[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   34.715763] audit: type=1800 audit(1556287683.608:33): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   34.741386] audit: type=1800 audit(1556287683.608:34): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   38.587980] random: sshd: uninitialized urandom read (32 bytes read)
[   38.845021] audit: type=1400 audit(1556287687.738:35): avc:  denied  { map } for  pid=7235 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   38.896967] random: sshd: uninitialized urandom read (32 bytes read)
[   39.563423] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts.
[   45.197148] random: sshd: uninitialized urandom read (32 bytes read)
2019/04/26 14:08:14 fuzzer started
[   45.389134] audit: type=1400 audit(1556287694.278:36): avc:  denied  { map } for  pid=7244 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   47.051442] random: cc1: uninitialized urandom read (8 bytes read)
2019/04/26 14:08:16 dialing manager at 10.128.0.105:44877
2019/04/26 14:08:16 syscalls: 2434
2019/04/26 14:08:16 code coverage: enabled
2019/04/26 14:08:16 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/04/26 14:08:16 extra coverage: extra coverage is not supported by the kernel
2019/04/26 14:08:16 setuid sandbox: enabled
2019/04/26 14:08:16 namespace sandbox: enabled
2019/04/26 14:08:16 Android sandbox: /sys/fs/selinux/policy does not exist
2019/04/26 14:08:16 fault injection: enabled
2019/04/26 14:08:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/04/26 14:08:16 net packet injection: enabled
2019/04/26 14:08:16 net device setup: enabled
[   49.034332] random: crng init done
14:10:30 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4)
ioctl$sock_SIOCETHTOOL(r2, 0x8947, &(0x7f0000000040)={'ip6erspaq0\x00', 0x0})
close(r2)
close(r1)

14:10:30 executing program 5:
socket$netlink(0x10, 0x3, 0x0)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x9010000000000084)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0xe, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x8)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x98)

14:10:30 executing program 1:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000001c0), 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)

14:10:30 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x6cb)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000000)=0x8, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10)

14:10:30 executing program 3:
syz_execute_func(&(0x7f0000000040)="b18191cd806969ef69dccf00c4e195e8a4d2e5a700007bb66667450ee8a9db000004024efd5b40f7af8f87fd721c7e50506766400f3831a859b6efb3c4c3090c330053fb1f11cdaefbc44549f216c421fc11c165f00fc70de5110000660f383fd155bebec4210a5fc32af3400faee4de4cde977c7cf752325726400f4d18c4d6fef6f6dd2025500804f4c40e2d690b72c341f6d3c3dbe0")

14:10:30 executing program 4:
pipe2$9p(&(0x7f0000000080), 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
clone(0x7fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, 0x0)

[  181.565027] audit: type=1400 audit(1556287830.458:37): avc:  denied  { map } for  pid=7244 comm="syz-fuzzer" path="/root/syzkaller-shm947246610" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[  181.604168] audit: type=1400 audit(1556287830.498:38): avc:  denied  { map } for  pid=7260 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[  182.480247] IPVS: ftp: loaded support on port[0] = 21
[  182.807028] chnl_net:caif_netlink_parms(): no params data found
[  182.816969] IPVS: ftp: loaded support on port[0] = 21
[  182.872957] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.879542] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.887358] device bridge_slave_0 entered promiscuous mode
[  182.897033] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.903594] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.911079] device bridge_slave_1 entered promiscuous mode
[  182.938505] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  182.948100] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  182.971779] IPVS: ftp: loaded support on port[0] = 21
[  182.979104] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  182.986719] team0: Port device team_slave_0 added
[  182.995002] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  183.002424] team0: Port device team_slave_1 added
[  183.014140] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  183.038552] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  183.142244] device hsr_slave_0 entered promiscuous mode
[  183.180378] device hsr_slave_1 entered promiscuous mode
[  183.263661] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  183.272792] chnl_net:caif_netlink_parms(): no params data found
[  183.282068] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  183.340464] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.347352] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.354475] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.360919] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.374312] IPVS: ftp: loaded support on port[0] = 21
[  183.385326] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.393649] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.400855] device bridge_slave_0 entered promiscuous mode
[  183.408461] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.415541] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.422972] device bridge_slave_1 entered promiscuous mode
[  183.499198] chnl_net:caif_netlink_parms(): no params data found
[  183.508596] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  183.518146] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  183.567213] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  183.574985] team0: Port device team_slave_0 added
[  183.581521] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  183.588754] team0: Port device team_slave_1 added
[  183.594681] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  183.613419] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  183.634958] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.642159] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.649114] IPVS: ftp: loaded support on port[0] = 21
[  183.649887] device bridge_slave_0 entered promiscuous mode
[  183.723437] device hsr_slave_0 entered promiscuous mode
[  183.780582] device hsr_slave_1 entered promiscuous mode
[  183.823984] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  183.831820] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.838624] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.846295] device bridge_slave_1 entered promiscuous mode
[  183.869162] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  183.879182] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  183.893513] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.901077] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.910242] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  183.966240] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  183.973088] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  183.980939] team0: Port device team_slave_0 added
[  184.015488] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  184.022997] team0: Port device team_slave_1 added
[  184.043580] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.053408] IPVS: ftp: loaded support on port[0] = 21
[  184.076249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  184.097041] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  184.121328] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  184.136621] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  184.193291] device hsr_slave_0 entered promiscuous mode
[  184.230937] device hsr_slave_1 entered promiscuous mode
[  184.271645] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  184.289085] chnl_net:caif_netlink_parms(): no params data found
[  184.298576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  184.308082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  184.316637] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  184.323296] 8021q: adding VLAN 0 to HW filter on device team0
[  184.329934] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  184.384733] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  184.396214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  184.427445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  184.435610] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  184.443589] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.450114] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.457246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  184.465709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  184.473443] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.479916] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.495412] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  184.532511] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.539018] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.547444] device bridge_slave_0 entered promiscuous mode
[  184.555514] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.562778] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.569885] device bridge_slave_1 entered promiscuous mode
[  184.585932] chnl_net:caif_netlink_parms(): no params data found
[  184.609768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  184.630888] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  184.641257] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  184.649509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  184.661579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  184.685390] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  184.692946] team0: Port device team_slave_0 added
[  184.698748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  184.709502] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  184.738561] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  184.746401] team0: Port device team_slave_1 added
[  184.754606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  184.762678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  184.771564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  184.779672] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  184.792087] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.798733] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.806258] device bridge_slave_0 entered promiscuous mode
[  184.814301] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  184.827823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  184.851145] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.857717] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.866905] device bridge_slave_1 entered promiscuous mode
[  184.884333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  184.893021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  184.905942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  184.934855] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.949959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  184.958722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  184.981162] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  184.989544] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  185.032671] device hsr_slave_0 entered promiscuous mode
[  185.070555] device hsr_slave_1 entered promiscuous mode
[  185.113588] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  185.137422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  185.145644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  185.154244] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  185.164642] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  185.171036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  185.178249] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  185.188452] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  185.212272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  185.219168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  185.226897] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  185.236199] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  185.243307] 8021q: adding VLAN 0 to HW filter on device team0
[  185.259486] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  185.267899] team0: Port device team_slave_0 added
[  185.274438] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  185.283145] team0: Port device team_slave_1 added
[  185.289649] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  185.297922] chnl_net:caif_netlink_parms(): no params data found
[  185.309857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  185.326935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  185.336476] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  185.362779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  185.371268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  185.378929] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.385494] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.393240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  185.425966] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.433961] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  185.484270] device hsr_slave_0 entered promiscuous mode
[  185.520692] device hsr_slave_1 entered promiscuous mode
[  185.587131] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  185.598938] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.605492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  185.613882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  185.622562] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.629129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.637752] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  185.655403] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  185.665746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  185.679328] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.688446] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.695841] device bridge_slave_0 entered promiscuous mode
[  185.704071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  185.713239] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  185.726028] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  185.734198] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.740778] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.747891] device bridge_slave_1 entered promiscuous mode
[  185.774707] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  185.783024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  185.793571] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  185.813887] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  185.823301] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  185.838269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  185.848388] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  185.856889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  185.863933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  185.871660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  185.880653] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  185.886842] 8021q: adding VLAN 0 to HW filter on device team0
[  185.898765] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  185.923581] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  185.933980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  185.941924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  185.949600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  185.957597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  185.965496] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  185.974942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  186.000848] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  186.008830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  186.021525] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  186.027851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  186.035408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  186.043816] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  186.052001] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.058527] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.058960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  186.076598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  186.091968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  186.107437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  186.115971] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  186.124940] team0: Port device team_slave_0 added
[  186.144888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  186.153318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  186.161290] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.167751] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.177579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  186.185892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  186.193262] team0: Port device team_slave_1 added
[  186.199185] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  186.209079] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  186.216562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  186.227844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  186.239954] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.258867] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  186.265862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  186.277202] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  186.288047] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  186.304423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  186.315266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  186.323937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  186.337323] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  186.347103] 8021q: adding VLAN 0 to HW filter on device batadv0
[  186.394551] device hsr_slave_0 entered promiscuous mode
[  186.450540] device hsr_slave_1 entered promiscuous mode
[  186.512006] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  186.519891] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  186.526726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  186.534798] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  186.542613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  186.549717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  186.559330] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.569309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  186.578274] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  186.588318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  186.602119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
14:10:35 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f00000000c0)=0x400100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
setsockopt$inet_msfilter(r1, 0x0, 0x29, 0x0, 0x0)
ptrace$setopts(0x4206, r2, 0x0, 0x0)
fcntl$setstatus(r1, 0x4, 0x42803)

