[   46.369871] audit: type=1800 audit(1568996514.626:30): pid=7833 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   51.313404] kauditd_printk_skb: 4 callbacks suppressed
[   51.313419] audit: type=1400 audit(1568996519.626:35): avc:  denied  { map } for  pid=8008 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts.
2019/09/20 16:22:06 fuzzer started
[   57.812454] audit: type=1400 audit(1568996526.126:36): avc:  denied  { map } for  pid=8017 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/09/20 16:22:07 dialing manager at 10.128.0.105:36377
2019/09/20 16:22:07 syscalls: 2488
2019/09/20 16:22:07 code coverage: enabled
2019/09/20 16:22:07 comparison tracing: enabled
2019/09/20 16:22:07 extra coverage: extra coverage is not supported by the kernel
2019/09/20 16:22:07 setuid sandbox: enabled
2019/09/20 16:22:07 namespace sandbox: enabled
2019/09/20 16:22:07 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/20 16:22:07 fault injection: enabled
2019/09/20 16:22:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/20 16:22:07 net packet injection: enabled
2019/09/20 16:22:07 net device setup: enabled
16:24:15 executing program 0:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f)
open(&(0x7f0000000e00)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

[  186.700270] audit: type=1400 audit(1568996655.006:37): avc:  denied  { map } for  pid=8034 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=29 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[  186.790928] IPVS: ftp: loaded support on port[0] = 21
16:24:15 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071")
recvmsg(r0, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x18}}, 0x0)

[  186.903530] chnl_net:caif_netlink_parms(): no params data found
[  186.996883] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.005143] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.013261] device bridge_slave_0 entered promiscuous mode
[  187.022735] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.029317] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.038111] device bridge_slave_1 entered promiscuous mode
[  187.072052] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  187.082671] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  187.108018] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  187.117071] team0: Port device team_slave_0 added
[  187.123535] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  187.127902] IPVS: ftp: loaded support on port[0] = 21
[  187.131221] team0: Port device team_slave_1 added
[  187.141591] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  187.149459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
16:24:15 executing program 2:
msgsnd(0x0, &(0x7f0000001940)=ANY=[], 0x0, 0x0)

[  187.225595] device hsr_slave_0 entered promiscuous mode
[  187.262081] device hsr_slave_1 entered promiscuous mode
[  187.302651] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  187.311476] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  187.328898] IPVS: ftp: loaded support on port[0] = 21
[  187.380880] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.387477] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.394747] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.401282] bridge0: port 1(bridge_slave_0) entered forwarding state
16:24:15 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000012000dc5000000000000000028001a00ffffffff000000000000000000cbc6000000000000000000000000000000000102000000"], 0x38}, 0x8}, 0x0)

[  187.636788] chnl_net:caif_netlink_parms(): no params data found
[  187.673254] chnl_net:caif_netlink_parms(): no params data found
[  187.691557] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  187.699156] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.729495] IPVS: ftp: loaded support on port[0] = 21
[  187.738908] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
16:24:16 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@assoc={0x18, 0x117, 0x4, 0x5}], 0x18}, 0x0)
write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8)
recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xfeb8}], 0x1}}], 0x1, 0x0, 0x0)

[  187.815078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  187.838783] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.869765] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.877606] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  187.929964] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  187.930099] IPVS: ftp: loaded support on port[0] = 21
[  187.938068] 8021q: adding VLAN 0 to HW filter on device team0
[  187.951484] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.960483] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.974153] device bridge_slave_0 entered promiscuous mode
[  187.986364] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.995311] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.005654] device bridge_slave_0 entered promiscuous mode
[  188.019198] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.029163] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.038531] device bridge_slave_1 entered promiscuous mode
[  188.061391] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  188.073851] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.080436] bridge0: port 2(bridge_slave_1) entered disabled state
16:24:16 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b700000001ed9fffbfa30000000000000703000031feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400500000000006504010001ed00003400000000ffffffde640000000000007b0a00fe000000002f14000000000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693002e7f3be361917adef6ee1caa2b4f8ef1e50becb19bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b5e4fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94369e646b8ee6de2109fbe4ef154400e2438ec649dc74a1a610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06ad99edc3a6138d5fcfba53f8d0c67ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a4040996e37c4f46756d50b928f63fc77b830282294484fa6da21b62987c71c1d6e6297eadbab95444937b029e3bd90eef51977a085eaa790167cdd110d9fcc36a8dc6cf1c8e24fe23d7b6727a611b731c6fc186844deadc5bdaa83c0556cbb3c059b6ea6b49c6508ebb5e"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48)

