xa, 0x2, 0x914, 0x4000000005, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r0, &(0x7f0000000000), 0x0}, 0x18) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000000)='@', 0x0}, 0x20) 20:27:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@release={0x40046306, 0x1}], 0x0, 0x0, 0x0}) 20:27:21 executing program 0: rt_sigqueueinfo(0x0, 0x0, 0xffffffffffffffff) 20:27:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0af51f023c123f3188a070") socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 20:27:21 executing program 0: rt_sigqueueinfo(0x0, 0x0, 0xffffffffffffffff) 20:27:21 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) [ 100.499266] audit: type=1400 audit(1549139241.369:6): avc: denied { map_create } for pid=3090 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 20:27:21 executing program 0: rt_sigqueueinfo(0x0, 0x0, 0xffffffffffffffff) 20:27:21 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:21 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x69, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe81, 0x200408d4, &(0x7f0000000240)={0xa, 0x0, 0xfffffffffffffffe, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 100.505034] audit: type=1400 audit(1549139241.379:7): avc: denied { set_context_mgr } for pid=3091 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 100.506033] audit: type=1400 audit(1549139241.379:8): avc: denied { call } for pid=3091 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 100.506625] audit: type=1400 audit(1549139241.379:9): avc: denied { transfer } for pid=3091 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 100.518892] binder: send failed reply for transaction 2 to 3091:3096 [ 100.522054] binder: undelivered TRANSACTION_COMPLETE [ 100.522061] binder: undelivered TRANSACTION_ERROR: 29189 [ 100.535456] hrtimer: interrupt took 35450 ns 20:27:21 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x20007ffc) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000000)) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f0000000100)="d40ed457f07b49617a04b4af261dbeb769513bf5cc974b7ee8460a311405b531c8675920fed10ee4a0865a662cc7e91c143fe2ebb402cb963ff302a0f038853ace8fed9f5e0b9d748c01a2ca0be7bf7b6c6e0b5ca37f872c53593785c032985eab66166fd6eccdd3a3c0307619f93c69e4173716c7862fba34b65c38ac07ae5f71c44f06bb47e42ab3a16331ad330ad43db3240a1c283d123109768d878b65123fc205596f13b05177921e294281015657c7b7aa74c4b2762652bde12be3d793") connect$inet6(0xffffffffffffffff, 0x0, 0x0) 20:27:21 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='cmdline\x00') getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, 0x0, 0x0) close(r0) socket$unix(0x1, 0x5, 0x0) close(0xffffffffffffffff) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000000)=""/113, &(0x7f0000000080)=0xffffffffffffffe0) write$P9_RLOCK(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f00000001c0)="c77130a19deaa4f9fbd7367accd4ca6fe123185e5118738c7bd879a1cdb4326a40b89964e59db18d35c32ae1075bb525a447f377", 0x34) 20:27:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000180)='\x00', 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KDGKBLED(0xffffffffffffffff, 0x4b64, 0x0) fstat(0xffffffffffffffff, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) lgetxattr(0x0, 0x0, 0x0, 0x0) 20:27:21 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0) 20:27:21 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:21 executing program 5: 20:27:21 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) personality(0x200000) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/protocols\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x10400003) 20:27:21 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:21 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r0, &(0x7f0000bc2000)="8190e2b180b2e9160f8fab58f37d7fc95953350553f5f86d2144d9b788cde28bbfe41fd7cfeb66d2a836003077f7d08144db1d41fa7f1255dff1fe48d081fadc68a93a7adde602d9d01034199ebd5e4b0ed5358a454cc0916d6c0d3f00a7064305ccd46be9553b978243ab9b8e6108f50d9ce98a064592b4a1e4c65d178ed27971639ee2611147ce5f1a3f1ddf213fe4dbb0e1a9e4f307b80ce853ead942049f8c56dc2b880eb0e9e66c679e2b5c2299bd20b39433033ae7119fc61baaab9e67a2d1b24c8f416f2da9a7324e456a1230efeade28f89d03cdee5d867d155e232bb8447512e4a9baee76fd436acd568f285e08fede7e556b7e6f674c34bbc115ec3d94d3928a47ef03ac3e29a0bdb3d5d9eba7bba7d9fd25e76daee480f39831fabbeddd3cd2291d11ba8a2fdafd0387919e2930ba5e91552811b3b90252420a6608fbe93ead3ee66a9283ffb109b32059a9e2fce77fffefdfb7d99b6a61887e320bc019d2463c1a665088be9ca6b9f8c2fe56e5b861cd6f4897a1386d294c73e1c5350ca74b43280f898a30cac1ec91ead092123de6f2b6e9165da84ec60f1c682d7288a75819779f6b071dbf080beee6408268e876adf49fa41231bfb907755e1f2a9ea159b1c09032e797046139547c0fb88167a7780d689106e0303a2c1c9f057776b4f7bd62064f72ae1a080e39e5a1d467f774298f755f64c451f9e01aed896ed84ab1ac72b1448bef1495774573f30131f3b02a35f74222430251b5b1246cdef5b7535f3d32d5ae315d2a0a8f3485d07c257d3f3da00ef2a276db61537e8e0b520a1b1c069d13682a73767ead8a83904873eff3b427f7c2fe6e59196aa2e98b947c996816fe6f62328fe8e052d88641c56dc83eaa3bab293f46698845b7a71e2db4a4c89f187e97d2af64f9ceb8bce27707275d98070187d3004bbcc8f9940b0cef24e9cb87fa4a77470b245a2a3d", 0x2b1, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000e8e000)=[{{&(0x7f00008b6000)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}, 0x1}, 0x80, &(0x7f0000231ff0)=[{&(0x7f0000f89000)='t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f00006a7ffc), 0x4) listen(r0, 0x2) r1 = accept4(r0, 0x0, &(0x7f0000622ffc)=0x1c6, 0x0) write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[@ANYPTR64], 0x8) ppoll(&(0x7f0000000080)=[{r1}], 0x1, &(0x7f00000000c0)={0x0, 0x1c9c380}, &(0x7f0000000100), 0x8) 20:27:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0af51f023c123f3188a070") bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x10}, 0x2c) 20:27:21 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:21 