[ 58.360047][ T26] audit: type=1800 audit(1572937871.122:25): pid=8866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 58.394560][ T26] audit: type=1800 audit(1572937871.122:26): pid=8866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 58.415955][ T26] audit: type=1800 audit(1572937871.122:27): pid=8866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 59.177846][ T8932] sshd (8932) used greatest stack depth: 22888 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.245' (ECDSA) to the list of known hosts. 2019/11/05 07:11:21 fuzzer started 2019/11/05 07:11:23 dialing manager at 10.128.0.26:42879 2019/11/05 07:11:23 syscalls: 2566 2019/11/05 07:11:23 code coverage: enabled 2019/11/05 07:11:23 comparison tracing: enabled 2019/11/05 07:11:23 extra coverage: extra coverage is not supported by the kernel 2019/11/05 07:11:23 setuid sandbox: enabled 2019/11/05 07:11:23 namespace sandbox: enabled 2019/11/05 07:11:23 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/05 07:11:23 fault injection: enabled 2019/11/05 07:11:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/05 07:11:23 net packet injection: enabled 2019/11/05 07:11:23 net device setup: enabled 2019/11/05 07:11:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/05 07:11:23 devlink PCI setup: PCI device 0000:00:10.0 is not available 07:13:28 executing program 0: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000300)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0)=0x20008088) ftruncate(r1, 0x2081fc) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x103042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0xf642e7e) fsetxattr$security_capability(r3, &(0x7f0000000340)='security.capability\x00', 0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000008300)={0x0, 0x989680}) 07:13:28 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000040)="120000001200e7ef007b0000b979c93343b9", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) recvmmsg(r0, &(0x7f00000020c0), 0x320, 0x0, &(0x7f0000003700)={0x77359400}) syzkaller login: [ 196.136121][ T9035] IPVS: ftp: loaded support on port[0] = 21 07:13:29 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, &(0x7f0000000140)=""/177) [ 196.362573][ T9038] IPVS: ftp: loaded support on port[0] = 21 [ 196.368943][ T9035] chnl_net:caif_netlink_parms(): no params data found [ 196.487887][ T9035] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.495007][ T9035] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.517976][ T9035] device bridge_slave_0 entered promiscuous mode [ 196.548131][ T9035] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.555301][ T9035] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.567296][ T9035] device bridge_slave_1 entered promiscuous mode 07:13:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_int(r1, 0x0, 0x5, &(0x7f0000000040)=0x10000, 0x4) [ 196.610934][ T9035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.638103][ T9035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.689789][ T9035] team0: Port device team_slave_0 added [ 196.705518][ T9035] team0: Port device team_slave_1 added [ 196.735363][ T9040] IPVS: ftp: loaded support on port[0] = 21 [ 196.828554][ T9035] device hsr_slave_0 entered promiscuous mode [ 196.857537][ T9035] device hsr_slave_1 entered promiscuous mode 07:13:29 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x70, 0x0, 0xffffffb6}}], 0x400000000000077, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000300), 0x30e, 0x4f38) [ 196.951714][ T9043] IPVS: ftp: loaded support on port[0] = 21 [ 196.958044][ T9038] chnl_net:caif_netlink_parms(): no params data found [ 197.158178][ T9035] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.166425][ T9035] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.174373][ T9035] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.181525][ T9035] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.204064][ T9038] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.214240][ T9038] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.223834][ T9038] device bridge_slave_0 entered promiscuous mode 07:13:30 executing program 5: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000600)=""/164, 0x21c}], 0x1, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0/file0\x00', 0x0, 0x0, 0x8e56b071b577b247, 0x0) mount$fuseblk(0x0, &(0x7f0000000200)='./file0/file0\x00', 0x0, 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000780), 0xfdd2) write$FUSE_INIT(r0, &(0x7f0000000140)={0x50, 0x0, 0x1}, 0x50) mount(0x0, &(0x7f00000017c0)='./file0/file0\x00', 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000001840), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000380)={0x90, 0x0, 0x3, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x85eb}}}, 0x90) [ 197.256446][ T9045] IPVS: ftp: loaded support on port[0] = 21 [ 197.299423][ T9038] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.309163][ T9038] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.317529][ T9038] device bridge_slave_1 entered promiscuous mode [ 197.340652][ T9040] chnl_net:caif_netlink_parms(): no params data found [ 197.385453][ T2522] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.406161][ T2522] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.473912][ T9043] chnl_net:caif_netlink_parms(): no params data found [ 197.491247][ T9038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.502899][ T9038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.524562][ T9049] IPVS: ftp: loaded support on port[0] = 21 [ 197.564960][ T9038] team0: Port device team_slave_0 added [ 197.585526][ T9040] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.592943][ T9040] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.603079][ T9040] device bridge_slave_0 entered promiscuous mode [ 197.611131][ T9040] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.618378][ T9040] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.626439][ T9040] device bridge_slave_1 entered promiscuous mode [ 197.642375][ T9038] team0: Port device team_slave_1 added [ 197.714450][ T9043] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.722580][ T9043] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.730529][ T9043] device bridge_slave_0 entered promiscuous mode [ 197.747113][ T9040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.809482][ T9038] device hsr_slave_0 entered promiscuous mode [ 197.846784][ T9038] device hsr_slave_1 entered promiscuous mode [ 197.886507][ T9038] debugfs: Directory 'hsr0' with parent '/' already present! [ 197.901036][ T9043] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.912357][ T9043] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.920503][ T9043] device bridge_slave_1 entered promiscuous mode [ 197.930720][ T9045] chnl_net:caif_netlink_parms(): no params data found [ 197.940772][ T9040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.992011][ T9043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.006965][ T9035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.022677][ T9043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.040366][ T9040] team0: Port device team_slave_0 added [ 198.072421][ T9040] team0: Port device team_slave_1 added [ 