[  188.089281] device bridge_slave_1 entered promiscuous mode
[  188.116115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  188.132975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  188.141430] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.148121] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.166650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  188.211126] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  188.219903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  188.228258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  188.236486] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.242894] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.255925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  188.268510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  188.284570] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  188.294982] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  188.303786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  188.312335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  188.341368] IPVS: ftp: loaded support on port[0] = 21
[  188.342231] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  188.357933] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  188.371527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  188.379610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  188.390852] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  188.405707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  188.440230] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  188.449315] team0: Port device team_slave_0 added
[  188.455412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  188.463375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  188.474257] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  188.482888] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  188.490443] team0: Port device team_slave_0 added
[  188.497096] chnl_net:caif_netlink_parms(): no params data found
[  188.506998] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  188.514949] team0: Port device team_slave_1 added
[  188.523245] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  188.530701] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  188.538725] team0: Port device team_slave_1 added
[  188.545737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  188.553897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  188.563853] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  188.587042] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  188.598881] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  188.610731] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  188.619969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  188.628336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  188.744683] device hsr_slave_0 entered promiscuous mode
[  188.782095] device hsr_slave_1 entered promiscuous mode
[  188.822763] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  188.830668] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  188.885190] device hsr_slave_0 entered promiscuous mode
[  188.932155] device hsr_slave_1 entered promiscuous mode
[  188.974614] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  188.988203] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  188.995827] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  189.016260] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  189.031989] chnl_net:caif_netlink_parms(): no params data found
[  189.053763] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.060315] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.068144] device bridge_slave_0 entered promiscuous mode
[  189.078725] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.087492] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.095985] device bridge_slave_1 entered promiscuous mode
[  189.136159] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.146358] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  189.157630] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  189.180799] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  189.228711] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  189.274566] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.281345] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.289697] device bridge_slave_0 entered promiscuous mode
[  189.298461] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  189.306783] team0: Port device team_slave_0 added
[  189.313586] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  189.320949] team0: Port device team_slave_1 added
[  189.333567] 8021q: adding VLAN 0 to HW filter on device batadv0
[  189.348033] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.355071] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.363479] device bridge_slave_1 entered promiscuous mode
[  189.370476] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  189.378777] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  189.386154] chnl_net:caif_netlink_parms(): no params data found
[  189.465755] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.477106] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  189.501378] audit: type=1400 audit(1568996657.806:38): avc:  denied  { associate } for  pid=8035 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[  189.563979] device hsr_slave_0 entered promiscuous mode
[  189.612302] device hsr_slave_1 entered promiscuous mode
[  189.657703] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.664592] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.672585] device bridge_slave_0 entered promiscuous mode
[  189.684862] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.697654] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  189.721483] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.731649] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.738273] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.749123] device bridge_slave_1 entered promiscuous mode
[  189.769372] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  189.780693] team0: Port device team_slave_0 added
[  189.793887] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  189.801663] team0: Port device team_slave_1 added
[  189.807468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  189.815306] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  189.831302] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  189.841187] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.850096] hrtimer: interrupt took 26313 ns
[  189.855296] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  189.868827] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  189.883377] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  189.913383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  189.921018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  189.932743] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  189.965660] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  189.972860] 8021q: adding VLAN 0 to HW filter on device team0
[  189.980414] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
16:24:18 executing program 0:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f)
open(&(0x7f0000000e00)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
sendfile(r0, r0, &(0x7f0000000180)=0x74000000, 0x5)

[  190.045979] device hsr_slave_0 entered promiscuous mode
[  190.073370] device hsr_slave_1 entered promiscuous mode
[  190.125775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  190.140152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  190.150892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  190.164297] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
16:24:18 executing program 0:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x6610bef197cb7c00, 0x0)

[  190.171648] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  190.178927] 8021q: adding VLAN 0 to HW filter on device team0
[  190.187286] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  190.195627] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  190.207966] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  190.216242] team0: Port device team_slave_0 added
[  190.224471] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  190.237037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  190.245410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  190.274855] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.281279] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.288662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  190.297866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  190.306514] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.313155] bridge0: port 2(bridge_slave_1) entered forwarding state
16:24:18 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x1b2)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "215e23b6a14a937e", "df28196f6317ffbc13846cbe59f4f1b8c255c35c6b898da733494d6ae33cbdfb", "7b45bfdf", "1215ddea89823d54"}, 0x38)
sendmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[{0x138}, {0x10}], 0x20}, 0x0)

[  190.324935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  190.348733] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  190.356859] team0: Port device team_slave_1 added
[  190.367222] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  190.381641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
16:24:18 executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001840)={<r0=>0xffffffffffffffff})
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r2, &(0x7f00000000c0)={0xc, 0x8, 0xfa00, {&(0x7f0000000280)}}, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x80000000001, &(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000140)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r3}}, 0x171)