[  186.612518] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  186.620559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  186.646336] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  186.655516] 8021q: adding VLAN 0 to HW filter on device team0
[  186.674306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  186.682463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  186.692270] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  186.708151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  186.721769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  186.728781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  186.739475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  186.753312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  186.773122] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.779542] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.809878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  186.829811] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  186.843571] 8021q: adding VLAN 0 to HW filter on device team0
[  186.854352] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  186.863683] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  186.872726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  186.903119] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  186.915006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  186.936337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  186.946590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  186.957747] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.964372] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.982102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
14:10:35 executing program 5:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e0000002b00672de45ae087185082cf0124b0eba06ec42401000000000000140000000000008d0051894dd65b2f", 0x2e}], 0x1}, 0x0)

[  186.998444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  187.006944] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.013386] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.023441] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  187.034661] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  187.059636] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  187.075064] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  187.085980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
14:10:36 executing program 0:
sched_setaffinity(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0)

[  187.093545] audit: type=1400 audit(1556287835.978:39): avc:  denied  { create } for  pid=7327 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  187.123107] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'.
[  187.131708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  187.139619] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.146070] bridge0: port 2(bridge_slave_1) entered forwarding state
14:10:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0xe3b, 0x0, 0x0, {0x0, 0x0, 0x4c00}, [@IFLA_MASTER={0x8, 0xd, 0x6}, @IFLA_LINKINFO={0x10, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4}}}]}, 0x38}}, 0x0)

[  187.160638] audit: type=1400 audit(1556287836.018:40): avc:  denied  { write } for  pid=7327 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  187.199964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  187.211003] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  187.218951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  187.234402] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.246649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  187.250041] hrtimer: interrupt took 40339 ns
14:10:36 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r1, 0x8906, 0x0)
close(r1)

[  187.255732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  187.269671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  187.286472] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
14:10:36 executing program 0:
sched_setaffinity(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0)

[  187.307192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  187.327170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  187.339810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  187.352537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  187.382783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  187.391592] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  187.398705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  187.418811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  187.427764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  187.436508] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  187.446652] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  187.462376] 8021q: adding VLAN 0 to HW filter on device bond0
14:10:36 executing program 5:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00\x06\"\xce[\x94:\xc1F\xd4\xb7^\v\x1e;\xed\xc1\xe9\xd0<g|)\x90\x10\x897X\xb6\x80\x00'/48, 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000140)='pids.current\x00', 0x0, 0x0)
read$FUSE(r1, 0x0, 0xfd5e)

[  187.479442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  187.488662] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  187.497733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  187.523166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
14:10:36 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x50000}]})
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff)

[  187.537093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  187.554887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  187.573932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  187.590884] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  187.605203] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  187.618885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  187.632344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  187.641309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  187.649441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  187.659752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  187.679751] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  187.688483] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  187.695920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  187.704680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  187.717563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  187.732995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  187.741341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  187.756885] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  187.763494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  187.774255] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  187.781835] 8021q: adding VLAN 0 to HW filter on device team0
[  187.797451] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  187.807210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  187.857854] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  187.868145] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.881467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  187.889861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
14:10:36 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='c\xb0@oup.e\xcb2\x04\xcc22\xb3kx\x18\xa2vents\a\xfb\xf4M\x161%q\x98E1q \x80\xf0E\xc7\xcf3\xa1Z>\xe5\x05\x90\r\xf4F\xce7\x04\xc0\xa9\xf1T\xc9\xca\xeb\x9a\xf7\xa01\xe8\xeb\r\xec{\x88c\xa2\r\x1a\x00\x9f\x9c\xc2\xc6s\xeaK\xa9f\xd67\xea\xe3\xa5\xfa\xb2Y\xe9DN[{\xf0\x1e\xb5Ly\xe5\xf7\xd9M\xcc\xec\x8a\x85\xea\xb3\x18\xe5,\xb3\xa8D \x88\xd0p@I\xdaz\"\xfal\xa9\xcb\xb1 \x9f+j\xb8$m\"\"a?\xb3\x00\xbc\f\xbb\x16\x8b\xb1ac\x06\xb4\xa2\xe4m`\xe7\xed\x02\xa8E\xcc\x1d\xce\xd7 UO\x17\x9d\xfbu\x19#LD\"\xc6mA\x8d\x9e\x0e\x0f\xcb\x04\xbf\xf6\x1cc\x14\x1dz\f\xf5p\x12D+\xcd\x98\x0f>\xa9\xe3+\b\x97H\'9\xdc\xf5\xf6\xab1\xb3\x960\x10\x1c\xec\xf1\x1b\x90O+HZ0\xe9\x9bL\xa3\x87?\xb2\xed\xb6\x8f\xe9T\x90\xa4\xda\x14\x9f\x95L\xb9\x8c\t\xae\xd1 z\x81\xe6\xba\xc7b\xbb\x7f\xbbY\xa9\xf8\xcc&\xd2[\x18\xf8\x1f\xb7r]\x8c\vp\xca-\xe5R\x17\xf8\xfdS\xc6,o\r.\x8ay\xb0n}\x18\xdf?\x80f^\xe7\x01h\"\x89^[07JV\xa5L\x06\x0ea\xf4jZ\xcf\xe1\x18e\x99Xs\x83\xed_\x0f%\x14\"BXV\xac\x117\x96\xc7\xbe\x88\'\xd5\b\x1e\x193H[>\xa7\xbc\xcd\x87\x96\xabg\"\x9f\xaa\xa3N\x98\x0e2\x1b\xd8\x9aC\x97\xbb\x11\xd7\x8a\xe5\x95\x97\x98cWD\xb8\xf5K\xbb\xeb\xd7\x89\xef\xaf5\xd0\xb9\xe2\xff/1\x05\xf5l\x04\xe3\x06\xab=\x924[>lE\xf3\x9b\xd4\xc9\xe5-\xf1\x93)\xbe\xe0{{\x99\t\x92Z\xfaZ\xfe\xac\xe9\xaf\a>zH\xdaJ\x9e\xd1\x7f\n \xde\xb6>m\xdcG\x83H,\xc1\x14\xcb\xd4 \x15T)-', 0xea02ffe0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0)
flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/9, 0x9)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
shmget(0x3, 0x3000, 0x0, &(0x7f0000572000/0x3000)=nil)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000480)={0x0, 0x568f, 0xfffffffffffffffd, 0x7, 0x6, 0x3, 0x0, 0x89d, 0x0, 0x8, 0x0, 0x5})
r2 = semget(0x0, 0x0, 0x85)
semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000000280)=""/132)
prctl$PR_GET_FPEXC(0xb, 0x0)
syz_genetlink_get_family_id$tipc2(0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0)
getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000140)=0x3, &(0x7f0000000440)=0x1)
write$cgroup_pid(r3, &(0x7f0000000080), 0xfffffe38)
r4 = perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r3, 0x117, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x660c, 0x0)
write$P9_RSTAT(r3, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000005, 0x13, r1, 0x0)
setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x1)
ioctl$VT_WAITACTIVE(r3, 0x5607)
epoll_pwait(r3, &(0x7f00000004c0)=[{}], 0x1, 0x3, &(0x7f0000000580), 0x8)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xffffffffffffffff, 0x4002091, r4, 0x0)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000340)={0x2, 0x3f})
mkdir(&(0x7f0000000040)='./file0\x00', 0x10)

[  187.903551] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.910259] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.918696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  187.929098] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  187.942182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  187.961993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  187.969902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  187.987640] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.994282] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.001894] audit: type=1800 audit(1556287836.878:41): pid=7374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name=63B0406F75702E65CB3204CC3232B36B7818A276656E747307FBF44D16312571984531712080F045C7CF33A15A3EE505900DF446CE3704C0A9F154C9CAEB9AF7A031E8EB0DEC7B8863A20D1A dev="sda1" ino=16524 res=0
[  188.039094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  188.049572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  188.060513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  188.068187] audit: type=1400 audit(1556287836.898:42): avc:  denied  { read } for  pid=7371 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  188.095640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  188.105624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  188.115941] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  188.124686] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  188.137386] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  188.153725] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  188.172696] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  188.192879] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.236505] audit: type=1400 audit(1556287837.128:43): avc:  denied  { map } for  pid=7371 comm="syz-executor.1" path="/dev/loop0" dev="devtmpfs" ino=357 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
[  188.272969] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.281243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  188.294921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  188.350747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  188.358756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  188.366977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  188.374828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  188.382670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  188.391513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  188.400504] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  188.408762] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  188.416162] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  188.583526] audit: type=1400 audit(1556287837.478:44): avc:  denied  { getopt } for  pid=7371 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
14:10:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080))
r2 = syz_open_pts(r1, 0x0)
ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "7e884838dad904e4a8cdc56fb10d03d8427415"})
ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000000))
readv(r2, &(0x7f0000000780)=[{&(0x7f0000000140)=""/142, 0x8e}], 0x1)
dup2(r2, r1)

14:10:38 executing program 5:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
rt_sigqueueinfo(r0, 0x0, 0x0)

14:10:38 executing program 4:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]})
r0 = openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sync_file_range(r0, 0x0, 0x0, 0x0)