198.100200][ T9045] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.108465][ T9045] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.116717][ T9045] device bridge_slave_0 entered promiscuous mode [ 198.124420][ T9045] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.132363][ T9045] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.140417][ T9045] device bridge_slave_1 entered promiscuous mode [ 198.151247][ T9043] team0: Port device team_slave_0 added [ 198.163986][ T9043] team0: Port device team_slave_1 added [ 198.175455][ T9035] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.228366][ T9040] device hsr_slave_0 entered promiscuous mode [ 198.266580][ T9040] device hsr_slave_1 entered promiscuous mode [ 198.316362][ T9040] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.332654][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.341229][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.353997][ T9045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.370975][ T9045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.439208][ T9043] device hsr_slave_0 entered promiscuous mode [ 198.466761][ T9043] device hsr_slave_1 entered promiscuous mode [ 198.536362][ T9043] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.594570][ T9049] chnl_net:caif_netlink_parms(): no params data found [ 198.645421][ T9045] team0: Port device team_slave_0 added [ 198.651678][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.661337][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.670111][ T2522] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.677223][ T2522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.684955][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.694623][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.703143][ T2522] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.710399][ T2522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.719280][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.728277][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.760187][ T9045] team0: Port device team_slave_1 added [ 198.783928][ T9049] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.792364][ T9049] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.802624][ T9049] device bridge_slave_0 entered promiscuous mode [ 198.813233][ T9049] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.820557][ T9049] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.829117][ T9049] device bridge_slave_1 entered promiscuous mode [ 198.870003][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.880601][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.889648][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 198.904975][ T9035] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 198.916118][ T9035] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 198.932698][ T9049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.989496][ T9045] device hsr_slave_0 entered promiscuous mode [ 199.046860][ T9045] device hsr_slave_1 entered promiscuous mode [ 199.106445][ T9045] debugfs: Directory 'hsr0' with parent '/' already present! [ 199.114483][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.123343][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.132539][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.141049][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.150084][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.158602][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.169465][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.193183][ T9049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.229132][ T9049] team0: Port device team_slave_0 added [ 199.238429][ T9049] team0: Port device team_slave_1 added [ 199.264140][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 199.271902][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 199.283278][ T9035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.311098][ T9038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.350393][ T9038] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.368674][ T9048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.376584][ T9048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.449012][ T9049] device hsr_slave_0 entered promiscuous mode [ 199.486870][ T9049] device hsr_slave_1 entered promiscuous mode [ 199.526428][ T9049] debugfs: Directory 'hsr0' with parent '/' already present! [ 199.554148][ T9048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.562817][ T9048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.571967][ T9048] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.579088][ T9048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.587212][ T9048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.653608][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.662865][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.671422][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.678517][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.686056][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.695496][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.704362][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.712990][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.751922][ T9038] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 199.763476][ T9038] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 199.783057][ T9043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.803965][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.813535][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.822740][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.831766][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.846071][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.855667][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.864682][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.904319][ T9043] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.920336][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.929490][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 199.937437][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 199.944946][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.953682][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.970858][ T9038] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.985995][ T9045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.019844][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.029106][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.042931][ T86] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.050123][ T86] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.074751][ T9045] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.098342][ T9040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.114886][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.123436][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.133871][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.148382][ T3777] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.155467][ T3777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.163966][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.173188][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.182647][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.190972][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.224289][ T9040] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.239670][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.254960][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.265245][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.284199][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.293703][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.309559][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.319037][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.328553][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.337813][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.346982][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.355405][ T86] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.362545][ T86] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.371647][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.381038][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.390019][ T86] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.397163][ T86] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.405058][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.414490][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.423014][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.432820][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.441759][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.452371][ T9043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.495048][ T9049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.515946][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.533696][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.555255][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.565690][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.587833][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.601709][ T3777] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.608910][ T3777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.626493][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.635377][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.651099][ T3777] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.658286][ T3777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.673195][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.682616][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.700366][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.711616][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.725236][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.750024][ T9045] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 200.770275][ T9045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.792983][ C0] hrtimer: interrupt took 44700 ns 07:13:33 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x1002) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) [ 200.806051][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.822764][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.851843][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.862484][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.872187][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.882338][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.894199][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 07:13:33 executing program 1: [ 200.903780][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.914130][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.932360][ T9049] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.989416][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.007612][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.015417][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.037479][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.045995][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.056831][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.065367][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.077273][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 07:13:33 executing program 1: [ 201.084805][ T3777] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.113213][ T9043] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.144111][ T9040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.161145][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.197157][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.205664][ T17] bridge0: port 1(bridge_slave_0) entered blocking state 07:13:34 executing program 1: [ 201.212874][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.260997][ T9045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.307447][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.315521][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.337054][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 07:13:34 executing program 1: [ 201.350038][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.368234][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.386930][ T86] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.394055][ T86] bridge0: port 2(bridge_slave_1) entered forwarding state 07:13:34 executing program 1: [ 201.421645][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.447923][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.470958][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.491467][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.500280][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.515729][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.543561][ T9049] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 201.594515][ T9049] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.626381][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.634425][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 07:13:34 executing program 1: 07:13:34 executing program 0: [ 201.643068][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.660854][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.676494][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.690468][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.720597][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.746911][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.758833][ T9040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.793172][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.813265][ T86] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.834271][ T9049] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.153787][ T9124] mmap: syz-executor.2 (9124) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 07:13:35 executing program 2: 07:13:35 executing program 1: 07:13:35 executing program 0: 07:13:35 executing program 5: 07:13:35 executing program 3: 07:13:35 executing program 4: 07:13:35 executing program 1: 07:13:35 executing program 0: 07:13:35 executing program 2: 07:13:35 executing program 2: 07:13:35 executing program 1: 07:13:35 executing program 0: openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000440), 0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r0, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b) 