[  190.394141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  190.404760] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  190.423304] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.429757] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.437129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  190.450829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  190.462136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  190.474126] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  190.485771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  190.493331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  190.502783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  190.511531] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.518441] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.527044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  190.538912] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  190.546543] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  190.564168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  190.603938] device hsr_slave_0 entered promiscuous mode
[  190.642623] device hsr_slave_1 entered promiscuous mode
16:24:19 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'nr0\x01\x00', 0x1})
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8913, &(0x7f0000000100)='nr0\x01:\xf6.\xa3:>$?\xfa\xbf\nUM\xbf\xef\xad\xac\x03x\xf4D3A}?\x00\x8b\x9c[\xdd\x06\xa4%\xf4\x87\x00\x00\x00\xf9\xb8\xbd#\xe2\x95\xe3\x86\xa9:#\x86\xb7\x97\x96\x1f\xc4\xdf\x0f\f\x8d\xae\x1e\x0f\xa1\x83\xae\xb4\xd6q\x93\xf5U\xcb\xe9\xb9S\xdc\x89\xf7\xf8\xdd\xa4o\xc5\xe8s6U\x16:\xc0\x9c\xb3:\xda\a\xbdG\xbfB\x02p*AiRl\xe6\xa2#\x14\xfa\xc7j\x8e\xef\x8eO\xb8\xf3X\xe2;\t\xf9\x83\x8e\x9a\xac\xd1\xc0\xda\x12\r$\xeb\xc2\xf9\'\x7f\vp\xc3N\xb3\xf1\x06eJ\xd5?C`|>\xad\xa8\x95\xa2\x15\x14\x81\x80qd\xbf\x0e\x83\xe2\xa8JZt\x9c\xd2\x93@\x1e\xa3H@\xa7\xa4\x8e\x9f\x8a\xf8\x9b\x87\x16IJ\x00\x01\x00\x00\x00\x00\x00\x00\x83 \xda\xaaQJ|\xf9\xa1\xd3\xd2\xcb\x19\xaasU\xad\x133\x82\x8d\x1d\x81\xec\xaf\xd6\xc9tj\xf2\\\x82\'\xc6\xf1L\xb7\x1b\xa5\xfa')

[  190.694856] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  190.707101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  190.719680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  190.730774] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  190.742425] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  190.769071] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  190.783080] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  190.791940] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  190.804870] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  190.813128] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  190.822222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  190.831284] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  190.843729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  190.860953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  190.879673] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.893951] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  190.904205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  190.914608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  190.924056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  190.932459] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  190.957064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  190.965920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  190.974440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  190.986156] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  191.003249] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  191.013324] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  191.030892] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  191.039685] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  191.056137] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  191.066071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.073681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.080775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  191.088907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  191.096487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  191.104721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  191.112857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  191.120726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  191.139607] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  191.146793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  191.166171] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  191.174061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  191.186246] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  191.193357] 8021q: adding VLAN 0 to HW filter on device team0
[  191.226800] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.237554] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  191.249272] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  191.261591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  191.269978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.278421] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.285146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.297003] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  191.307975] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  191.318645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  191.331580] 8021q: adding VLAN 0 to HW filter on device batadv0
16:24:19 executing program 0:
r0 = socket$inet(0x2, 0x3, 0x800000800000001)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x10, &(0x7f0000000000)={{0x0, @local, 0x0, 0x0, 'lblcr\x00'}, {@multicast2}}, 0x44)

[  191.348548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  191.363925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  191.386568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
16:24:19 executing program 0:
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071")
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
splice(r1, 0x0, r0, 0x0, 0x7fffffff, 0x0)
sendto$packet(r1, &(0x7f0000000340), 0xfffffffffffffd4d, 0x0, 0x0, 0x0)

[  191.398007] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.404541] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.422471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  191.445795] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  191.455920] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  191.473604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  191.481194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.489734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.498089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  191.507087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  191.520039] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  191.529413] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  191.539987] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  191.552862] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  191.588233] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.606518] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  191.614253] 8021q: adding VLAN 0 to HW filter on device team0
[  191.620773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  191.635783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  191.659410] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  191.677052] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  191.686831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  191.694961] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  191.702866] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  191.710545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  191.718590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.727658] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.734435] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.742582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  191.755988] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  191.765402] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.775213] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  191.783197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  191.791526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  191.800661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.808830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.824471] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  191.830598] 8021q: adding VLAN 0 to HW filter on device team0
[  191.839785] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  191.858940] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  191.866748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  191.901665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  191.910453] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  191.923403] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.929868] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.940195] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  191.952579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  191.961087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  191.971547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  191.980274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.988722] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.995192] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.003151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.016662] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  192.030583] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  192.039698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  192.049512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  192.059004] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.065842] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.073216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  192.087054] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
16:24:20 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
getpeername(r0, 0x0, &(0x7f00000006c0))

16:24:20 executing program 2:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
ftruncate(r0, 0x2081fc)
ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, 0x0)
r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0)
write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
ftruncate(0xffffffffffffffff, 0x2081fc)
io_submit(0x0, 0x1, &(0x7f00000014c0)=[0x0])
r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0)
fcntl$setstatus(r2, 0x4, 0x40400)
write$FUSE_WRITE(r2, &(0x7f0000000080)={0x18}, 0x18)