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:22 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x20007ffc) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000000)) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f0000000100)="d40ed457f07b49617a04b4af261dbeb769513bf5cc974b7ee8460a311405b531c8675920fed10ee4a0865a662cc7e91c143fe2ebb402cb963ff302a0f038853ace8fed9f5e0b9d748c01a2ca0be7bf7b6c6e0b5ca37f872c53593785c032985eab66166fd6eccdd3a3c0307619f93c69e4173716c7862fba34b65c38ac07ae5f71c44f06bb47e42ab3a16331ad330ad43db3240a1c283d123109768d878b65123fc205596f13b05177921e294281015657c7b7aa74c4b2762652bde12be3d793") connect$inet6(0xffffffffffffffff, 0x0, 0x0) 20:27:22 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:22 executing program 2: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="400000001900010200000000000000001d0100002c000300217b266c6f385d6c6f2e2c47504c276370757365746e6f64657621285d76626f786e65743123bf5e"], 0x1}}, 0x0) 20:27:22 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) personality(0x200000) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/protocols\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x10400003) 20:27:22 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000200)={{0x2, 0x0, @empty}, {0x0, @broadcast}, 0x0, {0x2, 0x0, @dev}, 'ip6_vti0\x00'}) 20:27:22 executing program 0: 20:27:22 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:22 executing program 1: 20:27:22 executing program 2: 20:27:22 executing program 1: 20:27:22 executing program 0: 20:27:22 executing program 2: 20:27:22 executing program 4: 20:27:22 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:22 executing program 0: 20:27:22 executing program 1: 20:27:22 executing program 2: 20:27:22 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) personality(0x200000) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/protocols\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x10400003) 20:27:22 executing program 0: 20:27:22 executing program 1: 20:27:22 executing program 2: 20:27:22 executing program 0: 20:27:22 executing program 4: 20:27:22 executing program 1: 20:27:22 executing program 2: 20:27:22 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:22 executing program 4: 20:27:22 executing program 1: 20:27:22 executing program 0: 20:27:22 executing program 5: 20:27:22 executing program 2: 20:27:22 executing program 4: 20:27:22 executing program 1: 20:27:22 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@mcast2}, 0x64) ptrace$setopts(0x4206, r2, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x42803) 20:27:22 executing program 5: clone(0x3182001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$EXT4_IOC_RESIZE_FS(r1, 0x40086610, &(0x7f0000000100)) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x24) wait4(0x0, 0x0, 0x0, 0x0) 20:27:22 executing program 2: 20:27:22 executing program 4: 20:27:22 executing program 1: 20:27:22 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:27:22 executing program 1: 20:27:22 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xb, 0x17, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000022000000170000000000000095000000000000008b51a8f00852319a9b0df86c9888f733d389414d064979dc81009222d3d990a26776f022dd9692486559df62945f154ab65bc0c60ba2ea07c680cd6d6159a94c5a32a3a1fd4b8a76e08beb7c8d1eee37a2c3710757e08961ebb01df33272db2d0a3bc28ab291839e9695d8441e052a3e5adba7222fc4212e1ee3b3006d5af489cf1c7cea2810e96d28683bafd1cd2a78eeebe7ecaa7e258bb937b73b645802c59f750b7bdc"], 0x0, 0x7fff, 0x1000, &(0x7f0000014000)=""/4096}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x0, 0x16, 0x0, &(0x7f0000000400)="e460cdfba82170742307070088644e76aed9b428bb07", 0x0, 0x4000000000040004}, 0x28) 20:27:22 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond_slave_0\x00'}) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="00000000ffffffff00000000040001001f00646521ef915c37a26c0000000400190ab8cd7047762f7f51680755d2fdfc19ba1f0000"], 0x1}}, 0x0) 20:27:22 executing program 3: r0 = epoll_create1(0x0) close(r0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)) [ 101.744522] EXT4-fs warning (device sda1): ext4_resize_fs:1885: can't read last block, resize aborted 20:27:22 executing program 1: r0 = socket(0x10, 0x20000000000003, 0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003080)={0x14, 0x1a, 0x201}, 0x14}}, 0x0) 20:27:22 executing program 3: r0 = epoll_create1(0x0) close(r0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)) [ 101.803135] audit: type=1400 audit(1549139242.669:10): avc: denied { prog_load } for pid=3261 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 101.827978] EXT4-fs warning (device sda1): ext4_resize_fs:1885: can't read last block, resize aborted 20:27:22 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) 20:27:25 executing program 5: r0 = perf_event_open(&(0x7f0000000740)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x8, &(0x7f0000000100)=0x0) io_submit(r1, 0x2000019c, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 20:27:25 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) socketpair(0x5, 0x0, 0x8, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000004c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000600)={0x1, 0x0, {0x2, 0xc, 0x4, 0x14, 0x0, 0xffffffffffff9a2f, 0x3, 0x91, 0xffffffffffffffff}}) pipe(&(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f00000001c0), 0xfffffef3) read(r3, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x11) lstat(&(0x7f0000000440)='./file0\x00', 0x0) lstat(&(0x7f0000000400)='./bus\x00', &(0x7f0000000bc0)) r5 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) r6 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @multicast1, @broadcast}, &(0x7f0000000300)=0xc) recvfrom$packet(r3, &(0x7f0000000140)=""/167, 0xa7, 0x0, 0x0, 0x0) sendmmsg(r5, &(0x7f00000092c0), 0x1c5, 0x40000) getsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000380)={@remote, @dev}, &(0x7f00000003c0)=0xc) setsockopt$inet_pktinfo(r1, 