07:13:35 executing program 4: clone(0xdfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) getpid() r0 = gettid() tkill(r0, 0x15) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0xbb8) 07:13:35 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$unix(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x81000) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, 0x0, 0x0) r3 = dup2(r2, r0) sendmsg$netlink(r3, &(0x7f0000028fc8)={0x0, 0x0, &(0x7f0000019000)=[{&(0x7f00000001c0)=ANY=[@ANYRES64], 0x1}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="14000000010000000100000001000000", @ANYRES32=r0], 0x14}, 0x0) recvmmsg(r1, &(0x7f0000006180)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/242, 0xf2}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)) connect$unix(0xffffffffffffffff, 0x0, 0x0) 07:13:36 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x80000000b9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="16bc9ae9c65c60926c47aecc6a5b78d0c78ae5066997872e8966e2aa4ab3e0aaa4510fc3455c8daab57764876bd48faac1900080f37474c43501f96c3402deeef9616fb8fb977b25ad6c29502f4eaf22cf94d7d46f8743ebf614720963ec1bde5896da0c39055f2722a5989e67e425550d74d93f329bcf11b03391e511646d023f199a4d91ba88f0f1e86cb0e9df5f6da6444766efb7e4dba559aca0de91f3432d1592ab00dae15e9c7142d78d395502e47892daef22ff293d13b3b1eaad973a"], 0xc0) mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='rpc_pipefs\x00', 0x4, &(0x7f00000003c0)=':\\+\x06selinuxcpuset%\x00') sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f00000004c0)=0x80, 0x4) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, 0x0, 0x0) r4 = socket(0x100000000011, 0x2, 0x0) bind(r4, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000240)={0x11, 0x0, 0x0}, &(0x7f00000002c0)=0xfeeb) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, 0x0, 0x0) bind$xdp(r3, &(0x7f0000000900)={0x2c, 0x8, r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x80000001, 0x64, &(0x7f0000000440)=""/100, 0x41000, 0x6, [], r5, 0x11, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x4, 0x1}, 0x8, 0x10, 0x0}, 0x70) readv(0xffffffffffffffff, 0x0, 0x0) 07:13:36 executing program 1: getpid() sched_setscheduler(0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x2de, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0xc4b, 0x0, 0x800, 0x0, 0x0, 0x9, 0x4ce]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:13:36 executing program 2: perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440), 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00') r1 = gettid() tkill(r1, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) fstat(r2, 0x0) ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) symlink(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00') write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r5, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) set_thread_area(&(0x7f0000000400)={0x7, 0x20001800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}) [ 203.489507][ T9172] devpts: called with bogus options 07:13:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x1}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 203.521986][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 203.522002][ T26] audit: type=1804 audit(1572938016.282:31): pid=9172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir605712252/syzkaller.o6Fkku/4/file0" dev="sda1" ino=16542 res=1 [ 203.591021][ T9175] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 07:13:36 executing program 0: write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) socket$inet6(0xa, 0x2, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x2000, 0x3, 0x0, 0x0, 0xdf}, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 203.712540][ T9160] rpc_pipefs: Unknown parameter ':\+selinuxcpuset%' 07:13:36 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:36 executing program 5: open(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x0, 0x0, [0x55]}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) listxattr(0x0, &(0x7f0000000280)=""/110, 0x6e) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000002180)=0xfc, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) statfs(0x0, &(0x7f00000004c0)=""/36) sendto$inet6(r0, &(0x7f0000000080)="030400000a00600003000000fff57b016d2763bd56373780398d537500e50602591f031ee616d5c0184374a7ffe4ec55e0654786a70100935ba514d40808efa000801600002fd08d49a47eff71bc4131fe4c1f99bf00a900000008d1843e770afd6e9ef5837dbd0000000053", 0x306c, 0x4000002, 0x0, 0x2ff) [ 204.164855][ T9172] devpts: called with bogus options [ 204.170622][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 204.170763][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 204.406600][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 204.412621][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 204.693554][ T9208] sp0: Synchronizing with TNC 07:13:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCSETAF(r0, 0x5412, &(0x7f0000000000)) 07:13:37 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:37 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) [ 205.046308][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 205.052254][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 205.366293][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 205.372245][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 205.766339][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 205.772278][ C1] protocol 88fb is buggy, dev hsr_slave_1 07:13:38 executing program 0: ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000002180)=0xfc, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) sendto$inet6(r0, &(0x7f0000000080)="030400000a03600003000000fff57b016d2763bd56373780398d537500e50602591f031ee616d5c0184374a7ffe4ec55e0654786a70100935ba514d40808efa000801600002fd08d49a47eff71bc4131fe4c1f99bf00a900000008d1843e770afd6e9ef5837dbd0000000053", 0x306c, 0x4000002, 0x0, 0x2ff) 07:13:38 executing program 3: 07:13:38 executing program 3: 07:13:38 executing program 2: 07:13:38 executing program 5: 07:13:38 executing program 2: [ 206.213508][ T9208] sp0: Synchronizing with TNC 07:13:39 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:39 executing program 3: 07:13:39 executing program 2: 07:13:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TCSETAF(r0, 0x5412, &(0x7f0000000000)) 07:13:39 executing program 0: 07:13:39 executing program 3: 07:13:39 executing program 2: 07:13:39 executing program 5: 07:13:39 executing program 2: 07:13:39 executing program 0: 07:13:39 executing program 3: 07:13:39 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:39 executing program 5: 07:13:39 executing program 4: 07:13:39 executing program 2: 07:13:39 executing program 3: 07:13:39 executing program 0: 07:13:39 executing program 4: 07:13:40 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:40 executing program 0: 07:13:40 executing program 2: 07:13:40 executing program 3: 07:13:40 executing program 5: 07:13:40 executing program 4: 07:13:40 executing program 0: 07:13:40 executing program 3: 07:13:40 executing program 2: 07:13:40 executing program 5: 07:13:40 executing program 4: 07:13:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) ioctl$CAPI_GET_MANUFACTURER(0xffffffffffffffff, 