[  192.099891] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  192.110440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  192.125752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  192.134715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  192.149878] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  192.187618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  192.208151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  192.219683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  192.240605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  192.265702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  192.279617] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  192.293750] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.304520] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  192.322397] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  192.330026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  192.343553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  192.353767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  192.363089] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  192.373259] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  192.383904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  192.405889] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  192.422426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  192.430882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  192.439295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  192.447158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  192.463324] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  192.480429] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  192.487365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  192.503746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  192.512448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  192.522348] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  192.546491] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  192.558382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  192.566454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  192.575516] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  192.581958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  192.620055] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  192.638174] 8021q: adding VLAN 0 to HW filter on device batadv0
16:24:21 executing program 3:
pipe(&(0x7f0000000300))
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x1, 0x8}, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
arch_prctl$ARCH_SET_GS(0x1001, 0x5)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
lseek(r2, 0x0, 0x4)
creat(&(0x7f0000000140)='./file0\x00', 0x0)

[  192.664703] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.791510] audit: type=1400 audit(1568996661.096:39): avc:  denied  { prog_load } for  pid=8126 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
16:24:21 executing program 4:
r0 = socket$kcm(0x10, 0x800000000002, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$cgroup_type(r1, 0x0, 0x2, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000680)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000280)='cpB1\x82\x12,\xf8\x18\x11c\x17\v\x95\xdc\xa3\x18b\xbeV\x18\r\xe0Zt\x00', 0x0, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000340)='cp\xaf#\x8b\xa6\x12\xb9\x81\xc8\xe4\x1c\xc4\n+\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
r5 = openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
write$cgroup_int(r5, &(0x7f0000000580)=0x7, 0x12)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='io.stat\x00', 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100))
ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x8}, 0x2c)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0)
r7 = openat$cgroup_subtree(r6, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000040)={[{0x2d, 'pids'}]}, 0x6)
write$cgroup_subtree(r7, &(0x7f00000000c0)={[{0x0, 'pids'}]}, 0x6)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
openat$cgroup_procs(r8, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="2e000000280081aee4050cecdb4cb9040a485e510b000000000000000000000000008000"/46, 0x2e}], 0x1}, 0x0)
socket$kcm(0x29, 0x5, 0x0)

16:24:21 executing program 5:

16:24:21 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='schedstat\x00')
fcntl$F_SET_RW_HINT(r0, 0xf, &(0x7f0000000080)=0x468154964c098ee1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001840)={<r1=>0xffffffffffffffff})
fcntl$dupfd(r1, 0x0, r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text16={0x10, 0x0}], 0x1, 0x68, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00'})
socket$inet_udp(0x2, 0x2, 0x0)
pipe2(&(0x7f0000000200), 0x80000)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, &(0x7f00000000c0)={0x0, {{0x2, 0x4e21, @loopback}}}, 0x88)
getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xa, &(0x7f0000000240), &(0x7f0000000280)=0x4)
inotify_init()
syz_genetlink_get_family_id$ipvs(0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_score\x00')
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="640fd3250f20e06635000001000f22e02ed0210fc7bb0600640f00d70f2021660f3a0c4300f90fc77100baf80c66b83135fa8d66efbafc0cecf30f09", 0x3c}], 0x1, 0x0, 0x0, 0x0)

16:24:21 executing program 0:
r0 = socket(0x40000000001e, 0x1, 0x0)
getsockopt(r0, 0x800000010f, 0x89, &(0x7f00004ad000), &(0x7f0000000040)=0xffffffffffffffd6)

16:24:21 executing program 2:
r0 = socket(0x40000000000010, 0x802, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp\x00')
dup2(r0, r1)

[  192.950384] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
16:24:21 executing program 2:

16:24:21 executing program 5:
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x6)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
read$char_usb(r0, &(0x7f0000000040)=""/185, 0xb9)

[  192.984127] audit: type=1400 audit(1568996661.286:40): avc:  denied  { map_create } for  pid=8136 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
16:24:21 executing program 0:
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x2, &(0x7f0000000200)=@raw=[@map={0x18, 0x0, 0x1, 0x0, r0}], &(0x7f00000002c0)='GPL\x00', 0x4, 0xa4, &(0x7f0000000540)=""/164, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

[  193.130696] audit: type=1400 audit(1568996661.416:41): avc:  denied  { create } for  pid=8141 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  193.173093] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.4'.
16:24:21 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, 0x0, &(0x7f0000000600))