14:10:38 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000001000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc4c85512, &(0x7f0000001000))

14:10:38 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f00004de000/0x4000)=nil, 0x4000, 0x0)
munlock(&(0x7f00004df000/0x3000)=nil, 0x3000)

14:10:38 executing program 3:
syz_execute_func(&(0x7f0000000040)="b18191cd806969ef69dccf00c4e195e8a4d2e5a700007bb66667450ee8a9db000004024efd5b40f7af8f87fd721c7e50506766400f3831a859b6efb3c4c3090c330053fb1f11cdaefbc44549f216c421fc11c165f00fc70de5110000660f383fd155bebec4210a5fc32af3400faee4de4cde977c7cf752325726400f4d18c4d6fef6f6dd2025500804f4c40e2d690b72c341f6d3c3dbe0")

14:10:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r1, &(0x7f0000000000), 0x10)

14:10:38 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x1cd, 0x0)
perf_event_open(&(0x7f0000001000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc4c85512, &(0x7f0000001000))

14:10:38 executing program 3:
syz_execute_func(&(0x7f0000000040)="b18191cd806969ef69dccf00c4e195e8a4d2e5a700007bb66667450ee8a9db000004024efd5b40f7af8f87fd721c7e50506766400f3831a859b6efb3c4c3090c330053fb1f11cdaefbc44549f216c421fc11c165f00fc70de5110000660f383fd155bebec4210a5fc32af3400faee4de4cde977c7cf752325726400f4d18c4d6fef6f6dd2025500804f4c40e2d690b72c341f6d3c3dbe0")

14:10:38 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070")
r1 = socket$inet(0x10, 0x800000003, 0x10000000000000c)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000010807601dfffd946fa2830020200a0009000600001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0)

14:10:38 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg(r0, &(0x7f000000aac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000005d40)=[{0xc, 0x1}], 0xc}}], 0x1, 0x50)

14:10:38 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
open(&(0x7f0000000100)='./file0/file0\x00', 0x3, 0x0)

14:10:38 executing program 2:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='stack\x00')
preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0)

[  189.869125] audit: type=1400 audit(1556287838.758:45): avc:  denied  { create } for  pid=7439 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
14:10:38 executing program 3:
syz_execute_func(&(0x7f0000000040)="b18191cd806969ef69dccf00c4e195e8a4d2e5a700007bb66667450ee8a9db000004024efd5b40f7af8f87fd721c7e50506766400f3831a859b6efb3c4c3090c330053fb1f11cdaefbc44549f216c421fc11c165f00fc70de5110000660f383fd155bebec4210a5fc32af3400faee4de4cde977c7cf752325726400f4d18c4d6fef6f6dd2025500804f4c40e2d690b72c341f6d3c3dbe0")

14:10:38 executing program 4:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
creat(&(0x7f0000000080)='./file0\x00', 0x0)
socket$unix(0x1, 0x3, 0x0)
pipe(&(0x7f0000000180))
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)

14:10:38 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x7d, 0x0, &(0x7f0000000100))
close(r2)
close(r1)

14:10:38 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000000c0)="66b80f0000000f23d00f21f86635000000000f23f866b87e13e8ab0f23c80f21f86635000070000f23f80f20590f73d600640f0766b93d0b00000f320fc72cb800008ec82e640f5a4700660f13890000", 0x50}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

14:10:38 executing program 3:
syz_execute_func(0x0)

[  190.033052] audit: type=1400 audit(1556287838.758:46): avc:  denied  { write } for  pid=7439 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
14:10:39 executing program 3:
syz_execute_func(0x0)

14:10:39 executing program 2:
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
socket$unix(0x1, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0)
write$binfmt_aout(r1, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000000000000000070008100000ee8b08b7960ff7aa6e041c7700fd15873809aa0063b8f24252b1d85cbf000000000038f70f653f0ffb09f0d536b564df5e0a9efd50fe203534da91b5b9fb501e1ac4bfa3841f9d63e232b9b2500fb1d96033ccfdff066428eb74af955568576bc5a15aff94ce45ffd34ef01cb29b1229b421db3bcc3fa1eae6f1b1d0c15b22e6eb0d8608bb83b955cad9e5b56dbb18e65ec595c4b7d0e0f50b0c90abdd35b87bcc8cd0d4a7a4"], 0xb4)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[  190.097857] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
14:10:39 executing program 3:
syz_execute_func(0x0)

[  190.150179] protocol 88fb is buggy, dev hsr_slave_0
[  190.155482] protocol 88fb is buggy, dev hsr_slave_1
14:10:39 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0)
flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/9, 0x9)
sched_setscheduler(0x0, 0x0, 0x0)
shmget(0x3, 0x3000, 0x0, &(0x7f0000572000/0x3000)=nil)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000480)={0x0, 0x568f, 0x0, 0x7, 0x6, 0x3, 0x0, 0x89d, 0x0, 0x8, 0x0, 0x5})
futex(&(0x7f000000cffc), 0x800000000006, 0x0, 0x0, &(0x7f0000048000), 0x0)
r1 = semget(0x0, 0x0, 0x85)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000280)=""/132)
prctl$PR_GET_FPEXC(0xb, 0x0)
syz_genetlink_get_family_id$tipc2(0x0)
clock_gettime(0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0)
write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38)
r3 = perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0)
write$P9_RSTAT(r2, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000005, 0x13, r0, 0x0)
setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000001c0)='TRUE', 0x4, 0x1)
ioctl$VT_WAITACTIVE(r2, 0x5607)
syz_open_procfs(0x0, 0x0)
epoll_pwait(r2, &(0x7f00000004c0)=[{}], 0x1, 0x3, &(0x7f0000000580), 0x8)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xffffffffffffffff, 0x4002091, r3, 0x0)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000340)={0x2, 0x3f})

[  190.231015] protocol 88fb is buggy, dev hsr_slave_0
[  190.236222] protocol 88fb is buggy, dev hsr_slave_1
14:10:39 executing program 3:
syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket(0x1e, 0x4, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x84)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0)

[  190.321038] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  190.335681] FAT-fs (loop2): Filesystem has been set read-only
[  190.342838] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 17)
[  190.592219] audit: type=1400 audit(1556287839.488:47): avc:  denied  { map } for  pid=7487 comm="syz-executor.5" path="socket:[27893]" dev="sockfs" ino=27893 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  190.620398] audit: type=1400 audit(1556287839.488:48): avc:  denied  { accept } for  pid=7487 comm="syz-executor.5" path="socket:[27893]" dev="sockfs" ino=27893 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  190.650132] protocol 88fb is buggy, dev hsr_slave_0
[  190.655408] protocol 88fb is buggy, dev hsr_slave_1
14:10:39 executing program 1:
inotify_init1(0x0)
fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]})
r0 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, 0x0, 0x0)

14:10:39 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x70, 0x0, &(0x7f0000000100))
close(r2)
close(r1)

14:10:39 executing program 2:
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
socket$unix(0x1, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0)
write$binfmt_aout(r1, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000000000000000070008100000ee8b08b7960ff7aa6e041c7700fd15873809aa0063b8f24252b1d85cbf000000000038f70f653f0ffb09f0d536b564df5e0a9efd50fe203534da91b5b9fb501e1ac4bfa3841f9d63e232b9b2500fb1d96033ccfdff066428eb74af955568576bc5a15aff94ce45ffd34ef01cb29b1229b421db3bcc3fa1eae6f1b1d0c15b22e6eb0d8608bb83b955cad9e5b56dbb18e65ec595c4b7d0e0f50b0c90abdd35b87bcc8cd0d4a7a4"], 0xb4)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[  190.818165] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  190.826955] FAT-fs (loop2): Filesystem has been set read-only
[  190.842235] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 17)
14:10:39 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x0, 0x81, 0x46}, 0x2c)

14:10:39 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0)
flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/9, 0x9)
sched_setscheduler(0x0, 0x0, 0x0)
shmget(0x3, 0x3000, 0x0, &(0x7f0000572000/0x3000)=nil)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000480)={0x0, 0x568f, 0x0, 0x7, 0x6, 0x3, 0x0, 0x89d, 0x0, 0x8, 0x0, 0x5})
futex(&(0x7f000000cffc), 0x800000000006, 0x0, 0x0, &(0x7f0000048000), 0x0)
r1 = semget(0x0, 0x0, 0x85)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000280)=""/132)
prctl$PR_GET_FPEXC(0xb, 0x0)
syz_genetlink_get_family_id$tipc2(0x0)
clock_gettime(0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0)
write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38)
r3 = perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0)
write$P9_RSTAT(r2, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000005, 0x13, r0, 0x0)
setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000001c0)='TRUE', 0x4, 0x1)
ioctl$VT_WAITACTIVE(r2, 0x5607)
syz_open_procfs(0x0, 0x0)
epoll_pwait(r2, &(0x7f00000004c0)=[{}], 0x1, 0x3, &(0x7f0000000580), 0x8)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xffffffffffffffff, 0x4002091, r3, 0x0)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000340)={0x2, 0x3f})

14:10:39 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070")
r1 = socket$inet(0x10, 0x800000003, 0x10000000000000c)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000010807681dfffd946fa2830020200a0009000600001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0)

14:10:39 executing program 2:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = getpid()
sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unshare(0x40000200)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000)