0xc0044306, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000600)=0x4, 0x4) read(r0, 0x0, 0x0) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x1, &(0x7f0000000540), 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r2 = dup3(0xffffffffffffffff, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000000c0), 0x4) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:40 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000080), 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) ioctl$CAPI_GET_MANUFACTURER(0xffffffffffffffff, 0xc0044306, &(0x7f0000000140)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x1, &(0x7f0000000540), 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40405515, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x400, '\x00', 0x4000000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000000), 0x0}, 0x20) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:41 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) listen(r1, 0x3) accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000000c0)={'team0\x00', r2}) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg$inet(r0, &(0x7f00000021c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x779}}], 0x18}}], 0x2, 0x0) 07:13:41 executing program 2: r0 = socket(0x40000000000001e, 0x2000000000000805, 0x0) sendmsg$tipc(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{}, 0x4}}, 0x10, 0x0}, 0x0) 07:13:41 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) ioctl$CAPI_GET_MANUFACTURER(0xffffffffffffffff, 0xc0044306, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000600)=0x4, 0x4) read(r0, 0x0, 0x0) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x1, &(0x7f0000000540), 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r2 = dup3(0xffffffffffffffff, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000000c0), 0x4) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:41 executing program 0: r0 = gettid() prctl$PR_SVE_SET_VL(0x32, 0x1e0e6) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f0000044000)) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x80) openat$cgroup_type(r1, &(0x7f00000000c0)='cgroup.type\x00', 0x2, 0x0) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x1000000000015) 07:13:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") r1 = socket$inet(0x10, 0x2, 0x0) sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="24000000180007841dfffd946f6105000a0081001f038b0504000800080015000a00ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7ef", 0x4a}], 0x1}, 0x0) 07:13:41 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x9, 0x0, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x4]}, 0x14}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)='\f', 0x1}], 0x1}, 0xfec0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 208.927380][ T9361] fuse: Bad value for 'fd' [ 208.945523][ T9373] netlink: 'syz-executor.2': attribute type 21 has an invalid length. 07:13:41 executing program 5: 07:13:41 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:41 executing program 2: 07:13:42 executing program 0: 07:13:42 executing program 5: 07:13:42 executing program 2: [ 209.425091][ T9395] fuse: Bad value for 'fd' 07:13:42 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e2bcfe87b3071") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha1-generic)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$inet6(r2, &(0x7f0000005f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8005) accept$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x0) 07:13:42 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) ioctl$CAPI_GET_MANUFACTURER(0xffffffffffffffff, 0xc0044306, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000600)=0x4, 0x4) read(r0, 0x0, 0x0) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x1, &(0x7f0000000540), 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r2 = dup3(0xffffffffffffffff, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000000c0), 0x4) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:42 executing program 2: 07:13:42 executing program 4: 07:13:42 executing program 0: 07:13:42 executing program 2: 07:13:42 executing program 5: 07:13:42 executing program 4: [ 209.913720][ T9416] fuse: Bad value for 'fd' 07:13:42 executing program 0: 07:13:42 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x2000, 0x0) 07:13:42 executing program 3: 07:13:42 executing program 2: 07:13:42 executing program 4: 07:13:42 executing program 0: 07:13:42 executing program 5: 07:13:43 executing program 3: 07:13:43 executing program 2: 07:13:43 executing program 4: 07:13:43 executing program 0: 07:13:43 executing program 3: 07:13:43 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x2000, 0x0) 07:13:43 executing program 5: 07:13:43 executing program 0: 07:13:43 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x378}], 0x100000c7, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r2, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) 07:13:43 executing program 4: r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f0000000180)="2200000021000707000000000900e4010a00001e00000000ff080400050015800341", 0x22) 07:13:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2900000018001900003fcdffffffda0602007a00fde8ff00084000040d0005000005000000060000ff", 0x29}], 0x1) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 07:13:43 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x8000002}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='dctcp\x00', 0x6) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b10") ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000140)={'lo\x00\x00\xe7\xff\x03\x00\x00\x00\x00\x06\x00', 0xfd}) sendto$packet(r0, &(0x7f0000000340), 0xfffffffffffffd72, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) 07:13:43 executing program 0: mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x103042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f00000004c0)={0x0, 0x0, 0x0, 'queue1\x00'}) r2 = socket$inet(0x10, 0x10000000003, 0x9) r3 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r2, 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16, @ANYRES16], 0x2}, 0x1, 0x0, 0x0, 0x840}, 0x60) sendmsg$TIPC_CMD_RESET_LINK_STATS(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {{}, 0x0, 0x410c, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", "", ""]}, 0x30}}, 0x44001) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000000680)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x9c4cbe1719c1956e}, 0xc, 0x0}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) syslog(0x2, &(0x7f00000001c0)=""/36, 0x24) 07:13:43 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x2000, 0x0) [ 210.746671][ T9469] netlink: 'syz-executor.3': attribute type 5 has an invalid length. 