16:24:21 executing program 2:
write$UHID_SET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="0e003d69bb54000000000000cbf465db7e93905d67893fcf171b9c19cac264a5fdff1eefbf30cce46a78317bd284590fe0196d7329fefd45df86def3c125de241bc8703652a9889f5b0b21fc624e1cd86f4ad10896c7b489ef2b6ecc938ff33922bef43b97e72909b673beaeb82e502e986359865568129c0bce2158883538c83090d102bafa739cf1f36eaf80c1ba5c2a205038602c70e152f9145ca3d2ad29db43da2ad508cf00dbceccaae89fe9b637c86b9b1e2878c9d79cfc11184298507540faa2a1dd73463af856000495b04dace453a47dde31e55465eee44b2a3eb9efdf1fd2e97d51dd322d4623ca08e4acd4d7c0d61c912330a08ac5da000000"], 0xc)
r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55)
pipe(&(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x1, 0x8, 0x0, 0x1}, 0x0)
syz_open_procfs(r4, &(0x7f0000000440)='autogroup\x00')
ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000540)=0x3)
read(r3, &(0x7f0000000040)=""/11, 0xb)
r5 = syz_open_pts(r3, 0x0)
r6 = dup3(r5, r3, 0x0)
ioctl$TCSETA(r6, 0x5406, &(0x7f0000000080))
fcntl$setpipe(r2, 0x407, 0x0)
arch_prctl$ARCH_SET_GS(0x1001, 0x5)
gettid()
geteuid()
getegid()
r7 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fallocate(r7, 0x0, 0x0, 0x4003fe)
dup2(r1, r7)
r8 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
lseek(r8, 0x0, 0x4)

[  193.207243] audit: type=1400 audit(1568996661.436:42): avc:  denied  { write } for  pid=8141 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  193.244173] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.4'.
16:24:21 executing program 0:

[  193.296546] audit: type=1400 audit(1568996661.506:43): avc:  denied  { read } for  pid=8141 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  193.577737] audit: type=1804 audit(1568996661.886:44): pid=8170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir283866282/syzkaller.OWQpkw/4/file0" dev="sda1" ino=16535 res=1
[  193.638259] audit: type=1804 audit(1568996661.886:45): pid=8180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir283866282/syzkaller.OWQpkw/4/file0" dev="sda1" ino=16535 res=1
[  193.720525] audit: type=1804 audit(1568996662.026:46): pid=8129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir474331099/syzkaller.3vDPBT/1/file0" dev="sda1" ino=16537 res=1
16:24:22 executing program 3:

16:24:22 executing program 4:
r0 = socket$kcm(0x10, 0x800000000002, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$cgroup_type(r1, 0x0, 0x2, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000680)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000280)='cpB1\x82\x12,\xf8\x18\x11c\x17\v\x95\xdc\xa3\x18b\xbeV\x18\r\xe0Zt\x00', 0x0, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000340)='cp\xaf#\x8b\xa6\x12\xb9\x81\xc8\xe4\x1c\xc4\n+\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
r5 = openat$cgroup_ro(r4, 0x0, 0x0, 0x0)
write$cgroup_int(r5, &(0x7f0000000580)=0x7, 0x12)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='io.stat\x00', 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100))
ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x8}, 0x2c)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0)
r7 = openat$cgroup_subtree(r6, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000040)={[{0x2d, 'pids'}]}, 0x6)
write$cgroup_subtree(r7, &(0x7f00000000c0)={[{0x0, 'pids'}]}, 0x6)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
openat$cgroup_procs(r8, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="2e000000280081aee4050cecdb4cb9040a485e510b000000000000000000000000008000"/46, 0x2e}], 0x1}, 0x0)
socket$kcm(0x29, 0x5, 0x0)

16:24:22 executing program 5:

16:24:22 executing program 0:

16:24:22 executing program 2:

16:24:22 executing program 1:

[  193.781822] audit: type=1804 audit(1568996662.026:48): pid=8134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir474331099/syzkaller.3vDPBT/1/file0" dev="sda1" ino=16537 res=1
16:24:22 executing program 1:

16:24:22 executing program 2:

16:24:22 executing program 3:

[  193.904270] audit: type=1800 audit(1568996662.026:47): pid=8129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="sda1" ino=16537 res=0
16:24:22 executing program 5:

16:24:22 executing program 0:

[  193.960978] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.4'.
16:24:22 executing program 2:

16:24:22 executing program 5:

16:24:22 executing program 4:

16:24:22 executing program 1:

16:24:22 executing program 3:

16:24:22 executing program 0:

16:24:22 executing program 2:

16:24:22 executing program 1:

16:24:22 executing program 5:

16:24:22 executing program 3:

16:24:22 executing program 4:

16:24:22 executing program 0:

16:24:22 executing program 5:

16:24:22 executing program 2:
write$UHID_SET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000580)=ANY=[], 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x1, 0x8, 0x0, 0x1}, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fsetxattr$trusted_overlay_opaque(r1, 0x0, 0x0, 0x0, 0x0)
write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
lseek(r2, 0x0, 0x4)
creat(&(0x7f0000000140)='./file0\x00', 0x0)

16:24:22 executing program 1:

16:24:22 executing program 4:

16:24:22 executing program 3:

16:24:22 executing program 0:

16:24:22 executing program 5:

16:24:22 executing program 1:

16:24:22 executing program 4:

16:24:23 executing program 3:

16:24:23 executing program 5:

16:24:23 executing program 0:

16:24:23 executing program 1:

16:24:23 executing program 2:
write$UHID_SET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000580)=ANY=[], 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x1, 0x8, 0x0, 0x1}, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fsetxattr$trusted_overlay_opaque(r1, 0x0, 0x0, 0x0, 0x0)
write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
lseek(r2, 0x0, 0x4)
creat(&(0x7f0000000140)='./file0\x00', 0x0)