0x0, 0x8, 0x0, 0x0) io_cancel(0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x0, r0, &(0x7f0000000180)="d9f86abdd33cdf4d2fb8ef68481b20e5", 0x10, 0xcda, 0x0, 0x2}, 0x0) r7 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f00000001c0)=0xfffffffffffffffe) write$cgroup_type(r7, &(0x7f0000000340)='threaded\x00', 0xffffffc5) getsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f0000000040)={@loopback}, &(0x7f0000000080)=0x14) write$binfmt_aout(r7, &(0x7f0000000740)=ANY=[@ANYBLOB="0f0108830c0200004b020000080000003b00000085c4ffff0000000000000000e76b6750f8680a74d71e792715455c69ec8e112bdb2a8334bd39976e9ed2a322319fe7f500d99a2d522cb2e2c6bd826045d2d54d821d442200925039d1456c0b74e93b3c6a8dc4371b47e3bc7fa70265c2bbe4e83d007b82ae65ebce6c3c30047731732b342724ac4c23fa867bab3254d803f11caaf23a66ca9f534d691e5c45687ca06b71037bd407480d0f7cc20d119044f161ba0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbff0000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e549da8191910eaa523596d17ecb6962ae5f716235ee29f2fbe86826797cf96ab130774a2ef060d6a3d48faef5e553645ebbd6afaff7c531e27fafdda3b3824abb5057682a53ab9c3a2df9da64dccd044fa62801b38bd9142fc9e624b27b1bd918c660f3b8659e43b75d9a951675880c5b9a415e5b25674d91ec8c83d54f36f666bcbe0cbb59710a48d908b18384989f6387b753ac480a265747c00274ed092f33af903f23f9a3ff2b716e170c6cc60d01de76b288fc7e099bd90727fcb521e0c7eef3f323302a0b08c9fd4e1a7aece5b0b523d1354889c87f9f4618bf54e67452ff851315febf9551e490fefa27c666902d7d5952d5ff28e8a9139a1a342fc777ce813b99105025cacd6c409afac306fb60976c778ded601f99b20a58968fa1548d6acb6cc40ffd0a230228c0a79fbb9a6dfa4dc277e63548c2299299000000ade3192518113354ae83"], 0x3f7) ioctl$EXT4_IOC_MIGRATE(r8, 0x6609) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r6, 0x660c) 20:27:25 executing program 3: r0 = epoll_create1(0x0) close(r0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)) 20:27:25 executing program 1: openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="000000000000000000000000000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}]) 20:27:25 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xb, 0x17, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000022000000170000000000000095000000000000008b51a8f00852319a9b0df86c9888f733d389414d064979dc81009222d3d990a26776f022dd9692486559df62945f154ab65bc0c60ba2ea07c680cd6d6159a94c5a32a3a1fd4b8a76e08beb7c8d1eee37a2c3710757e08961ebb01df33272db2d0a3bc28ab291839e9695d8441e052a3e5adba7222fc4212e1ee3b3006d5af489cf1c7cea2810e96d28683bafd1cd2a78eeebe7ecaa7e258bb937b73b645802c59f750b7bdc"], 0x0, 0x7fff, 0x1000, &(0x7f0000014000)=""/4096}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x0, 0x16, 0x0, &(0x7f0000000400)="e460cdfba82170742307070088644e76aed9b428bb07", 0x0, 0x4000000000040004}, 0x28) 20:27:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x20, r1, 0xfffff7ffffffffff, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8}]}]}, 0x20}}, 0x0) 20:27:25 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100000048700000d7a3e1dd48000000000000009500000000000000"], 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="410b8a8046c3a988fbc5f08e8eb0", 0x0, 0xffffffff00000f20}, 0x28) 20:27:25 executing program 3: r0 = epoll_create1(0x0) close(0xffffffffffffffff) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, &(0x7f0000000040)) [ 104.739344] audit: type=1400 audit(1549139245.609:11): avc: denied { create } for pid=3303 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 20:27:25 executing program 2: r0 = socket(0x10, 0x20000000000003, 0x0) recvmmsg(r0, &(0x7f00000029c0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/179, 0xb3}], 0x1, &(0x7f0000000280)=""/208, 0xd0}}, {{&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000002600)=[{&(0x7f0000000380)}, {&(0x7f00000003c0)=""/184, 0xb8}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/137, 0x89}, {&(0x7f0000001540)=""/185, 0xb9}, {&(0x7f0000001600)=""/4096, 0x1000}], 0x6}}, {{&(0x7f0000002680)=@ethernet={0x0, @broadcast}, 0x80, &(0x7f0000002900)=[{&(0x7f0000002700)=""/28, 0x1c}, {&(0x7f0000002740)=""/204, 0xcc}, {&(0x7f00000030c0)=""/4096, 0x1000}, {&(0x7f0000002840)=""/56, 0x38}, {&(0x7f00000040c0)=""/4096, 0x1000}, {&(0x7f0000002880)=""/22, 0x16}, {&(0x7f00000028c0)=""/28, 0x1c}, {&(0x7f00000050c0)=""/4096, 0x981}], 0x8, &(0x7f0000002980)=""/19, 0x13}}], 0x3, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003080)={0x14, 0x1a, 0x201}, 0x14}}, 0x0) 20:27:25 executing program 3: r0 = epoll_create1(0x0) close(0xffffffffffffffff) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, &(0x7f0000000040)) [ 104.785457] audit: type=1400 audit(1549139245.659:12): avc: denied { write } for pid=3303 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 20:27:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) setxattr$security_evm(0x0, 0x0, 0x0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, &(0x7f0000000100)) 20:27:25 executing program 0: [ 104.807277] audit: type=1400 audit(1549139245.669:13): avc: denied { read } for pid=3303 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 20:27:26 executing program 4: INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes 20:28:25 executing program 2: 20:28:25 executing program 3: r0 = epoll_create1(0x0) close(0xffffffffffffffff) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, &(0x7f0000000040)) [ 166.826007] loop1: p1 p2 p3 p4 < > 20:28:27 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc), 0x800000000006, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x100000f, 0x31, 0xffffffffffffffff, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 20:28:27 executing program 0: ioctl(0xffffffffffffffff, 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) unlink(0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020300030c0000000000002000000000020009004000f40a000000000000000003000600000000000200ee00e0000054d81458186fe8b90002000100000000000000020200044a7b030005000000000002000000e0003f010000000000fca0d9"], 