07:13:43 executing program 4: write$P9_RSTAT(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x40000000011, 0xffffffffffffffff, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0xd0800, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000000)=0x2) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f0000000040)={0x401, 0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x0) socket$packet(0x11, 0x0, 0x300) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 07:13:43 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf6\x17s\'C\xe3\x97\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00()\x89\xe5\x14^W\x86\xa3\x14K|\x0e\xfe-\x9d\xbe\xca`\n\x1a', 0x275a, 0x0) write$P9_RSTAT(r0, &(0x7f0000000080)=ANY=[@ANYPTR], 0x8) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7fffff, 0x40000000011, r0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2a9, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}]}) 07:13:43 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, &(0x7f0000000140)=""/177) 07:13:44 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:44 executing program 2: 07:13:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2900000018001900003fcdffffffda0602007a00fde8ff00084000040d0005000005000000060000ff", 0x29}], 0x1) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 07:13:44 executing program 0: 07:13:44 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x0, 0x8d}, 0x0) pipe(&(0x7f0000000180)) bind$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="65ed59501ed8"}, 0x14) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="480000001500197f09004b0101048c590188ffffcf5d3474ff9240e10520613057fff7e07900e0413ff26bb452cf9e8a62bf5b3b8c3cfe5f0028213ee22600d4ff5bffff9b226452", 0x48}], 0x1) [ 211.435734][ T9512] netlink: 'syz-executor.3': attribute type 5 has an invalid length. 07:13:44 executing program 0: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000000)='debugfs\x00', 0x1010055, 0x0) open$dir(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xe86559fb9f1020a, 0x0) 07:13:44 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0) 07:13:44 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/packet\x00') perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$char_usb(r0, 0x0, 0x0) 07:13:44 executing program 0: perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440), 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) bind$inet6(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00') r0 = gettid() tkill(r0, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) fstat(r1, &(0x7f0000000740)) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x4000000000000be, 0x0, 0x0) rename(0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) symlink(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00') fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r7, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4), 0x1c) dup3(r6, r3, 0x0) set_thread_area(&(0x7f0000000400)={0x7, 0x20001800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}) 07:13:44 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) write(r2, &(0x7f0000002000)='/', 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0) 07:13:44 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) gettid() socket$kcm(0x2b, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e0000003300050ad25a80648c6356c10324fc004000000016000900053582c1b0acea8b0900098004021700d1bd", 0x2e}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8916, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00'}) [ 211.892992][ T9534] devpts: called with bogus options 07:13:44 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) [ 211.942603][ T26] audit: type=1804 audit(1572938024.702:32): pid=9534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir922907558/syzkaller.auepN6/27/file0" dev="sda1" ino=16520 res=1 [ 211.977682][ T9542] netlink: 'syz-executor.5': attribute type 9 has an invalid length. 07:13:44 executing program 2: symlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') execve(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) lstat(0x0, 0x0) stat(0x0, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, 0x0) rt_sigreturn() open$dir(0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) setns(0xffffffffffffffff, 0x20000000) statx(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x0, 0x0, 0x0) [ 212.012397][ T9542] netlink: 'syz-executor.5': attribute type 9 has an invalid length. 07:13:44 executing program 4: socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0xc0a, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = timerfd_create(0x0, 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r3, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_free(0xffffffffffffffff) 07:13:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2900000018001900003fcdffffffda0602007a00fde8ff00084000040d0005000005000000060000ff", 0x29}], 0x1) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 07:13:45 executing program 5: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x100000c, 0x72, 0xffffffffffffffff, 0x0) clone(0xdff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet(0x10, 0x3, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) futex(&(0x7f00000011c0), 0x89, 0x0, 0x0, 0x0, 0x1) 07:13:45 executing program 2: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001400)=ANY=[@ANYBLOB="d3d2b93c38f102cd80"], 0x9}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}, {}], "25cdfbdef6eeb90cac5a93f8d6282ad05d8de9531b2f6baa96d0d6c8c781789eae1dfb5b03d4d476e4963313f0058cf5b4"}, 0xa9) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="eabe9f303b222957eecbc624877c825210c28f5e87a648203b91e7f1ffd7e4ab569f0008000000000000cdcf9482c1f0d81a590ed76f2c4af37b9000000023d61ca62ef8d48f42ffd113acf060c105020d4862fc399eaa05000000b6510490b0f420326bcc4e2b65e7c68bacee7877a6274a7be89a7d527a2a8a03a722ffa87ec2dfec4758b0245bbcc9c5e726fea942494855d4bd3388070000000000005400000000000000000000000000000000000063b5d1c7b194133ebd97876d9dc49a0cb0814d5d64ad241abe145ccfa3648b1f37351eb367a3120454c33e4426e43846acd92068cc9dd0317d055d5721f6f5d1b5"], 0x0, 0xf2}, 0x20) tkill(r0, 0x39) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:13:45 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f00000000c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='mountinfo\x00\x8e\x81\xb0`bk\r\xa1\x85\x9f4,!\rh\xf2\x1fP\xc6\xab\x9c\xde\x1d\xbc\x8d\xe7\x99\xcb\xca\auU\xf8=\xd5\xf5\x17\x9b\xd3f\xe8\xc5\xb0\xabP\x82\x9b\xc0\xd5\xd26j\x8f\xe1\xdc\x05\xac\t\x86\x03U\xd3\x93\xac\xde>') sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5) syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x615309f76a24d079) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000040), &(0x7f0000000280)=0x1cf9c996248620f8) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000000)=0x1, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000a00)={0x0, 0x989680}, &(0x7f0000048000), 0x0) mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x3, 0x4032, 0xffffffffffffffff, 0x0) exit(0x0) 07:13:45 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) [ 212.518779][ T9568] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 212.556559][ T9574] ptrace attach of "/root/syz-executor.2"[9573] was attempted by "/root/syz-executor.2"[9574] 07:13:45 executing program 2: creat(&(0x7f00000000c0)='./file0\x00', 0x109) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="000000f21301ce646ba1a34578d3abdf1e1556670180050000000000678c679b445c52"], 0x1}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 07:13:45 executing program 0: perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440), 