[  190.870324] protocol 88fb is buggy, dev hsr_slave_0
[  190.875432] protocol 88fb is buggy, dev hsr_slave_1
[  190.904974] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
14:10:39 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x0, 0x81, 0x46}, 0x2c)

14:10:39 executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000ac5000), 0x4)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0)
r2 = memfd_create(&(0x7f0000000080)='dev ', 0x0)
write(r2, &(0x7f0000000040)="16", 0x1)
sendfile(r1, r2, &(0x7f0000000000), 0x1)
dup2(r2, r1)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x1000000000013)

14:10:39 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x0, 0x81, 0x46}, 0x2c)

14:10:40 executing program 0:

14:10:40 executing program 3:
syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket(0x1e, 0x4, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x84)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0)

14:10:40 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x0, 0x81, 0x46}, 0x2c)

14:10:40 executing program 1:

14:10:40 executing program 0:

14:10:40 executing program 5:

14:10:40 executing program 5:

14:10:40 executing program 4:

[  191.830238] protocol 88fb is buggy, dev hsr_slave_0
[  191.835383] protocol 88fb is buggy, dev hsr_slave_1
[  191.890174] IPVS: ftp: loaded support on port[0] = 21
14:10:41 executing program 2:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = getpid()
sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unshare(0x40000200)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000)

14:10:41 executing program 0:

14:10:41 executing program 1:

14:10:41 executing program 5:

14:10:41 executing program 4:

14:10:41 executing program 1:

14:10:41 executing program 0:

14:10:41 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ceph(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x11000, 0x0)

14:10:41 executing program 3:

14:10:41 executing program 5:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='stack\x00')
preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0)
syz_open_procfs(0x0, 0x0)

14:10:41 executing program 3:

14:10:41 executing program 1:

14:10:41 executing program 2:

14:10:41 executing program 0:

14:10:41 executing program 1:

14:10:41 executing program 3:

14:10:41 executing program 4:

14:10:41 executing program 5:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='stack\x00')
preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0)
syz_open_procfs(0x0, 0x0)

14:10:41 executing program 0:

14:10:41 executing program 2:

14:10:42 executing program 1:
syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")

14:10:42 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000180)=""/11, 0x8c0d351c)
accept4$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200))
r1 = dup2(r0, r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000080), 0x1c)
r3 = dup2(r2, r2)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
sendto$unix(r3, 0x0, 0x0, 0x8000000020003ffc, &(0x7f0000000280)=@abs={0x1}, 0x6e)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000100))

14:10:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0)
syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x800)
syz_execute_func(&(0x7f00000001c0)="b13691cd803eedf26f6fd0c40f5ead0e0000005bf91cc10f788e008000000fc4014c5868f4a95ff9c44149f2168f4808eebce00000802000c4217c5e51c1ead8cfc48192558dc3c366450f18674667f3426f7c7c730f5726cb660f72d55a181836019b9bf6e3df64673667856666430fefb30000000000c0e7f30f1a120f984898111d54111d00")

14:10:42 executing program 0:
clone(0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)

14:10:42 executing program 2:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000300)='/dev/audio\x00', 0x0, 0x0)
close(r1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0})
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640)=ANY=[])
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000100)={0x0, r1})

[  193.254468] ldm_validate_privheads(): Disk read failed.
[  193.282791]  loop1: p1 p2 p3 p4
14:10:42 executing program 0:
sysinfo(&(0x7f0000000000)=""/22)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0)
r0 = socket$inet(0x10, 0x2, 0x0)
r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2})
sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8})
accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800)
ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags})

14:10:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0)
syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x800)
syz_execute_func(&(0x7f00000001c0)="b13691cd803eedf26f6fd0c40f5ead0e0000005bf91cc10f788e008000000fc4014c5868f4a95ff9c44149f2168f4808eebce00000802000c4217c5e51c1ead8cfc48192558dc3c366450f18674667f3426f7c7c730f5726cb660f72d55a181836019b9bf6e3df64673667856666430fefb30000000000c0e7f30f1a120f984898111d54111d00")

[  193.305835] loop1: partition table partially beyond EOD, truncated
[  193.348909] loop1: p1 start 1 is beyond EOD, truncated
14:10:42 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0)
syz_execute_func(&(0x7f00000001c0)="b13691cd803eedf26f6fd0c40f5ead0e0000005bf91cc10f788e008000000fc4014c5868f4a95ff9c44149f2168f4808eebce00000802000c4217c5e51c1ead8cfc48192558dc3c366450f18674667f3426f7c7c730f5726cb660f72d55a181836019b9bf6e3df64673667856666430fefb30000000000c0e7f30f1a120f984898111d54111d00")

[  193.375240] loop1: p2 start 101 is beyond EOD, truncated
[  193.402452] loop1: p3 start 201 is beyond EOD, truncated
[  193.426192] loop1: p4 start 301 is beyond EOD, truncated
14:10:42 executing program 1:
syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")

14:10:42 executing program 5:
r0 = open(&(0x7f0000000080)='./file0\x00', 0x8040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = open(&(0x7f00000007c0)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
fcntl$setlease(r1, 0x400, 0x2)

[  193.601066] ldm_validate_privheads(): Disk read failed.
[  193.606628]  loop1: p1 p2 p3 p4
[  193.622444] loop1: partition table partially beyond EOD, truncated
[  193.655299] loop1: p1 start 1 is beyond EOD, truncated
14:10:42 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000000180), 0x400000000000370, 0x0, &(0x7f0000000100)={0x77359400})

14:10:42 executing program 0:
sysinfo(&(0x7f0000000000)=""/22)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0)
r0 = socket$inet(0x10, 0x2, 0x0)
r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2})
sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8})
accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800)
ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags})

14:10:42 executing program 2:
r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x82800)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x7, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x0, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108)
syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00')
sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
socket$packet(0x11, 0x800000002, 0x300)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x20004, 0x800000032, 0xffffffffffffffff, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)
timer_gettime(0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)

[  193.686699] loop1: p2 start 101 is beyond EOD, truncated
[  193.711175] loop1: p3 start 201 is beyond EOD, truncated
[  193.716841] loop1: p4 start 301 is beyond EOD, truncated
14:10:43 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x8}]}}}]}, 0x3c}}, 0x0)

14:10:43 executing program 0:
sysinfo(&(0x7f0000000000)=""/22)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0)
r0 = socket$inet(0x10, 0x2, 0x0)
r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2})
sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8})
accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800)
ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags})

14:10:43 executing program 5:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
sendto$inet6(r0, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0)

14:10:43 executing program 1:
syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")

14:10:43 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000000180), 0x400000000000370, 0x0, &(0x7f0000000100)={0x77359400})

14:10:43 executing program 2:
r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x82800)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x7, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x0, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108)
syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00')
sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
socket$packet(0x11, 0x800000002, 0x300)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x20004, 0x800000032, 0xffffffffffffffff, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)
timer_gettime(0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)

14:10:43 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[], 0x0, 0x280})
ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000000))
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

14:10:43 executing program 2:
r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x82800)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x7, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x0, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108)
syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00')
sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
socket$packet(0x11, 0x800000002, 0x300)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x20004, 0x800000032, 0xffffffffffffffff, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)
timer_gettime(0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)

[  194.251831] ldm_validate_privheads(): Disk read failed.
[  194.257325]  loop1: p1 p2 p3 p4
[  194.285458] loop1: partition table partially beyond EOD, truncated
[  194.316630] loop1: p1 start 1 is beyond EOD, truncated
14:10:43 executing program 3:
socket$netlink(0x10, 0x3, 0x0)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x9010000000000084)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0xe, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x8)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = accept4(r0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001580)='cpu.stat\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x1f4, 0x0, 0x0, 0x54}, 0x98)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000400))

[  194.354250] loop1: p2 start 101 is beyond EOD, truncated
[  194.384568] loop1: p3 start 201 is beyond EOD, truncated
14:10:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x0, 0x1})

[  194.440923] loop1: p4 start 301 is beyond EOD, truncated
14:10:43 executing program 0:
sysinfo(&(0x7f0000000000)=""/22)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0)
r0 = socket$inet(0x10, 0x2, 0x0)
r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2})
sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8})
accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800)
ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags})

14:10:43 executing program 4:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000300)='/dev/audio\x00', 0x0, 0x0)
close(r1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0})
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)={0x2, 0x0, [{0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}]})
write$vnet(r0, &(0x7f00000004c0)={0x1, {0x0, 0x0, &(0x7f0000000280)=""/118, 0x3, 0x2}}, 0x68)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000100)={0x0, r1})

14:10:43 executing program 1:
syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}])
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")

14:10:43 executing program 0:
sysinfo(&(0x7f0000000000)=""/22)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0)
r0 = socket$inet(0x10, 0x2, 0x0)
r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2})
sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8})
ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags})

14:10:43 executing program 2:
r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x82800)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x7, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x0, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108)
syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00')
sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
socket$packet(0x11, 0x800000002, 0x300)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x20004, 0x800000032, 0xffffffffffffffff, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)
timer_gettime(0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)

14:10:43 executing program 3:
syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket(0x1e, 0x4, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x84)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0)

14:10:43 executing program 5:
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r1 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r1, &(0x7f00000046c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
tkill(r0, 0x1000000000016)
sendmsg$key(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)={0x2, 0xf, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

14:10:43 executing program 4:

[  427.990493] INFO: task syz-executor.0:7264 blocked for more than 140 seconds.
[  427.998103]       Not tainted 4.14.113 #3
[  428.002564] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.010955] syz-executor.0  D24768  7264      1 0x00000004
[  428.016693] Call Trace:
[  428.019385]  __schedule+0x7be/0x1cf0
[  428.023354]  ? __mutex_lock+0x737/0x1470
[  428.027575]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.032950]  schedule+0x92/0x1c0
[  428.036442]  schedule_preempt_disabled+0x13/0x20
[  428.041667]  __mutex_lock+0x73c/0x1470
[  428.045566]  ? trace_hardirqs_on+0x10/0x10
[  428.050206]  ? lo_release+0x84/0x1b0
[  428.054079]  ? save_trace+0x280/0x290
[  428.058005]  ? mutex_trylock+0x1c0/0x1c0
[  428.062286]  ? __blkdev_put+0x397/0x7f0
[  428.066513]  ? find_held_lock+0x35/0x130
[  428.070978]  ? __blkdev_put+0x397/0x7f0
[  428.074972]  ? loop_clr_fd+0xae0/0xae0
[  428.078944]  mutex_lock_nested+0x16/0x20
[  428.083275]  ? mutex_lock_nested+0x16/0x20
[  428.087707]  lo_release+0x84/0x1b0
[  428.091321]  ? loop_clr_fd+0xae0/0xae0
[  428.095386]  __blkdev_put+0x436/0x7f0
[  428.099295]  ? bd_set_size+0xb0/0xb0
[  428.103082]  ? wait_for_completion+0x420/0x420
[  428.107802]  blkdev_put+0x88/0x510
[  428.111426]  ? fcntl_setlk+0xb90/0xb90
[  428.115584]  ? blkdev_put+0x510/0x510
[  428.119532]  blkdev_close+0x8b/0xb0
[  428.123535]  __fput+0x277/0x7a0
[  428.126890]  ____fput+0x16/0x20
[  428.130251]  task_work_run+0x119/0x190
[  428.134363]  exit_to_usermode_loop+0x1da/0x220
[  428.139105]  do_syscall_64+0x4a9/0x630
[  428.143182]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  428.148029]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  428.153446] RIP: 0033:0x412b40
[  428.156645] RSP: 002b:00007ffe9dd5e9e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  428.164540] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000412b40
[  428.172367] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003
[  428.179648] RBP: 0000000000000037 R08: 0000000000000000 R09: 000000000000000a
[  428.187169] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  428.194624] R13: 00007ffe9dd5ea20 R14: 000000000002f7fc R15: 00007ffe9dd5ea30
[  428.201987] INFO: task syz-executor.5:7267 blocked for more than 140 seconds.
[  428.209503]       Not tainted 4.14.113 #3
[  428.213880] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.222411] syz-executor.5  D24992  7267      1 0x00000004
[  428.228169] Call Trace:
[  428.230916]  __schedule+0x7be/0x1cf0
[  428.235165]  ? __mutex_lock+0x737/0x1470
[  428.239355]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.244627]  schedule+0x92/0x1c0
[  428.247986]  schedule_preempt_disabled+0x13/0x20
[  428.252997]  __mutex_lock+0x73c/0x1470
[  428.256887]  ? trace_hardirqs_on+0x10/0x10
[  428.261346]  ? lo_open+0x1d/0xb0
[  428.264800]  ? refcount_inc_not_zero+0x50/0xe0
[  428.269372]  ? mutex_trylock+0x1c0/0x1c0
[  428.273665]  ? find_held_lock+0x35/0x130
[  428.277979]  ? disk_get_part+0x9c/0x140
[  428.282151]  ? lock_downgrade+0x6e0/0x6e0
[  428.286317]  ? loop_unregister_transfer+0x90/0x90
[  428.291584]  mutex_lock_nested+0x16/0x20
[  428.295643]  ? mutex_lock_nested+0x16/0x20
[  428.299861]  lo_open+0x1d/0xb0
[  428.303788]  __blkdev_get+0x2c9/0x1120
[  428.307682]  ? __blkdev_put+0x7f0/0x7f0
[  428.312011]  ? bd_acquire+0x178/0x2c0
[  428.316053]  ? find_held_lock+0x35/0x130
[  428.320163]  blkdev_get+0xa8/0x8e0
[  428.324061]  ? bd_may_claim+0xd0/0xd0
[  428.327865]  ? _raw_spin_unlock+0x2d/0x50
[  428.332069]  blkdev_open+0x1d1/0x260
[  428.336065]  ? security_file_open+0x8f/0x1a0
[  428.340546]  do_dentry_open+0x73e/0xeb0
[  428.344782]  ? bd_acquire+0x2c0/0x2c0
[  428.348827]  vfs_open+0x105/0x230
[  428.352469]  path_openat+0x8bd/0x3f70
[  428.356390]  ? trace_hardirqs_on+0x10/0x10
[  428.361010]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  428.365808]  ? find_held_lock+0x35/0x130
[  428.370015]  ? __alloc_fd+0x1d4/0x4a0
[  428.374020]  do_filp_open+0x18e/0x250
[  428.377832]  ? may_open_dev+0xe0/0xe0
[  428.381895]  ? _raw_spin_unlock+0x2d/0x50
[  428.386047]  ? __alloc_fd+0x1d4/0x4a0
[  428.389897]  do_sys_open+0x2c5/0x430
[  428.393684]  ? filp_open+0x70/0x70
[  428.397218]  SyS_open+0x2d/0x40
[  428.400681]  ? do_sys_open+0x430/0x430
[  428.404575]  do_syscall_64+0x1eb/0x630
[  428.408448]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  428.413371]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  428.418558] RIP: 0033:0x412d20
[  428.421803] RSP: 002b:00007fff56fc1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  428.429899] RAX: ffffffffffffffda RBX: 000000000002f868 RCX: 0000000000412d20
[  428.437729] RDX: 00007fff56fc204a RSI: 0000000000000002 RDI: 00007fff56fc2040
[  428.445309] RBP: 0000000000000037 R08: 0000000000000000 R09: 000000000000000a
[  428.452937] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  428.460414] R13: 00007fff56fc1ff0 R14: 000000000002f7bd R15: 00007fff56fc2000
[  428.468037] INFO: task syz-executor.2:7269 blocked for more than 140 seconds.
[  428.475444]       Not tainted 4.14.113 #3
[  428.479745] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.487934] syz-executor.2  D24992  7269      1 0x00000004
[  428.493676] Call Trace:
[  428.496549]  __schedule+0x7be/0x1cf0
[  428.500319]  ? __mutex_lock+0x737/0x1470
[  428.504446]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.509480]  schedule+0x92/0x1c0
[  428.513146]  schedule_preempt_disabled+0x13/0x20
[  428.518045]  __mutex_lock+0x73c/0x1470
[  428.522108]  ? trace_hardirqs_on+0x10/0x10
[  428.526493]  ? lo_open+0x1d/0xb0
[  428.529956]  ? refcount_inc_not_zero+0x50/0xe0
[  428.534739]  ? mutex_trylock+0x1c0/0x1c0
[  428.539109]  ? find_held_lock+0x35/0x130
[  428.543241]  ? disk_get_part+0x9c/0x140
[  428.547386]  ? lock_downgrade+0x6e0/0x6e0
[  428.551645]  ? loop_unregister_transfer+0x90/0x90
[  428.556497]  mutex_lock_nested+0x16/0x20
[  428.561050]  ? mutex_lock_nested+0x16/0x20
[  428.565284]  lo_open+0x1d/0xb0
[  428.568464]  __blkdev_get+0x2c9/0x1120
[  428.572437]  ? __blkdev_put+0x7f0/0x7f0
[  428.576743]  ? bd_acquire+0x178/0x2c0
[  428.580613]  ? find_held_lock+0x35/0x130
[  428.584686]  blkdev_get+0xa8/0x8e0
[  428.588406]  ? bd_may_claim+0xd0/0xd0
[  428.592274]  ? _raw_spin_unlock+0x2d/0x50
[  428.596419]  blkdev_open+0x1d1/0x260
[  428.600414]  ? security_file_open+0x8f/0x1a0
[  428.604865]  do_dentry_open+0x73e/0xeb0
[  428.608875]  ? bd_acquire+0x2c0/0x2c0
[  428.612747]  vfs_open+0x105/0x230
[  428.616197]  path_openat+0x8bd/0x3f70
[  428.619992]  ? trace_hardirqs_on+0x10/0x10
[  428.624532]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  428.629209]  ? find_held_lock+0x35/0x130
[  428.633572]  ? __alloc_fd+0x1d4/0x4a0
[  428.637618]  do_filp_open+0x18e/0x250
[  428.641520]  ? may_open_dev+0xe0/0xe0
[  428.645334]  ? _raw_spin_unlock+0x2d/0x50
[  428.649595]  ? __alloc_fd+0x1d4/0x4a0
[  428.653634]  do_sys_open+0x2c5/0x430
[  428.657365]  ? filp_open+0x70/0x70
[  428.661194]  SyS_open+0x2d/0x40
[  428.664627]  ? do_sys_open+0x430/0x430
[  428.668727]  do_syscall_64+0x1eb/0x630
[  428.672911]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  428.677997]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  428.683270] RIP: 0033:0x412d20
[  428.686468] RSP: 002b:00007ffcb6e07398 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  428.694993] RAX: ffffffffffffffda RBX: 000000000002f860 RCX: 0000000000412d20
[  428.702444] RDX: 00007ffcb6e0742a RSI: 0000000000000002 RDI: 00007ffcb6e07420
[  428.709779] RBP: 000000000000002d R08: 0000000000000000 R09: 000000000000000a