0x60}}, 0x0) exit(0x612d) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000001c0)={0x0, 0x9, 0xfffffffffffffff8, 0x763, 0x7fffffff}, 0x14) 20:28:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=ANY=[@ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 20:28:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0af51f023c123f3188a070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1\x00', 0xb) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x0, 0x6, 0x7f}, 0x14) setsockopt$inet_tcp_int(r1, 0x6, 0x4000000000013, &(0x7f0000000140), 0x27b) setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) close(r1) 20:28:28 executing program 2: r0 = socket$inet6(0x18, 0x2, 0x0) r1 = dup2(r0, r0) sendmsg$unix(r1, &(0x7f0000001700)={&(0x7f0000000140)=ANY=[@ANYBLOB="fb182c2f66696c650000000000008001991200"], 0x1, 0x0}, 0x0) 20:28:28 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYBLOB="000000080000000000000000000000000000000000000000000000000000000000000003030000000000f60bf5492a6caee64fce208d9300000000f7de142d23280000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000c8161f73ba45b6386145de7e3ca4f7b64c1485143c89cba9cff7145da8561fb2153e9e067161cfdab4bcceff18a4b1deda553016fc37554b1a2d3fa227f5b49a2875af43b34bcb8d5ac3d33d494ae6582ef4c3c3f69ec6a2d30711621d017edcda556bd4cfd0cdc47b9548951e3f8fbf9df60d42e8353561d2a5acc93d7158e386587dfcd743331cb10b209912a0dc8680676fd64a67135b8f8a8a923479ee7d583148c0e79843ba150f5217949730a65c54c793f44a7441b575956ccfb3f9146b257ad8ccfe8d6178abdcb674dd1586bbf573ea771b55ca0e10aa4455d7e1ebe95da699ffc061515a688126813d809ca67f1b6a23f4a25d3c97fa72fca826d5d608a6dc04c7a8dc2a5b28ba9f29ca10d1464a8f884168f1460d745c3385d571d97d94b041b2d60a610516ada6506a00000000"], 0x1}}, 0x0) 20:28:28 executing program 2: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, 0x0) gettid() syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r1, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc", 0x101) sendfile(r1, r2, 0x0, 0x10000) 20:28:28 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(0xffffffffffffffff) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:28 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(0xffffffffffffffff) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:28 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(0xffffffffffffffff) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) [ 167.849247] FAT-fs (loop2): codepage cp437 not found 20:28:28 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:28 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) sysinfo(&(0x7f00000007c0)=""/154) ioctl$BLKPG(r0, 0x1269, &(0x7f00000006c0)={0x1, 0x0, 0x0, &(0x7f0000000800)}) [ 167.883165] FAT-fs (loop2): codepage cp437 not found 20:28:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x400000036, &(0x7f0000000140)=@fragment, 0x8) setsockopt$inet6_opts(r1, 0x29, 0x3b, 0x0, 0x0) 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:44 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0xfffffe5e) r1 = socket$unix(0x1, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0xfffffffffffffc98, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) getgid() listen(0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) epoll_create(0x0) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$reject(0x13, 0x0, 0x0, 0x0, 0x0) sendto$unix(r0, &(0x7f0000000180)="98", 0x1, 0x0, 0x0, 0x0) 20:28:44 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x40, 0x803, 0x2}, 0x23) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000040), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000001280)={r1, &(0x7f0000000040)='\x00', 0x0, 0x2}, 0x20) 20:28:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/255, 0x443}], 0x10000000000000e0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x800000010000000d) dup3(r1, r0, 0x0) write(r0, &(0x7f0000c34fff), 0xffffff0b) prctl$PR_MCE_KILL_GET(0x22) 20:28:44 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000040)={0x24020019980330}, &(0x7f0000000140)={0x0, 0x101, 0x0, 0x0, 0x6e}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in=@initdev}, 0x0, @in6=@empty}}, 0x0) clone(0x800000001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setpriority(0x2, 0x0, 0x1) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x103) 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) [ 183.452844] binder: 4295:4310 unknown command 536871360 [ 183.458511] binder: 4295:4310 ioctl c0306201 20000040 returned -22 [ 183.471024] binder: 4295:4317 unknown command 536871360 [ 183.471393] binder: BINDER_SET_CONTEXT_MGR already set [ 183.471398] binder: 4295:4310 ioctl 40046207 0 returned -16 [ 183.489564] binder: 4295:4317 ioctl c0306201 20000040 returned -22 20:28:44 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, 0xfffffffffffffffd) 20:28:44 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000900)={@in6={{0xa, 0x4e23, 0x1, @loopback}}, 0x0, 0x9, 0x0, "5a8996e54cf9023a2c92b8251c5e9a6999071221724ab15fe5dc5104d272f7ce0d13044c17cea9006f8763feda9a9ecf294fe505ebf5415eb200"}, 0xd8) r1 = dup(r0) io_setup(0x20, &(0x7f0000000300)) io_setup(0x7, &(0x7f00000004c0)) setsockopt$inet6_tcp_int(r1, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f00000000c0)={0x8000, 0xff, 0x0, 0xeefa}, 0x10) open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) 20:28:44 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) futex(&(0x7f0000000700)=0x1, 0x8b, 0x1, &(0x7f00000005c0), 0x0, 0x0) 20:28:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400100401000200027000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000340)=""/4096, 0xae0) 20:28:44 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) futex(&(0x7f0000000700)=0x1, 0x8b, 0x1, &(0x7f00000005c0), 0x0, 0x1) 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:44 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000180)='\x00', 