16:24:23 executing program 4:

16:24:23 executing program 3:

16:24:23 executing program 5:

16:24:23 executing program 0:

16:24:23 executing program 1:

16:24:23 executing program 4:

16:24:23 executing program 0:

16:24:23 executing program 5:

16:24:23 executing program 3:

16:24:23 executing program 1:

16:24:23 executing program 3:

16:24:24 executing program 2:

16:24:24 executing program 5:

16:24:24 executing program 1:

16:24:24 executing program 4:

16:24:24 executing program 0:

16:24:24 executing program 3:

16:24:24 executing program 4:

16:24:24 executing program 3:

16:24:24 executing program 2:

16:24:24 executing program 5:

16:24:24 executing program 0:

16:24:24 executing program 1:

16:24:24 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x800000800000001)
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000000)={{0x6, @local, 0x4e20, 0x2, 'lblcr\x00'}, {@multicast2, 0x0, 0x0, 0x2}}, 0x44)

16:24:24 executing program 4:
r0 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$set_timeout(0xf, r0, 0x1)

16:24:24 executing program 2:
getrandom(&(0x7f0000000240)=""/4096, 0x1000, 0x0)

16:24:24 executing program 3:
rt_sigprocmask(0x0, &(0x7f000003b000)={0xfffffffffffffffe}, 0x0, 0x8)
prlimit64(0x0, 0xb, &(0x7f000002fff0), 0x0)
r0 = gettid()
tkill(r0, 0x15)

16:24:24 executing program 1:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0}, &(0x7f0000000180)=0x14)
lsetxattr$security_evm(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='security.evm\x00', &(0x7f0000000400)=ANY=[@ANYBLOB="030209000000004000c7450285a9ac32572f49c1dc7a45f38ee953c6d4aee5115c99f06826e3de26af92493fb8e43ecda23b5e9c3410fc0fe4dda4c288998bcf68f3356274a7923fec14de1d09ce07806ebd3429e78218007a6030b55f8655a2b3080337a41af3d9a0b32304bb7e3fa9f81c232ae3a3a9f1ebcc197fa9aefe0231ed6e2df28e4eda5760687266b4ff7a72abbf9f60208adfa8d1f3eb5b035f1a69b351b2ddf78f8634f3689af7738f6836ad04db6a44a2383cabe911553b7f97d6de66246bcf0dfaa54eba4549f3310000"], 0xd1, 0x2)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000001c0)={@loopback, @multicast2, r2}, 0xc)
r3 = fcntl$dupfd(r1, 0x0, r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f0000000240)={<r6=>0x0, 0x401, 0x5, [0xfa42, 0x100, 0x8, 0xffffffffffffba06, 0x7fff]}, &(0x7f00000002c0)=0x12)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r7, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f0000000500)=<r8=>0x0)
get_robust_list(r8, &(0x7f0000000640)=&(0x7f0000000600)={&(0x7f0000000580)={&(0x7f0000000540)}, 0x0, &(0x7f00000005c0)}, &(0x7f0000000680)=0x18)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000300)=@sack_info={r6, 0x5, 0x6}, &(0x7f0000000340)=0xc)
accept$inet(r3, &(0x7f0000000040), &(0x7f00000000c0)=0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r9, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
fstatfs(r9, &(0x7f00000006c0)=""/54)
ioctl$IMCTRLREQ(r3, 0x80044945, &(0x7f0000000200)={0x200, 0x81, 0x1ac9, 0x577})
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x801, 0x0)
timerfd_gettime(r3, &(0x7f0000000000))
ioctl$BLKZEROOUT(r10, 0x127f, &(0x7f0000000080)={0x0, 0x4004400})

16:24:24 executing program 0:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x378}], 0x100000c7, 0x0)
syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0)
r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x7, 0x410040)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f00000000c0)=0xf91, 0x2)