[  428.717243] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  428.725006] R13: 00007ffcb6e073d0 R14: 000000000002f7c8 R15: 00007ffcb6e073e0
[  428.732893] INFO: task syz-executor.3:7270 blocked for more than 140 seconds.
[  428.740237]       Not tainted 4.14.113 #3
[  428.744390] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  428.752580] syz-executor.3  D25168  7270      1 0x00000004
[  428.758329] Call Trace:
[  428.760987]  __schedule+0x7be/0x1cf0
[  428.764719]  ? __mutex_lock+0x737/0x1470
[  428.768871]  ? pci_mmcfg_check_reserved+0x150/0x150
[  428.773967]  schedule+0x92/0x1c0
[  428.777384]  schedule_preempt_disabled+0x13/0x20
[  428.782326]  __mutex_lock+0x73c/0x1470
[  428.786235]  ? trace_hardirqs_on+0x10/0x10
[  428.790747]  ? lo_open+0x1d/0xb0
[  428.794215]  ? refcount_inc_not_zero+0x50/0xe0
[  428.799001]  ? mutex_trylock+0x1c0/0x1c0
[  428.803140]  ? find_held_lock+0x35/0x130
[  428.807334]  ? disk_get_part+0x9c/0x140
[  428.811679]  ? lock_downgrade+0x6e0/0x6e0
[  428.815842]  ? loop_unregister_transfer+0x90/0x90
[  428.821395]  mutex_lock_nested+0x16/0x20
[  428.825467]  ? mutex_lock_nested+0x16/0x20
[  428.829700]  lo_open+0x1d/0xb0
[  428.832955]  __blkdev_get+0x2c9/0x1120
[  428.836943]  ? __blkdev_put+0x7f0/0x7f0
[  428.840970]  ? bd_acquire+0x178/0x2c0
[  428.844812]  ? find_held_lock+0x35/0x130
[  428.849108]  blkdev_get+0xa8/0x8e0
[  428.853123]  ? bd_may_claim+0xd0/0xd0
[  428.857004]  ? _raw_spin_unlock+0x2d/0x50
[  428.861373]  blkdev_open+0x1d1/0x260
[  428.865112]  ? security_file_open+0x8f/0x1a0
[  428.869615]  do_dentry_open+0x73e/0xeb0
[  428.873668]  ? bd_acquire+0x2c0/0x2c0
[  428.877497]  vfs_open+0x105/0x230
[  428.881021]  path_openat+0x8bd/0x3f70
[  428.884840]  ? trace_hardirqs_on+0x10/0x10
[  428.889135]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  428.894181]  ? find_held_lock+0x35/0x130
[  428.898352]  ? __alloc_fd+0x1d4/0x4a0
[  428.902244]  do_filp_open+0x18e/0x250
[  428.906280]  ? may_open_dev+0xe0/0xe0
[  428.910569]  ? _raw_spin_unlock+0x2d/0x50
[  428.915243]  ? __alloc_fd+0x1d4/0x4a0
[  428.919184]  do_sys_open+0x2c5/0x430
[  428.923002]  ? filp_open+0x70/0x70
[  428.926643]  SyS_open+0x2d/0x40
[  428.930240]  ? do_sys_open+0x430/0x430
[  428.934262]  do_syscall_64+0x1eb/0x630
[  428.938163]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  428.943330]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  428.948704] RIP: 0033:0x412d20
[  428.952945] RSP: 002b:00007fffc8b96688 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  428.960918] RAX: ffffffffffffffda RBX: 000000000002f8aa RCX: 0000000000412d20
[  428.968380] RDX: 00007fffc8b9671a RSI: 0000000000000002 RDI: 00007fffc8b96710
[  428.975836] RBP: 0000000000000027 R08: 0000000000000000 R09: 000000000000000a
[  428.983166] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  428.990881] R13: 00007fffc8b966c0 R14: 000000000002f7c0 R15: 00007fffc8b966d0
[  428.998419] INFO: task syz-executor.4:7271 blocked for more than 140 seconds.
[  429.006346]       Not tainted 4.14.113 #3
[  429.010806] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.018978] syz-executor.4  D25232  7271      1 0x00000004
[  429.024687] Call Trace:
[  429.027703]  __schedule+0x7be/0x1cf0
[  429.031654]  ? __mutex_lock+0x737/0x1470
[  429.036032]  ? pci_mmcfg_check_reserved+0x150/0x150
[  429.041215]  schedule+0x92/0x1c0
[  429.044603]  schedule_preempt_disabled+0x13/0x20
[  429.049360]  __mutex_lock+0x73c/0x1470
[  429.053418]  ? __mutex_unlock_slowpath+0x71/0x800
[  429.058277]  ? __blkdev_get+0x145/0x1120
[  429.062404]  ? mutex_trylock+0x1c0/0x1c0
[  429.066475]  ? exact_match+0xd/0x20
[  429.070216]  ? kobj_lookup+0x319/0x410
[  429.074115]  ? blkdev_ioctl+0x1880/0x1880
[  429.078262]  mutex_lock_nested+0x16/0x20
[  429.083228]  ? mutex_lock_nested+0x16/0x20
[  429.087475]  __blkdev_get+0x145/0x1120
[  429.091603]  ? __blkdev_put+0x7f0/0x7f0
[  429.095744]  ? bd_acquire+0x178/0x2c0
[  429.099585]  ? find_held_lock+0x35/0x130
[  429.103814]  blkdev_get+0xa8/0x8e0
[  429.107372]  ? bd_may_claim+0xd0/0xd0
[  429.111758]  ? _raw_spin_unlock+0x2d/0x50
[  429.116084]  blkdev_open+0x1d1/0x260
[  429.119963]  ? security_file_open+0x8f/0x1a0
[  429.124451]  do_dentry_open+0x73e/0xeb0
[  429.128619]  ? bd_acquire+0x2c0/0x2c0
[  429.132656]  vfs_open+0x105/0x230
[  429.136128]  path_openat+0x8bd/0x3f70
[  429.140116]  ? trace_hardirqs_on+0x10/0x10
[  429.144378]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  429.149168]  ? find_held_lock+0x35/0x130
[  429.153390]  ? __alloc_fd+0x1d4/0x4a0
[  429.158783]  do_filp_open+0x18e/0x250
[  429.162646]  ? may_open_dev+0xe0/0xe0
[  429.166515]  ? _raw_spin_unlock+0x2d/0x50
[  429.170725]  ? __alloc_fd+0x1d4/0x4a0
[  429.174540]  do_sys_open+0x2c5/0x430
[  429.178357]  ? filp_open+0x70/0x70
[  429.181964]  SyS_open+0x2d/0x40
[  429.185249]  ? do_sys_open+0x430/0x430
[  429.189134]  do_syscall_64+0x1eb/0x630
[  429.193318]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.198457]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.203833] RIP: 0033:0x412d20
[  429.207026] RSP: 002b:00007fff1dedda18 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  429.215323] RAX: ffffffffffffffda RBX: 000000000002f897 RCX: 0000000000412d20
[  429.223082] RDX: 00007fff1deddaaa RSI: 0000000000000002 RDI: 00007fff1deddaa0
[  429.230506] RBP: 000000000000002b R08: 0000000000000000 R09: 000000000000000a
[  429.237830] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  429.245435] R13: 00007fff1dedda50 R14: 000000000002f837 R15: 00007fff1dedda60
[  429.252755] INFO: task blkid:7728 blocked for more than 140 seconds.
[  429.259240]       Not tainted 4.14.113 #3
[  429.263440] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.271684] blkid           D28880  7728   7442 0x00000004
[  429.277313] Call Trace:
[  429.280020]  __schedule+0x7be/0x1cf0
[  429.283807]  ? __mutex_lock+0x737/0x1470
[  429.287987]  ? pci_mmcfg_check_reserved+0x150/0x150
[  429.293221]  schedule+0x92/0x1c0
[  429.296604]  schedule_preempt_disabled+0x13/0x20
[  429.301418]  __mutex_lock+0x73c/0x1470
[  429.305306]  ? trace_hardirqs_on+0x10/0x10
[  429.309627]  ? lo_open+0x1d/0xb0
[  429.313044]  ? refcount_inc_not_zero+0x50/0xe0
[  429.317950]  ? mutex_trylock+0x1c0/0x1c0
[  429.322063]  ? find_held_lock+0x35/0x130
[  429.326287]  ? disk_get_part+0x9c/0x140
[  429.330346]  ? lock_downgrade+0x6e0/0x6e0
[  429.334520]  ? loop_unregister_transfer+0x90/0x90
[  429.339480]  mutex_lock_nested+0x16/0x20
[  429.344354]  ? mutex_lock_nested+0x16/0x20
[  429.348762]  lo_open+0x1d/0xb0
[  429.352056]  __blkdev_get+0x2c9/0x1120
[  429.355968]  ? __blkdev_put+0x7f0/0x7f0
[  429.360100]  ? bd_acquire+0x178/0x2c0
[  429.363916]  ? find_held_lock+0x35/0x130
[  429.367985]  blkdev_get+0xa8/0x8e0
[  429.371589]  ? bd_may_claim+0xd0/0xd0
[  429.375506]  ? _raw_spin_unlock+0x2d/0x50
[  429.379716]  blkdev_open+0x1d1/0x260
[  429.383495]  ? security_file_open+0x8f/0x1a0
[  429.388139]  do_dentry_open+0x73e/0xeb0
[  429.392167]  ? bd_acquire+0x2c0/0x2c0
[  429.395981]  vfs_open+0x105/0x230
[  429.399429]  path_openat+0x8bd/0x3f70
[  429.403288]  ? trace_hardirqs_on+0x10/0x10
[  429.407541]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  429.412261]  ? find_held_lock+0x35/0x130
[  429.416336]  ? __alloc_fd+0x1d4/0x4a0
[  429.420327]  do_filp_open+0x18e/0x250
[  429.424135]  ? may_open_dev+0xe0/0xe0
[  429.427983]  ? _raw_spin_unlock+0x2d/0x50
[  429.432303]  ? __alloc_fd+0x1d4/0x4a0
[  429.436139]  do_sys_open+0x2c5/0x430
[  429.439880]  ? filp_open+0x70/0x70
[  429.443577]  SyS_open+0x2d/0x40
[  429.446867]  ? do_sys_open+0x430/0x430