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$KDGKBLED(0xffffffffffffffff, 0x4b64, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, 0x0) fstat(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, 0x0) 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/255, 0x443}], 0x10000000000000e0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x800000010000000d) dup3(r1, r0, 0x0) write(r0, &(0x7f0000c34fff), 0xffffff0b) prctl$PR_MCE_KILL_GET(0x22) 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/255, 0x443}], 0x10000000000000e0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x800000010000000d) dup3(r1, r0, 0x0) write(r0, &(0x7f0000c34fff), 0xffffff0b) prctl$PR_MCE_KILL_GET(0x22) [ 183.595680] FAT-fs (loop2): codepage cp437 not found 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) [ 183.649616] FAT-fs (loop2): codepage cp437 not found 20:28:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400100401000200027000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) getdents(r0, &(0x7f0000000340)=""/4096, 0xae0) 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:44 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x0, 0x0, 0xff, 0x3}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x0, 0x0, 0x1, 0x3}, 0x20) 20:28:44 executing program 0: io_setup(0x7, &(0x7f0000000140)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000d83f60)=[{}, {}], 0x0) io_destroy(r0) 20:28:44 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000180)='\x00', 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) 20:28:44 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) [ 183.739249] FAT-fs (loop5): codepage cp437 not found [ 183.795647] FAT-fs (loop5): codepage cp437 not found 20:28:45 executing program 1: 20:28:45 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)={0xa, 0x2, 0x914, 0x4000000005, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r0, &(0x7f0000000000), 0x0}, 0x18) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000000)='@', 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000000), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r0, &(0x7f0000000440), 0x0}, 0x20) rt_sigprocmask(0x1, &(0x7f0000000340)={0x7}, &(0x7f0000000380), 0x8) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000040), 0x0}, 0x20) 20:28:45 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:45 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)) unshare(0x0) r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) 20:28:45 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r0, 0x0, 0x1, &(0x7f0000000000)='\x00'}, 0x30) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) r2 = fcntl$getown(r0, 0x9) r3 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) fstat(0xffffffffffffffff, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x22}}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0xf4, 0x4}, {0x7ff, 0x100, 0x3de, 0x8}, 0x97, 0x0, 0x0, 0x1, 0x2}, {{@in6=@local, 0x4d5, 0x3c}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3501, 0x0, 0x3, 0x3, 0x12fe, 0x0, 0x36f}}, 0xe8) ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @dev={0xfe, 0x80, [], 0x1b}, @loopback}) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x1c, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, 0x16b}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) io_setup(0x20, &(0x7f0000000180)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000300)={0x0, @multicast2, @multicast1}, 0xc) memfd_create(&(0x7f0000000000)='.(selfwlan1em1GPL\x00', 0x5) prlimit64(r2, 0x0, 0x0, 0x0) 20:28:45 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) 20:28:45 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0xfffffe5e) r1 = socket$unix(0x1, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0xfffffffffffffc98, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) epoll_create(0x0) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$reject(0x13, 0x0, 0x0, 0x0, 0x0) sendto$unix(r0, &(0x7f0000000180), 0x0, 0x90, 0x0, 0x0) 20:28:45 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 20:28:45 executing program 5: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f0000001180)='threaded\x00', 0xfc9a) fallocate(r0, 0x0, 0x0, 0x10001) fallocate(r1, 0x3, 0x5e00, 0x9) fallocate(r0, 0x11, 0x0, 0x10000) 20:28:45 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_emit_ethernet(0x4e, &(0x7f00000003c0)={@link_local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "c4592a", 0x18, 0x2f, 0x0, @empty, @dev, {[@fragment={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x66}], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "cd01eb", 0x800, "b9fe07"}}}}}}}, 0x0) 20:28:45 executing program 1: socketpair$unix(0x1, 0x200000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x1040, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x2000000005452, &(0x7f00000000c0)=0x3f) creat(&(0x7f0000000140)='./file0\x00', 0x0) recvfrom$unix(r3, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setown(r2, 0x8, r1) fcntl$setsig(r2, 0xa, 0x12) clone(0x3102001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) nanosleep(&(0x7f0000000000)={0x77359400}, 0x0) dup2(r2, r3) tkill(r1, 0x16) 20:28:45 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)) 20:28:45 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)) 20:28:45 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x0, 0x0, 0xff, 0x3}, 0x20) 20:28:45 executing program 5: 20:28:45 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)) 20:28:45 executing program 2: 20:28:45 executing program 5: 20:28:45 executing program 0: 20:28:45 executing program 4: 20:28:45 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, 0xffffffffffffffff, &(0x7f0000000040)) 20:28:45 executing program 0: 20:28:46 executing program 1: 20:28:46 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, 0xfffffffffffffffd) sysinfo(0x0) 20:28:46 executing