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) bind$inet6(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00') r0 = gettid() tkill(r0, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) fstat(r1, &(0x7f0000000740)) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x4000000000000be, 0x0, 0x0) rename(0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) symlink(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00') fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r7, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4), 0x1c) dup3(r6, r3, 0x0) set_thread_area(&(0x7f0000000400)={0x7, 0x20001800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}) [ 212.672139][ T9548] devpts: called with bogus options [ 212.824516][ T9588] devpts: called with bogus options 07:13:45 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:45 executing program 0: perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440), 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) bind$inet6(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00') r0 = gettid() tkill(r0, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) fstat(r1, &(0x7f0000000740)) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x4000000000000be, 0x0, 0x0) rename(0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) symlink(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00') fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r7, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4), 0x1c) dup3(r6, r3, 0x0) set_thread_area(&(0x7f0000000400)={0x7, 0x20001800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}) 07:13:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2900000018001900003fcdffffffda0602007a00fde8ff00084000040d0005000005000000060000ff", 0x29}], 0x1) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 213.031854][ T9597] netlink: 'syz-executor.3': attribute type 5 has an invalid length. 07:13:45 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) [ 213.137021][ T9600] devpts: called with bogus options 07:13:45 executing program 4: open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="400000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000200012000c000100626f6e6400000000100002fd4e37b5000000000e32000002d246d3a05d490e5426eeb57ad4dd54077affe26a4b75c9a3d8b15cc0cdc2949a99f13fbab36a3b085e7c195ae8e3f9fb9155d715f6089c78f6e7d4d89a65ca14bc2cd5f31cace61ad9c96305544b4f766359fd143f8567eaaf7a46c4c72566fce3db06290ac124d950988e0fefecd5de4befd4cb4b433b8067b6bb7610ef28064d561092a9298849d8870fe2b8b5e6119b075b7f2daf2751e92bb92d6d086dbeea826989894beebc3b620244805cae0e2d7f0afe36db737cf47f1ef8d450cfd0804c8bdb965a0efa278aa397f31ef1a7eb30ac37a57fae4bae739431fbcf909ab12b7c94ba5a6a8fdd6830ed0961c80dbf00000000000026800000007dc0a84aaea5c4eb931f3b8ceaf1328fda860919e46218e5dfc94b4fd2ff461b7a047c09e65d741c32b49c235c0fce63fa160bdf4f46b8932b25aded63dbda3d3d169d6e16c6ccdb72720b648c04b805f242d99ed8e75518f5248c699ca2016a38b226481b936400ff21576852fabf5f29"], 0x40}}, 0x0) r1 = getpid() tkill(r1, 0x9) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, &(0x7f0000000080)={0x2, 0x20, 0x0, 0x7fff, 0x1000}) lgetxattr(0x0, 0x0, &(0x7f0000000200)=""/86, 0x56) [ 213.158315][ T26] audit: type=1804 audit(1572938025.922:33): pid=9600 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir922907558/syzkaller.auepN6/29/file0" dev="sda1" ino=16599 res=1 07:13:46 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') open(0x0, 0x0, 0x0) r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xa) setreuid(0x0, r1) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)) 07:13:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2900000018001900003fcdffffffda0602007a00fde8ff00084000040d0005000005000000060000ff", 0x29}], 0x1) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 07:13:46 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:46 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000001c0)='./file0\x00', 0x0, 0x2001001, 0x0) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x100032, 0x0) 07:13:46 executing program 4: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) 07:13:47 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind(r0, &(0x7f0000000000)=@in6={0x16, 0x1c, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0x1c, 0x1c, 0x2}, 0x1c) 07:13:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2900000018001900003fcdffffffda0602007a00fde8ff00084000040d0005000005000000060000ff", 0x29}], 0x1) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 07:13:47 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:47 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0xfffffd6b, &(0x7f0000000000)=[{&(0x7f0000000140)="2e0000003300050ad25a80648c6394fb0324fc0010000b400c00020a053582c137153e370a00018006001700d1bd", 0x2e}], 0x1}, 0x0) 07:13:47 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='hugetlbfs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 07:13:47 executing program 1: mkdir(0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) splice(r1, 0x0, r0, 0x0, 0x2000, 0x0) 07:13:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2900000018001900003fcdffffffda0602007a00fde8ff00084000040d0005000005000000060000ff", 0x29}], 0x1) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 07:13:47 executing program 0: gettid() tkill(0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0xbb8) 07:13:47 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='hugetlbfs\x00', 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 07:13:47 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x80000000b9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) syz_open_dev$vcsn(0x0, 0x101, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xa) setresuid(0x0, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f00000015c0)={{}, {}, [{0x2, 0x4}, {0x2, 0x2}, {0x2, 0x1}, {0x2, 0x2}, {0x2, 0x2}, {}], {}, [{}], {0x10, 0x6}}, 0x5c, 0x0) [ 217.766606][ T1080] INFO: task khugepaged:1087 blocked for more than 143 seconds. [ 217.774545][ T1080] Not tainted 5.4.0-rc5-next-20191031 #0 [ 217.780815][ T1080] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 217.789540][ T1080] khugepaged D27376 1087 2 0x80004000 [ 217.795884][ T1080] Call Trace: [ 217.799245][ T1080] __schedule+0x94a/0x1e70 [ 217.803680][ T1080] ? __sched_text_start+0x8/0x8 [ 217.808613][ T1080] ? blk_insert_cloned_request+0x530/0x530 [ 217.814434][ T1080] schedule+0xdc/0x2b0 [ 217.818570][ T1080] io_schedule+0x1c/0x70 [ 217.822826][ T1080] __lock_page+0x422/0xab0 [ 217.827315][ T1080] ? wait_on_page_bit+0xa60/0xa60 [ 217.832350][ T1080] ? page_cache_next_miss+0x340/0x340 [ 217.837860][ T1080] ? ___might_sleep+0x163/0x2c0 [ 217.842742][ T1080] ? __might_sleep+0x95/0x190 [ 217.847853][ T1080] mpage_prepare_extent_to_map+0xb3f/0xf90 [ 217.853674][ T1080] ? mpage_process_page_bufs+0x780/0x780 [ 217.859374][ T1080] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 217.864933][ T1080] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 217.871013][ T1080] ? __kmalloc_node+0xf/0x70 [ 217.875642][ T1080] ext4_writepages+0x954/0x2e70 [ 217.880567][ T1080] ? scheduler_ipi+0x10c/0x610 [ 217.885373][ T1080] ? ext4_mark_inode_dirty+0x9b0/0x9b0 [ 217.890921][ T1080] ? 