[  429.450799]  do_syscall_64+0x1eb/0x630
[  429.454699]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.459538]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.464816] RIP: 0033:0x7fc7190f4120
[  429.468524] RSP: 002b:00007ffc05258258 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  429.476874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc7190f4120
[  429.484189] RDX: 00007ffc05259f34 RSI: 0000000000000000 RDI: 00007ffc05259f34
[  429.491766] RBP: 0000000000000000 R08: 0000000000000078 R09: 0000000000000000
[  429.499041] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000016c0030
[  429.506673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005
[  429.514158] INFO: task syz-executor.1:7736 blocked for more than 140 seconds.
[  429.521707]       Not tainted 4.14.113 #3
[  429.525892] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.534074] syz-executor.1  D29264  7736   7268 0x00000004
[  429.539732] Call Trace:
[  429.542394]  __schedule+0x7be/0x1cf0
[  429.546296]  ? __mutex_lock+0x737/0x1470
[  429.550421]  ? pci_mmcfg_check_reserved+0x150/0x150
[  429.555455]  schedule+0x92/0x1c0
[  429.558830]  schedule_preempt_disabled+0x13/0x20
[  429.563857]  __mutex_lock+0x73c/0x1470
[  429.568078]  ? blkdev_reread_part+0x1f/0x40
[  429.572473]  ? mutex_trylock+0x1c0/0x1c0
[  429.576762]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  429.582017]  ? __wake_up_common_lock+0xe3/0x160
[  429.586696]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  429.591992]  mutex_lock_nested+0x16/0x20
[  429.596060]  ? mutex_lock_nested+0x16/0x20
[  429.601239]  blkdev_reread_part+0x1f/0x40
[  429.605398]  loop_reread_partitions+0x7c/0x90
[  429.609893]  loop_set_status+0xc28/0x1200
[  429.614250]  loop_set_status64+0xa6/0xf0
[  429.618318]  ? loop_set_status_old+0x2d0/0x2d0
[  429.622994]  lo_ioctl+0x5c1/0x1c70
[  429.626709]  ? loop_probe+0x160/0x160
[  429.630842]  blkdev_ioctl+0x983/0x1880
[  429.634859]  ? blkpg_ioctl+0x980/0x980
[  429.638773]  ? __might_sleep+0x93/0xb0
[  429.642737]  ? __fget+0x210/0x370
[  429.646323]  block_ioctl+0xde/0x120
[  429.649949]  ? blkdev_fallocate+0x3b0/0x3b0
[  429.654383]  do_vfs_ioctl+0x7b9/0x1070
[  429.658387]  ? selinux_file_mprotect+0x5d0/0x5d0
[  429.663194]  ? lock_downgrade+0x6e0/0x6e0
[  429.667354]  ? ioctl_preallocate+0x1c0/0x1c0
[  429.672129]  ? __fget+0x237/0x370
[  429.675747]  ? security_file_ioctl+0x8f/0xc0
[  429.680342]  SyS_ioctl+0x8f/0xc0
[  429.683725]  ? do_vfs_ioctl+0x1070/0x1070
[  429.687878]  do_syscall_64+0x1eb/0x630
[  429.692004]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.696922]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.702299] RIP: 0033:0x458c17
[  429.705718] RSP: 002b:00007f6efc8509f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  429.713844] RAX: ffffffffffffffda RBX: 00007f6efc8516d4 RCX: 0000000000458c17
[  429.721462] RDX: 00007f6efc850ab0 RSI: 0000000000004c04 RDI: 0000000000000004
[  429.728755] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a
[  429.736797] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000003
[  429.744399] R13: 0000000000000003 R14: 0000000000000004 R15: 00000000ffffffff
[  429.752204] INFO: task blkid:7739 blocked for more than 140 seconds.
[  429.759572]       Not tainted 4.14.113 #3
[  429.763861] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.772154] blkid           D28880  7739   7230 0x00000004
[  429.777798] Call Trace:
[  429.780465]  __schedule+0x7be/0x1cf0
[  429.784204]  ? __mutex_lock+0x737/0x1470
[  429.788517]  ? pci_mmcfg_check_reserved+0x150/0x150
[  429.793970]  schedule+0x92/0x1c0
[  429.797585]  schedule_preempt_disabled+0x13/0x20
[  429.802551]  __mutex_lock+0x73c/0x1470
[  429.806494]  ? lo_open+0x1d/0xb0
[  429.809927]  ? refcount_inc_not_zero+0x50/0xe0
[  429.814632]  ? mutex_trylock+0x1c0/0x1c0
[  429.818856]  ? exact_match+0xd/0x20
[  429.822597]  ? kobj_lookup+0x319/0x410
[  429.826574]  ? loop_unregister_transfer+0x90/0x90
[  429.831832]  mutex_lock_nested+0x16/0x20
[  429.835925]  ? mutex_lock_nested+0x16/0x20
[  429.840328]  lo_open+0x1d/0xb0
[  429.843550]  __blkdev_get+0xab1/0x1120
[  429.847551]  ? __blkdev_put+0x7f0/0x7f0
[  429.851659]  ? bd_acquire+0x178/0x2c0
[  429.855472]  ? find_held_lock+0x35/0x130
[  429.859706]  blkdev_get+0xa8/0x8e0
[  429.863971]  ? bd_may_claim+0xd0/0xd0
[  429.868287]  ? _raw_spin_unlock+0x2d/0x50
[  429.872526]  blkdev_open+0x1d1/0x260
[  429.876286]  ? security_file_open+0x8f/0x1a0
[  429.880758]  do_dentry_open+0x73e/0xeb0
[  429.884747]  ? bd_acquire+0x2c0/0x2c0
[  429.888541]  vfs_open+0x105/0x230
[  429.892044]  path_openat+0x8bd/0x3f70
[  429.895855]  ? trace_hardirqs_on+0x10/0x10
[  429.900146]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  429.904823]  ? find_held_lock+0x35/0x130
[  429.908985]  ? __alloc_fd+0x1d4/0x4a0
[  429.912856]  do_filp_open+0x18e/0x250
[  429.916667]  ? may_open_dev+0xe0/0xe0
[  429.920545]  ? _raw_spin_unlock+0x2d/0x50
[  429.924699]  ? __alloc_fd+0x1d4/0x4a0
[  429.928611]  do_sys_open+0x2c5/0x430
[  429.932384]  ? filp_open+0x70/0x70
[  429.936020]  SyS_open+0x2d/0x40
[  429.939282]  ? do_sys_open+0x430/0x430
[  429.943244]  do_syscall_64+0x1eb/0x630
[  429.947134]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  429.952033]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  429.957258] RIP: 0033:0x7fd18a82c120
[  429.961222] RSP: 002b:00007ffea14bd0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  429.969065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd18a82c120
[  429.976427] RDX: 00007ffea14bef41 RSI: 0000000000000000 RDI: 00007ffea14bef41
[  429.984189] RBP: 0000000000000000 R08: 0000000000000078 R09: 0000000000000000
[  429.992113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001617030
[  429.999411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005
[  430.006766] INFO: task blkid:7740 blocked for more than 140 seconds.
[  430.013315]       Not tainted 4.14.113 #3
[  430.017462] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  430.025586] blkid           D28880  7740   7231 0x00000004
[  430.031269] Call Trace:
[  430.033966]  __schedule+0x7be/0x1cf0
[  430.037910]  ? __mutex_lock+0x737/0x1470
[  430.042045]  ? pci_mmcfg_check_reserved+0x150/0x150
[  430.047074]  schedule+0x92/0x1c0
[  430.050476]  schedule_preempt_disabled+0x13/0x20
[  430.055350]  __mutex_lock+0x73c/0x1470
[  430.059226]  ? __mutex_unlock_slowpath+0x71/0x800
[  430.064135]  ? __blkdev_get+0x145/0x1120
[  430.068213]  ? mutex_trylock+0x1c0/0x1c0
[  430.072416]  ? exact_match+0xd/0x20
[  430.076052]  ? kobj_lookup+0x319/0x410
[  430.079937]  ? blkdev_ioctl+0x1880/0x1880
[  430.084147]  mutex_lock_nested+0x16/0x20
[  430.088212]  ? mutex_lock_nested+0x16/0x20
[  430.092501]  __blkdev_get+0x145/0x1120
[  430.096400]  ? __blkdev_put+0x7f0/0x7f0
[  430.100518]  ? bd_acquire+0x178/0x2c0
[  430.104424]  ? find_held_lock+0x35/0x130
[  430.108497]  blkdev_get+0xa8/0x8e0
[  430.112224]  ? bd_may_claim+0xd0/0xd0
[  430.116052]  ? _raw_spin_unlock+0x2d/0x50
[  430.121052]  blkdev_open+0x1d1/0x260
[  430.124774]  ? security_file_open+0x8f/0x1a0
[  430.129169]  do_dentry_open+0x73e/0xeb0
[  430.133203]  ? bd_acquire+0x2c0/0x2c0
[  430.137052]  vfs_open+0x105/0x230
[  430.140574]  path_openat+0x8bd/0x3f70
[  430.144627]  ? trace_hardirqs_on+0x10/0x10
[  430.148885]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  430.153806]  ? find_held_lock+0x35/0x130
[  430.158070]  ? __alloc_fd+0x1d4/0x4a0
[  430.161939]  do_filp_open+0x18e/0x250
[  430.165747]  ? may_open_dev+0xe0/0xe0
[  430.169540]  ? _raw_spin_unlock+0x2d/0x50
[  430.173781]  ? __alloc_fd+0x1d4/0x4a0