program 5: 20:28:46 executing program 2: 20:28:46 executing program 0: 20:28:46 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, 0xffffffffffffffff, &(0x7f0000000040)) 20:28:46 executing program 2: 20:28:46 executing program 5: 20:28:46 executing program 1: 20:28:46 executing program 2: 20:28:46 executing program 1: 20:28:46 executing program 0: 20:28:46 executing program 5: 20:28:46 executing program 2: 20:28:46 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, 0xffffffffffffffff, &(0x7f0000000040)) 20:28:46 executing program 5: 20:28:46 executing program 4: 20:28:46 executing program 1: 20:28:46 executing program 0: 20:28:46 executing program 2: 20:28:46 executing program 1: 20:28:46 executing program 5: 20:28:46 executing program 0: 20:28:46 executing program 4: 20:28:46 executing program 1: 20:28:46 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, 0x0) 20:28:46 executing program 0: 20:28:46 executing program 4: 20:28:46 executing program 1: 20:28:46 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, 0x0) 20:28:46 executing program 5: 20:28:46 executing program 2: 20:28:46 executing program 4: 20:28:46 executing program 2: 20:28:46 executing program 4: 20:28:46 executing program 1: 20:28:46 executing program 5: 20:28:46 executing program 0: 20:28:46 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, 0x0) 20:28:46 executing program 1: 20:28:46 executing program 4: 20:28:46 executing program 5: 20:28:46 executing program 1: 20:28:46 executing program 2: 20:28:46 executing program 0: 20:28:46 executing program 4: 20:28:46 executing program 4: 20:28:46 executing program 3: 20:28:46 executing program 1: clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)='\x00'}, 0x30) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) r1 = fcntl$getown(0xffffffffffffffff, 0x9) r2 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) fstat(0xffffffffffffffff, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x22}}, @in6=@mcast1, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0xf4, 0x4}, {0x7ff, 0x100, 0x3de, 0x8}, 0x97, 0x0, 0x0, 0x1, 0x2, 0x3}, {{@in6=@local, 0x4d5, 0x3c}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3501, 0x0, 0x3, 0x3, 0x12fe, 0x0, 0x36f}}, 0xe8) ioctl$sock_inet6_SIOCADDRT(r2, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @dev={0xfe, 0x80, [], 0x1b}, @loopback}) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x1c, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, 0x16b}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) io_setup(0x20, &(0x7f0000000180)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) memfd_create(&(0x7f0000000000)='.(selfwlan1em1GPL\x00', 0x0) prlimit64(r1, 0x0, 0x0, 0x0) 20:28:46 executing program 5: r0 = timerfd_create(0x0, 0x0) readv(r0, 0x0, 0x0) clock_gettime(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000003, 0x8031, 0xffffffffffffffff, 0x0) munlock(&(0x7f00004f1000/0x3000)=nil, 0x3000) 20:28:46 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000200)={0xfffffffffffffffd, 0x2}) 20:28:46 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x20007ffc) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_opts(r1, 0x0, 0xd, &(0x7f00000002c0)=""/4096, &(0x7f0000000000)=0x1000) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) 20:28:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = socket(0x40000000015, 0x40000000000005, 0x0) setsockopt(r1, 0x100000114, 0x1d, &(0x7f0000c63ffc)="66014ebe", 0x4) getsockopt$sock_int(r1, 0x1, 0x1d, &(0x7f00003e9ffc), &(0x7f0000727ffc)=0x4) 20:28:46 executing program 0: 20:28:46 executing program 4: [ 185.977915] audit: type=1400 audit(1549139326.849:14): avc: denied { wake_alarm } for pid=4623 comm="syz-executor5" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 20:28:46 executing program 3: 20:28:46 executing program 0: 20:28:46 executing program 4: 20:28:46 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r0, 0x0, 0x1, &(0x7f0000000000)='\x00'}, 0x30) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) r2 = fcntl$getown(r0, 0x9) r3 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) fstat(0xffffffffffffffff, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x22}}, @in6=@mcast1, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0xf4, 0x4}, {0x7ff, 0x0, 0x3de, 0x8}, 0x97, 0x0, 0x0, 0x1, 0x2, 0x3}, {{@in6=@local, 0x4d5, 0x3c}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3501, 0x0, 0x3, 0x3, 0x12fe, 0x0, 0x36f}}, 0xe8) ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @dev={0xfe, 0x80, [], 0x1b}, @loopback}) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x1c, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, 0x16b}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) io_setup(0x20, &(0x7f0000000180)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000300)={0x0, @multicast2, @multicast1}, 0xc) memfd_create(&(0x7f0000000000)='.(selfwlan1em1GPL\x00', 0x5) prlimit64(r2, 0x0, 0x0, 0x0) 20:28:46 executing program 4: 20:28:47 executing program 1: clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)='\x00'}, 0x30) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) r1 = fcntl$getown(0xffffffffffffffff, 0x9) r2 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) fstat(0xffffffffffffffff, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x22}}, @in6=@mcast1, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0xf4, 0x4}, {0x7ff, 0x100, 0x3de, 0x8}, 0x97, 0x0, 0x0, 0x1, 0x2, 0x3}, {{@in6=@local, 0x4d5, 0x3c}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3501, 0x0, 0x3, 0x3, 0x12fe, 0x0, 0x36f}}, 0xe8) ioctl$sock_inet6_SIOCADDRT(r2, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @dev={0xfe, 0x80, [], 0x1b}, @loopback}) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x1c, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, 0x16b}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) io_setup(0x20, &(0x7f0000000180)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) memfd_create(&(0x7f0000000000)='.