0xffffffff81000000 [ 217.895090][ T1080] ? mark_lock+0xc2/0x1220 [ 217.899569][ T1080] ? prep_new_page+0x19f/0x200 [ 217.904349][ T1080] ? wbc_attach_and_unlock_inode+0x514/0x920 [ 217.910434][ T1080] ? find_held_lock+0x35/0x130 [ 217.915226][ T1080] ? wbc_attach_and_unlock_inode+0x515/0x920 [ 217.921305][ T1080] ? ext4_mark_inode_dirty+0x9b0/0x9b0 [ 217.926840][ T1080] do_writepages+0xfa/0x2a0 [ 217.931456][ T1080] ? do_writepages+0xfa/0x2a0 [ 217.936151][ T1080] ? lock_downgrade+0x920/0x920 [ 217.943140][ T1080] ? page_writeback_cpu_online+0x20/0x20 [ 217.948951][ T1080] ? __kasan_check_read+0x11/0x20 [ 217.954008][ T1080] ? do_raw_spin_unlock+0x57/0x270 [ 217.959270][ T1080] ? _raw_spin_unlock+0x28/0x40 [ 217.964151][ T1080] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 217.970500][ T1080] ? wbc_attach_and_unlock_inode+0x5bf/0x920 [ 217.976528][ T1080] __filemap_fdatawrite_range+0x2bc/0x3b0 [ 217.982361][ T1080] ? delete_from_page_cache_batch+0xfe0/0xfe0 [ 217.988516][ T1080] ? lockdep_hardirqs_on+0x421/0x5e0 [ 217.993834][ T1080] filemap_flush+0x24/0x30 [ 217.998321][ T1080] collapse_file+0x36b1/0x41a0 [ 218.003109][ T1080] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 218.009403][ T1080] ? khugepaged+0x21c0/0x4360 [ 218.014097][ T1080] ? trace_event_raw_event_mm_collapse_huge_page_isolate+0x370/0x370 [ 218.022270][ T1080] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 218.028064][ T1080] ? khugepaged_find_target_node+0x142/0x180 [ 218.034058][ T1080] khugepaged+0x2da9/0x4360 [ 218.038633][ T1080] ? __kasan_check_read+0x11/0x20 [ 218.043763][ T1080] ? __lock_acquire+0x16f2/0x4a00 [ 218.048874][ T1080] ? collapse_pte_mapped_thp+0xbe0/0xbe0 [ 218.054541][ T1080] ? lock_downgrade+0x920/0x920 [ 218.059524][ T1080] ? finish_wait+0x260/0x260 [ 218.064568][ T1080] ? lockdep_hardirqs_on+0x421/0x5e0 [ 218.077018][ T1080] ? trace_hardirqs_on+0x67/0x240 [ 218.082118][ T1080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 218.088416][ T1080] ? __kthread_parkme+0x108/0x1c0 [ 218.093510][ T1080] ? __kasan_check_read+0x11/0x20 [ 218.098613][ T1080] kthread+0x361/0x430 [ 218.102699][ T1080] ? collapse_pte_mapped_thp+0xbe0/0xbe0 [ 218.108388][ T1080] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 218.114132][ T1080] ret_from_fork+0x24/0x30 [ 218.119185][ T1080] [ 218.119185][ T1080] Showing all locks held in the system: [ 218.126972][ T1080] 4 locks held by kworker/u4:2/85: [ 218.132083][ T1080] #0: ffff88821b33ed28 ((wq_completion)writeback){+.+.}, at: process_one_work+0x88b/0x1740 [ 218.142258][ T1080] #1: ffff8880a950fdc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 218.153631][ T1080] #2: ffff88809b75c0d8 (&type->s_umount_key#32){++++}, at: trylock_super+0x22/0x110 [ 218.163176][ T1080] #3: ffff88809b75e990 (&sbi->s_journal_flag_rwsem){.+.+}, at: do_writepages+0xfa/0x2a0 [ 218.173137][ T1080] 1 lock held by khungtaskd/1080: [ 218.178229][ T1080] #0: ffffffff88faba40 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 218.187610][ T1080] 1 lock held by khugepaged/1087: [ 218.192635][ T1080] #0: ffff88809b75e990 (&sbi->s_journal_flag_rwsem){.+.+}, at: do_writepages+0xfa/0x2a0 [ 218.202558][ T1080] 1 lock held by rsyslogd/8904: [ 218.207479][ T1080] #0: ffff8880a22d0ae0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 218.216118][ T1080] 2 locks held by getty/8994: [ 218.220850][ T1080] #0: ffff8880a87f0090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 218.229963][ T1080] #1: ffffc90005f392e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 218.239630][ T1080] 2 locks held by getty/8995: [ 218.244309][ T1080] #0: ffff8880a431a090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 218.253502][ T1080] #1: ffffc90005f532e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 218.263166][ T1080] 2 locks held by getty/8996: [ 218.267916][ T1080] #0: ffff8880a12f8090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 218.277143][ T1080] #1: ffffc90005f572e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 218.287638][ T1080] 2 locks held by getty/8997: [ 218.292351][ T1080] #0: ffff8880a1284090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 218.301372][ T1080] #1: ffffc90005f4f2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 218.311033][ T1080] 2 locks held by getty/8998: [ 218.315717][ T1080] #0: ffff8880a53b5090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 218.324758][ T1080] #1: ffffc90005f352e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 218.334508][ T1080] 2 locks held by getty/8999: [ 218.339256][ T1080] #0: ffff888091362090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 218.348262][ T1080] #1: ffffc90005f5b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 218.357910][ T1080] 2 locks held by getty/9000: [ 218.362586][ T1080] #0: ffff88809ebc9090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 218.371620][ T1080] #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 218.381248][ T1080] 1 lock held by syz-executor.5/9628: [ 218.386742][ T1080] #0: ffff88809b75c0d8 (&type->s_umount_key#32){++++}, at: do_mount+0xec2/0x1b50 [ 218.396052][ T1080] [ 218.398591][ T1080] ============================================= [ 218.398591][ T1080] [ 218.407101][ T1080] NMI backtrace for cpu 0 [ 218.411505][ T1080] CPU: 0 PID: 1080 Comm: khungtaskd Not tainted 5.4.0-rc5-next-20191031 #0 [ 218.420074][ T1080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.430179][ T1080] Call Trace: [ 218.433485][ T1080] dump_stack+0x172/0x1f0 [ 218.437824][ T1080] nmi_cpu_backtrace.cold+0x70/0xb2 [ 218.443033][ T1080] ? vprintk_func+0x86/0x189 [ 218.447633][ T1080] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 218.453273][ T1080] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 218.459271][ T1080] arch_trigger_cpumask_backtrace+0x14/0x20 [ 218.465174][ T1080] watchdog+0xc8f/0x1350 [ 218.469420][ T1080] kthread+0x361/0x430 [ 218.473507][ T1080] ? reset_hung_task_detector+0x30/0x30 [ 218.479059][ T1080] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 218.484900][ T1080] ret_from_fork+0x24/0x30 [ 218.489444][ T1080] Sending NMI from CPU 0 to CPUs 1: [ 218.494750][ C1] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0xe/0x10 [ 218.495664][ T1080] Kernel panic - not syncing: hung_task: blocked tasks [ 218.509882][ T1080] CPU: 0 PID: 1080 Comm: khungtaskd Not tainted 5.4.0-rc5-next-20191031 #0 [ 218.518488][ T1080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.528542][ T1080] Call Trace: [ 218.531838][ T1080] dump_stack+0x172/0x1f0 [ 218.536164][ T1080] panic+0x2e3/0x75c [ 218.540082][ T1080] ? add_taint.cold+0x16/0x16 [ 218.544761][ T1080] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 218.550490][ T1080] ? printk_safe_flush+0xf2/0x140 [ 218.555519][ T1080] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.561826][ T1080] ? nmi_trigger_cpumask_backtrace+0x224/0x28b [ 218.567991][ T1080] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 218.574155][ T1080] watchdog+0xca0/0x1350 [ 218.578398][ T1080] kthread+0x361/0x430 [ 218.582479][ T1080] ? reset_hung_task_detector+0x30/0x30 [ 218.588029][ T1080] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 218.593759][ T1080] ret_from_fork+0x24/0x30 [ 218.599607][ T1080] Kernel Offset: disabled [ 218.603959][ T1080] Rebooting in 86400 seconds..