16:24:24 executing program 5:
openat$tun(0xffffffffffffff9c, &(0x7f0000000500)='/dev/net/tun\x00', 0x1, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpeername$inet6(0xffffffffffffffff, 0x0, 0x0)
unshare(0x600)
ioctl$TIOCSTI(r0, 0x5412, 0x9)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'})
select(0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, &(0x7f0000000140)={0x0, 0x2710})
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x2, 0x0)
write$tun(r2, &(0x7f0000001200)=ANY=[@ANYBLOB="0000000060d615e00a520000fe80001800030000000000000000000000000000fffffffe000000000000000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000fe0ff989c07afebdbea5678e34a260020600007fff021e0000000000000003000069270000000900000f320000001b5523eb9a0002080a00000000000001ff0028165c256c7e73c24aa38db4d864c4b0e76f14044fd1b6660ac9c2411294fb5b2f66db0838251b5300b124bdb4629a084b1f27bf921a8671ac780d75581b2bbf537007aadedf6937a48557551efd0966828ef90901dbfdfd705a7d1350149d05f524d6a4a7a1c3e6af05738cf7c09a2f8c423741e673ffa0d56a2e2472e1503b3d4655d7d9340003adb8ea02dab6d60645d000463ae5a3c194778f1713a87b9eb87e649a55bd3ad7ccff99c521436538cc4438d479e350b387303a04e7b7a6f0e0cb57a34575d3f545fd2ab4d493f43536f6f64072c89a96f164a2fbfc7e33e5b872bdc1e9dca587ba58b6cca3c6e45ee92a1daab23b3bdbe85126e8c49cfe9e6f3826ff10a0baa352e9ce70e784f9f20531f806af79b7793df48b7f60b333a5601a0a9198689209b51cf3ba2227933e2dc6857c38b09fc2e06090faf6bb7e191cb3aa24beaeeb4aebceab3b6bf1e50a8201b09b421853d7d3e1feb4e9e0fadaecd8dfd2c2900203d9f2536264fc3c949db1134a8f859457f671ebf7aa059bc3673253bc0774c98d0a91799db1add2ed7ac6f7f25b60bf0d5c2d891a5dad13bdf554891dd45549ec9554f18ed5d14ee32ded20c5e7f363975da8f9058de7ae0df7cfdca9fa5bdde5dac27c4ed80c0841a880cb44d160192911137057e7608f1f1b1dea3f7f26144906392eab5457d9ff54bbef0d0e00f680226d9560e7ef5b87fdca51bb640127a7750b48a72d2f1278b1c7d52abeed178ffdb193c5125cb2b1c65837011bb0f81153bcb423dadc1ce2f2a3e6cdcddc54f6e00dfd3b04164ae4fd8df28ee0b45acb818c610f084a52fc1747f3f64fe6d9799d54635eae1fd70e20de261c19b5da9e7a6096d718ad90e14900dd2ea378f70ccc9c3365f75f586cfa79ba4b6faad995081b2e9f59440de7e38ef1e5d68de575051707d2b8dd6d265e8271d5d2c4986492b383a7176714954cef5e8af8d153b946136842a372d744080391c866aad9139dd034f0c627173b4f2e11c21cf9fbb35008e6ef2f28484587fd57a479d163c6e2fb154b0ebd67d4ef1b64242423e7a9c196504154d0f5927db95545cb48d8c27fbb32b7a34d2728cc369fca9fb4b4afd8b00f2f5fd420f243096b1a9f92e25d8c286668590692e9a7bd98a9c9b546ea75f6b7b1a10dc1d454b065d0a973630f4f96daa101e875340f1a38a4ca1c90431ca87526ab07e8c2343d4704970a892b636cc44ae3a712dd4119e5d696d02f179205dff78b4c53f0fc549176963582ad28c056558d8b9e85327ff5f3fc0f6db9f69815255bd85d299a8db3b093c1d8d143b15372c39ee8f0270e1eb4ed269b6b4591686c881141006e2bc1201bfad52dac9a75cd3edf0774f51b4d214efb01d08488c7dff562eb7e6da2ea1837e6870544c9a5989c0216c20c7ef0b20438dec0f36b1673f9217b5c297839387a6e0f7dfeb3252513a2b3227f9e7e3c382ee0356a79c1c09e525a1ff8a8e099257c9a8f7154fee73b6715c8720f4d3c7ab8bbf470fc804dc8e925ad0691fd18cfdeff4d23a3a10c097b0d168f44bd74d19ff4867ce4f6c1905d7072ff60d69ca6f1c3054e644fa356bd809a890a6705f1ae9987ddf631d6a79559d935791a00878fe283d34729b9d3a72e4694e3215f52eb2c62ba26fc5a6cd76f9b13250dd5a756daee4657a71e6faed474718d8402966c3b7526a61001929bac09cf4e2b3769c7c416cbdc68801a18f38b014b5965981307a2c9dfff6d2d964c01edaf67bdcb27910aebb22821230249ce0d5f87c1a61d5b8c1d4b9b5d750a2874457d54c2779c9c717476132ddb0db7c74b88033209cd27569066f5c898ebe6bb251166e4e711417d059f6987e8b68ea94e0a6bfd93212fea9757432e1083ad9dc5cab3c70ede7f9df086478e0b30be15c96ab6223bb788c0e473e5f5dcfe0d8acfe58989bda9627342af9b9a0eb8853ca99e2b75515ba09cb65d94af7776b0c3a3f5240797d40c25af445e8bdd397e0096ce22e4b6cd7957798bf9cbc7947b82f6f9b3cbd3b6fa7cf994c7fd43e10c7fb64cc9d8f13799f796bc7e5226587009b1b8911b0d20989ee1eaf1f3a9a479ed22b424c10899de571cabd3f3cd6d09f0df93c2f09b1bc0306220358cf8cb1c7f81e3a263cc38e187a201d884f9812ce35bc0101a837eee9e3e71