(selfwlan1em1GPL\x00', 0x0) prlimit64(r1, 0x0, 0x0, 0x0) 20:28:47 executing program 5: 20:28:47 executing program 0: 20:28:47 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x20007ffc) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_opts(r1, 0x0, 0xd, &(0x7f00000002c0)=""/4096, &(0x7f0000000000)=0x1000) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) 20:28:47 executing program 4: 20:28:47 executing program 3: 20:28:47 executing program 1: 20:28:47 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000002c0)=""/148, 0x94}], 0x1, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x7) syncfs(r0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x72, 0x4) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000001d5a8a4710000105000600200000000a00000000000000000500e50000070000001f0000000000000300000000000002000100f5000000000000020000000005000500000000000a000000000000000000000000000000001700000000000000000000"], 0x80}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400000000000002, 0x0) sendmsg$key(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket(0xffffffffffffffff, 0x80, 0x5) r3 = open(&(0x7f0000000500)='./bus\x00', 0x141042, 0x0) r4 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) connect$unix(r2, &(0x7f0000000580)=@file={0x1, './bus\x00'}, 0x6e) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0xc0f85403, &(0x7f000000efcc)={{0x100000001, 0x0, 0x0, 0x3}}) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000380), 0x4) close(r3) r5 = syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0x0, 0x105082) r6 = memfd_create(&(0x7f0000000600)='uservboxnet0vmnet0(mim\xe5_type]&{ppp1user\x00', 0x2) pwritev(r6, &(0x7f0000000440)=[{&(0x7f0000000480)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x4) ppoll(0x0, 0x0, 0x0, 0x0, 0x360) fcntl$setstatus(r5, 0x4, 0x100) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) write(r8, &(0x7f00000001c0), 0x526987c9) read(r7, &(0x7f0000000740)=""/250, 0xfffffffffffffe87) sendfile(r5, r6, 0x0, 0x80003) 20:28:47 executing program 0: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x218, 0x0, 0x0, 0x0, @dev, @multicast2}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 20:28:47 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) fstat(0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x22}}, @in6=@mcast1, 0x0, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x20, 0x0, r2}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0xf4, 0x4}, {0x7ff, 0x100, 0x0, 0x8}, 0x97, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@local, 0x4d5, 0x3c}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3501, 0x0, 0x3, 0x0, 0x12fe, 0x0, 0x36f}}, 0xe8) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @dev={0xfe, 0x80, [], 0x1b}, @loopback}) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, 0x16b}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000300)={0x0, @multicast2, @multicast1}, 0xc) memfd_create(&(0x7f0000000000)='.(selfwlan1em1GPL\x00', 0x5) prlimit64(0x0, 0x0, 0x0, 0x0) 20:28:47 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f023c123f3188a070") close(r2) socket$netlink(0x10, 0x3, 0xa) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x87fff, 0x0) 20:28:47 executing program 3: [ 186.505430] ================================================================== [ 186.512848] BUG: KASAN: use-after-free in ip_check_defrag+0x571/0x5b0 [ 186.519419] Write of size 4 at addr ffff8801c604ad1c by task syz-executor0/4698 [ 186.526868] [ 186.528489] CPU: 0 PID: 4698 Comm: syz-executor0 Not tainted 4.9.154+ #21 [ 186.535405] ffff8801db607a68 ffffffff81b47411 0000000000000001 ffffea0007181280 [ 186.543481] ffff8801c604ad1c 0000000000000004 ffffffff824a4c01 ffff8801db607aa0 [ 186.551559] ffffffff81502615 0000000000000001 ffff8801c604ad1c ffff8801c604ad1c [ 186.559619] Call Trace: [ 186.562194] [ 186.564266] [] dump_stack+0xc1/0x120 [ 186.569652] [] ? ip_check_defrag+0x571/0x5b0 [ 186.575705] [] print_address_description+0x6f/0x238 [ 186.582378] [] ? ip_check_defrag+0x571/0x5b0 [ 186.588429] [] kasan_report.cold+0x8c/0x2ba [ 186.594409] [] __asan_report_store4_noabort+0x17/0x20 [ 186.601238] [] ip_check_defrag+0x571/0x5b0 [ 186.607114] [] ? ip_defrag+0x3bc0/0x3bc0 [ 186.612822] [] packet_rcv_fanout+0x51e/0x5f0 [ 186.618872] [] __netif_receive_skb_core+0x9c3/0x2990 [ 186.625657] [] ? dev_loopback_xmit+0x430/0x430 [ 186.631915] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 186.638662] [] ? check_preemption_disabled+0x3c/0x200 [ 186.645492] [] ? process_backlog+0x190/0x610 [ 186.651557] [] __netif_receive_skb+0x58/0x1c0 [ 186.657691] [] process_backlog+0x1e8/0x610 [ 186.663568] [] ? process_backlog+0x190/0x610 [ 186.669620] [] net_rx_action+0x3aa/0xdd0 [ 186.675321] [] ? net_rps_action_and_irq_enable.isra.0+0x130/0x130 [ 186.683195] [] __do_softirq+0x22d/0x964 [ 186.688815] [] do_softirq_own_stack+0x1c/0x30 [ 186.694944] [ 186.696998] [] do_softirq.part.0+0x62/0x70 [ 186.702903] [] do_softirq+0x18/0x20 [ 186.708172] [] netif_rx_ni+0xbe/0x310 [ 186.713614] [] tun_get_user+0xcd2/0x2430 [ 186.719320] [] ? tun_select_queue+0x400/0x400 [ 186.725470] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 186.732220] [] tun_chr_write_iter+0xda/0x190 [ 186.738285] [] do_iter_readv_writev+0x3d9/0x4b0 [ 186.744591] [] ? vfs_iter_write+0x460/0x460 [ 186.750556] [] ? selinux_file_permission+0x85/0x470 [ 186.757213] [] ? security_file_permission+0x8f/0x1f0 [ 186.763990] [] ? rw_verify_area+0xea/0x2b0 [ 186.769867] [] do_readv_writev+0x2ed/0x7a0 [ 186.775744] [] ? vfs_write+0x520/0x520 [ 186.781276] [] ? trace_hardirqs_on+0x10/0x10 [ 186.787325] [] ? check_preemption_disabled+0x3c/0x200 [ 186.794169] [] ? __fget+0x208/0x370 [ 186.799440] [] ? __fget+0x22f/0x370 [ 186.804724] [] ? __fget+0x47/0x370 [ 186.809905] [] vfs_writev+0x89/0xc0 [ 