[  430.177609]  do_sys_open+0x2c5/0x430
[  430.181380]  ? filp_open+0x70/0x70
[  430.184944]  SyS_open+0x2d/0x40
[  430.188210]  ? do_sys_open+0x430/0x430
[  430.192151]  do_syscall_64+0x1eb/0x630
[  430.196044]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  430.200986]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  430.206182] RIP: 0033:0x7f07b0fcb120
[  430.209969] RSP: 002b:00007ffdcfae0808 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  430.217792] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07b0fcb120
[  430.225257] RDX: 00007ffdcfae2f34 RSI: 0000000000000000 RDI: 00007ffdcfae2f34
[  430.232610] RBP: 0000000000000000 R08: 0000000000000078 R09: 0000000000000000
[  430.239895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000e3c030
[  430.247248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005
[  430.254928] 
[  430.254928] Showing all locks held in the system:
[  430.261326] 1 lock held by khungtaskd/1008:
[  430.265776]  #0:  (tasklist_lock){.+.+}, at: [<ffffffff81486f98>] debug_show_all_locks+0x7f/0x21f
[  430.274933] 2 locks held by getty/7223:
[  430.278917]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.287774]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.297148] 2 locks held by getty/7224:
[  430.301348]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.310132]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.319528] 2 locks held by getty/7225:
[  430.323565]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.332289]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.341647] 2 locks held by getty/7226:
[  430.345704]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.354614]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.363981] 2 locks held by getty/7227:
[  430.367954]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.376690]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.386061] 2 locks held by getty/7228:
[  430.390079]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.398771]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.408113] 2 locks held by getty/7229:
[  430.412128]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b0323>] ldsem_down_read+0x33/0x40
[  430.420857]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310c666>] n_tty_read+0x1e6/0x17b0
[  430.430422] 3 locks held by syz-executor.0/7264:
[  430.435167]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a7936>] __blkdev_put+0xa6/0x7f0
[  430.443736]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373b1ee>] lo_release+0x1e/0x1b0
[  430.452210]  #2:  (loop_ctl_mutex#2){+.+.}, at: [<ffffffff8373b254>] lo_release+0x84/0x1b0
[  430.460695] 2 locks held by syz-executor.5/7267:
[  430.465477]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.474269]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373663d>] lo_open+0x1d/0xb0
[  430.482396] 2 locks held by syz-executor.2/7269:
[  430.487143]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.495861]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373663d>] lo_open+0x1d/0xb0
[  430.503984] 2 locks held by syz-executor.3/7270:
[  430.508736]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.517466]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373663d>] lo_open+0x1d/0xb0
[  430.525756] 1 lock held by syz-executor.4/7271:
[  430.530449]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.539376] 2 locks held by blkid/7728:
[  430.543392]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.552122]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373663d>] lo_open+0x1d/0xb0
[  430.560251] 2 locks held by syz-executor.1/7736:
[  430.565017]  #0:  (loop_ctl_mutex/1){+.+.}, at: [<ffffffff8373cec7>] lo_ioctl+0x87/0x1c70
[  430.573642]  #1:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff82caa54f>] blkdev_reread_part+0x1f/0x40
[  430.582649] 2 locks held by blkid/7739:
[  430.586619]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.595347]  #1:  (loop_index_mutex){+.+.}, at: [<ffffffff8373663d>] lo_open+0x1d/0xb0
[  430.603588] 1 lock held by blkid/7740:
[  430.607469]  #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff819a81c5>] __blkdev_get+0x145/0x1120
[  430.616370] 
[  430.618019] =============================================
[  430.618019] 
[  430.625416] NMI backtrace for cpu 1
[  430.629063] CPU: 1 PID: 1008 Comm: khungtaskd Not tainted 4.14.113 #3
[  430.635626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  430.644967] Call Trace:
[  430.647549]  dump_stack+0x138/0x19c
[  430.651307]  nmi_cpu_backtrace.cold+0x57/0x94
[  430.656177]  ? irq_force_complete_move.cold+0x7d/0x7d
[  430.661373]  nmi_trigger_cpumask_backtrace+0x141/0x189
[  430.666655]  arch_trigger_cpumask_backtrace+0x14/0x20
[  430.671943]  watchdog+0x5e7/0xb90
[  430.675504]  kthread+0x31c/0x430
[  430.678905]  ? hungtask_pm_notify+0x60/0x60
[  430.683238]  ? kthread_create_on_node+0xd0/0xd0
[  430.687937]  ret_from_fork+0x3a/0x50
[  430.691930] Sending NMI from CPU 1 to CPUs 0:
[  430.696856] NMI backtrace for cpu 0
[  430.696861] CPU: 0 PID: 2299 Comm: kworker/u4:4 Not tainted 4.14.113 #3
[  430.696868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  430.696870] Workqueue: bat_events batadv_nc_worker
[  430.696876] task: ffff8880a1b68540 task.stack: ffff8880a1b70000
[  430.696879] RIP: 0010:lock_release+0x38c/0x940
[  430.696881] RSP: 0018:ffff8880a1b77bd0 EFLAGS: 00000046
[  430.696890] RAX: 0000000000000000 RBX: 1ffff1101436ef80 RCX: 1ffff1101436d1b6
[  430.696893] RDX: 0000000000000003 RSI: 0000000000000003 RDI: ffff8880a1b68540
[  430.696897] RBP: ffff8880a1b77c68 R08: ffff8880a1b68540 R09: 0000000000000003
[  430.696901] R10: 0000000000000000 R11: ffff8880a1b68540 R12: 0a99f4b87723b82a
[  430.696907] R13: ffffffff8603a53e R14: ffffffff891a5640 R15: ffff8880a1b77c40
[  430.696917] FS:  0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
[  430.696923] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  430.696926] CR2: 00007fd5b81ba000 CR3: 0000000075967000 CR4: 00000000001406f0
[  430.696930] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  430.696939] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  430.696941] Call Trace:
[  430.696944]  ? lock_downgrade+0x6e0/0x6e0
[  430.696950]  batadv_nc_process_nc_paths.part.0+0x225/0x350
[  430.696958]  ? batadv_nc_sniffed_purge+0x310/0x310
[  430.696964]  batadv_nc_worker+0x4bb/0x6d0
[  430.696967]  process_one_work+0x868/0x1610
[  430.696972]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[  430.696977]  worker_thread+0x5d9/0x1050
[  430.696979]  kthread+0x31c/0x430
[  430.696984]  ? process_one_work+0x1610/0x1610
[  430.696987]  ? kthread_create_on_node+0xd0/0xd0
[  430.696990]  ret_from_fork+0x3a/0x50
[  430.696991] Code: 03 80 3c 01 00 0f 85 c7 04 00 00 4d 89 a0 70 08 00 00 83 c2 01 44 89 ce 4c 89 c7 44 89 8d 78 ff ff ff 4c 89 45 80 e8 b4 ea ff ff <4c> 8b 45 80 85 c0 44 8b 8d 78 ff ff ff 75 38 48 b8 00 00 00 00 
[  430.697523] Kernel panic - not syncing: hung_task: blocked tasks
[  430.887302] CPU: 1 PID: 1008 Comm: khungtaskd Not tainted 4.14.113 #3
[  430.893878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  430.903615] Call Trace:
[  430.906235]  dump_stack+0x138/0x19c
[  430.909872]  panic+0x1f2/0x438
[  430.913069]  ? add_taint.cold+0x16/0x16
[  430.917074]  ? ___preempt_schedule+0x16/0x18
[  430.921476]  watchdog+0x5f8/0xb90
[  430.924931]  kthread+0x31c/0x430
[  430.928284]  ? hungtask_pm_notify+0x60/0x60
[  430.932601]  ? kthread_create_on_node+0xd0/0xd0
[  430.937268]  ret_from_fork+0x3a/0x50
[  430.942606] Kernel Offset: disabled
[  430.946237] Rebooting in 86400 seconds..