186.815174] [] do_writev+0xe9/0x260 [ 186.820487] [] ? vfs_writev+0xc0/0xc0 [ 186.825931] [] ? SyS_clock_settime+0x230/0x230 [ 186.832150] [] ? SyS_readv+0x30/0x30 [ 186.837506] [] SyS_writev+0x28/0x30 [ 186.842772] [] do_syscall_64+0x1ad/0x570 [ 186.848490] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 186.855400] [ 186.857045] Allocated by task 4698: [ 186.860696] save_stack_trace+0x16/0x20 [ 186.864666] kasan_kmalloc.part.0+0x62/0xf0 [ 186.868977] kasan_kmalloc+0xb7/0xd0 [ 186.872695] kasan_slab_alloc+0xf/0x20 [ 186.876573] kmem_cache_alloc+0xd5/0x2b0 [ 186.880628] skb_clone+0x122/0x2a0 [ 186.884164] ip_check_defrag+0x2d9/0x5b0 [ 186.888218] packet_rcv_fanout+0x51e/0x5f0 [ 186.892443] __netif_receive_skb_core+0x9c3/0x2990 [ 186.897384] __netif_receive_skb+0x58/0x1c0 [ 186.901698] process_backlog+0x1e8/0x610 [ 186.905752] net_rx_action+0x3aa/0xdd0 [ 186.909633] __do_softirq+0x22d/0x964 [ 186.913416] [ 186.915051] Freed by task 4698: [ 186.918325] save_stack_trace+0x16/0x20 [ 186.922286] kasan_slab_free+0xb0/0x190 [ 186.926265] kmem_cache_free+0xbe/0x310 [ 186.930229] kfree_skbmem+0x9f/0x100 [ 186.933944] kfree_skb+0xd4/0x350 [ 186.937390] ip_defrag+0x620/0x3bc0 [ 186.941007] ip_check_defrag+0x3d6/0x5b0 [ 186.945062] packet_rcv_fanout+0x51e/0x5f0 [ 186.949288] __netif_receive_skb_core+0x9c3/0x2990 [ 186.954209] __netif_receive_skb+0x58/0x1c0 [ 186.958519] process_backlog+0x1e8/0x610 [ 186.962577] net_rx_action+0x3aa/0xdd0 [ 186.966473] __do_softirq+0x22d/0x964 [ 186.970263] [ 186.971885] The buggy address belongs to the object at ffff8801c604ac80 [ 186.971885] which belongs to the cache skbuff_head_cache of size 224 [ 186.985056] The buggy address is located 156 bytes inside of [ 186.985056] 224-byte region [ffff8801c604ac80, ffff8801c604ad60) [ 186.996918] The buggy address belongs to the page: [ 187.001846] page:ffffea0007181280 count:1 mapcount:0 mapping: (null) index:0x0 [ 187.010108] flags: 0x4000000000000080(slab) [ 187.014415] page dumped because: kasan: bad access detected [ 187.019218] audit: type=1400 audit(1549139327.379:15): avc: denied { create } for pid=4693 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [ 187.044153] [ 187.045765] Memory state around the buggy address: [ 187.050667] ffff8801c604ac00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 187.058000] ffff8801c604ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 187.065341] >ffff8801c604ad00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 187.066590] audit: type=1400 audit(1549139327.379:16): avc: denied { write } for pid=4693 comm="syz-executor1" path="socket:[10205]" dev="sockfs" ino=10205 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [ 187.100534] ^ 20:28:48 executing program 3: [ 187.104670] ffff8801c604ad80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 187.112008] ffff8801c604ae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 187.119390] ================================================================== [ 187.126733] Disabling lock debugging due to kernel taint [ 187.132213] Kernel panic - not syncing: panic_on_warn set ... [ 187.132213] [ 187.139568] CPU: 0 PID: 4698 Comm: syz-executor0 Tainted: G B 4.9.154+ #21 [ 187.147687] ffff8801db6079a8 ffffffff81b47411 ffff8801db607a00 ffffffff82e439da 20:28:48 executing program 3: 20:28:48 executing program 3: [ 187.156252] 00000000ffffffff 0000000000000000 ffffffff824a4c01 ffff8801db607a88 [ 187.164306] ffffffff813f725a 0000000041b58ab3 ffffffff82e35b02 ffffffff813f7081 [ 187.172382] Call Trace: [ 187.174955] [ 187.177014] [] dump_stack+0xc1/0x120 [ 187.182417] [] ? ip_check_defrag+0x571/0x5b0 [ 187.188489] [] panic+0x1d9/0x3bd [ 187.193505] [] ? add_taint.cold+0x16/0x16 [ 187.199293] [] kasan_end_report+0x47/0x4f [ 187.205071] [] kasan_report.cold+0xa9/0x2ba [ 187.211019] [] __asan_report_store4_noabort+0x17/0x20 [ 187.217846] [] ip_check_defrag+0x571/0x5b0 [ 187.223715] [] ? ip_defrag+0x3bc0/0x3bc0 [ 187.229421] [] packet_rcv_fanout+0x51e/0x5f0 [ 187.235471] [] __netif_receive_skb_core+0x9c3/0x2990 [ 187.242210] [] ? dev_loopback_xmit+0x430/0x430 [ 187.248415] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 187.255187] [] ? check_preemption_disabled+0x3c/0x200 [ 187.262020] [] ? process_backlog+0x190/0x610 [ 187.268055] [] __netif_receive_skb+0x58/0x1c0 [ 187.274180] [] process_backlog+0x1e8/0x610 [ 187.280048] [] ? process_backlog+0x190/0x610 [ 187.286080] [] net_rx_action+0x3aa/0xdd0 [ 187.291773] [] ? net_rps_action_and_irq_enable.isra.0+0x130/0x130 [ 187.299645] [] __do_softirq+0x22d/0x964 [ 187.305245] [] do_softirq_own_stack+0x1c/0x30 [ 187.311371] [ 187.313425] [] do_softirq.part.0+0x62/0x70 [ 187.319336] [] do_softirq+0x18/0x20 [ 187.324601] [] netif_rx_ni+0xbe/0x310 [ 187.330030] [] tun_get_user+0xcd2/0x2430 [ 187.335718] [] ? tun_select_queue+0x400/0x400 [ 187.341839] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 187.348583] [] tun_chr_write_iter+0xda/0x190 [ 187.354635] [] do_iter_readv_writev+0x3d9/0x4b0 [ 187.360942] [] ? vfs_iter_write+0x460/0x460 [ 187.366947] [] ? selinux_file_permission+0x85/0x470 [ 187.373619] [] ? security_file_permission+0x8f/0x1f0 [ 187.380350] [] ? rw_verify_area+0xea/0x2b0 [ 187.386208] [] do_readv_writev+0x2ed/0x7a0 [ 187.392066] [] ? vfs_write+0x520/0x520 [ 187.397578] [] ? trace_hardirqs_on+0x10/0x10 [ 187.403612] [] ? check_preemption_disabled+0x3c/0x200 [ 187.410427] [] ? __fget+0x208/0x370 [ 187.415696] [] ? __fget+0x22f/0x370 [ 187.420973] [] ? __fget+0x47/0x370 [ 187.426155] [] vfs_writev+0x89/0xc0 [ 187.431420] [] do_writev+0xe9/0x260 [ 187.436672] [] ? vfs_writev+0xc0/0xc0 [ 187.442099] [] ? SyS_clock_settime+0x230/0x230 [ 187.448305] [] ? SyS_readv+0x30/0x30 [ 187.453640] [] SyS_writev+0x28/0x30 [ 187.458892] [] do_syscall_64+0x1ad/0x570 [ 187.464580] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 187.471814] Kernel Offset: disabled [ 187.475420] Rebooting in 86400 seconds..