be5efb5dfa5083633241e91207e202dce39b3f1c0e26f30da81f2ddefad4f0063434a89f60dcd77332b5e0e9e2c606cd7f5eead334fc4c3922a2e31a2674b43cf0e0302746b91cb67cb8ffec9e720907fa40b0878ce88e02a330904b3486740999f99890218c294d21c2b89ddfcdec03703aec69d77ee5893851f2ecea11f0b445d0168c3e23d3f1319fc052c97d223092277403e7859293e6f2c3b61b9cfb1b980246d4ab0bc7b46e856bc73d7761f056585ab4540be08ce970c9b53de85ce65fd410a6f2fa1319bd83caa6a7759513c19889027daf663cb5ac51ea1cb29f4565a69bfbb39dd301f214dbc87d7b565e7ba164686730a48eb94abaa72728de4a1f4733cef69d71e0c3a687bff414454e7351f9a866c99eaf9a9b09ae29d3be6b5dfeb433a80f724d7241323480c4b3f07361cbf5a14e8b3e30fddd71f3cd782feea36133a1415bd3fac9bf3ea743c04f9a65ea599c8b377079f3559c5e13e91d35d54e674fd8709234acfdb8a2c5ed69d231e57f4c479d903209d3fa1be56d568b58f07b1326885186cb7222d7816934e35653c32904ed86b8407e3ff0ba046abe9e573218b0f048b522a94b77ff10e1117401535f7af0503d2b2ece3a7f27fc8a6510e0f1fdaa0b023acb6a52f346f095d64ac16a95ef38205457d7cc57baf39f9fd10703147d89216c7aca42953e99112c3b167ea99787ccc5cbd644770f1e5cbf8271e81e7c6e67aa82549ebee45d9d45a0a4d7a85502fbd0c61f5dd6ff36421cf57396897dc371a334e805457e915e2a6bbd2387a2343d0e5cf365e3e4e87c6c2de77422312ea2fd36bef895ce50b4e8248d16fd016cee7e48aedde5b57eae96c3e4a91fef69b262065d7e60efccb974f15c8d42e619b1628bf88c92cb219e7ad1455b23bad04512f2b5c022b3edb5752c25775f5fabf46ae698968bbe5914137d9a7d45ba6a3fb82d1db2fac1feaa6f25e41aa6b29378466dded1eb08a9dba90523e088c81212f5c90e9b2783973777cee85fd787e25df527b67b42a88cc0ac6389e53d8721d8e1a72154ee874c1b13a2b98d96a7637be52295663eb0d69b5701e622455e050c378c084ea5676676b773d77cc8ab65de3060bf3cfaa44331adeb929eebc11386c5776e95f3eac1cecb1f7322fdc6326fc28e509ba58ae337fa261f5af688954919d6da6ebc425f8ae1d4941818b1ea785ca45ee6d7e0ee98e7b61b2b87ddc412753d3cc3233428cfa83e2aae47ce8a05bb102f303dcb4dca6da89a6c008f585ae4960cbc3f833f8269707293e762ebce2284e5833952a29016a9cd66d3335a74b4a88edc56db59bfff6d1926b4b6335d95548b309b17f6d3f9d774bd8b39e74076fe0fa3be54dbdbc028516a7e18fb1be6efe5f4097d0ff028f2e20ee7280eaecf17ff38e5778be2146f8d"], 0xa7e)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r2, 0xc0105303, &(0x7f0000000040)={0xd48c, 0x1})
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000140), 0x1c)
recvfrom$packet(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, 0x0, &(0x7f00000001c0))
prctl$PR_SET_PDEATHSIG(0x1, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0xc7a5fbdb1a5e1da6, &(0x7f0000000240), &(0x7f00000002c0)=0x4)
getresgid(&(0x7f0000000940), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)={&(0x7f0000000000)='./file0\x00', r5}, 0x10)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001dc0))
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000080))
alarm(0x8)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000000200)={0x2, 0x2000000004e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)

16:24:24 executing program 3:
rt_sigprocmask(0x0, &(0x7f000003b000)={0xfffffffffffffffe}, 0x0, 0x8)
prlimit64(0x0, 0xb, &(0x7f000002fff0), 0x0)
r0 = gettid()
tkill(r0, 0x15)

16:24:24 executing program 2:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000800)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1300000036ffff018000000600395032303030"], 0x13)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_ENTRY(r2, &(0x7f0000000140)={0x90}, 0x90)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
utime(&(0x7f0000000300)='./file0\x00', 0x0)
ioprio_get$uid(0x0, 0x0)

16:24:24 executing program 4:
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x800, 0x0, 0x3, 0x100000000000001}, 0x20)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}, 0x800, 0x1}, 0x20)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f00000001c0))
select(0x40, &(0x7f0000000080)={0x6e38, 0x0, 0x2, 0x9a, 0x8, 0xfffffffffffffffb, 0x101, 0x1}, &(0x7f00000000c0)={0x8, 0x1, 0x2, 0x2, 0x7fffffff, 0x1, 0xdc, 0x7}, &(0x7f0000000100)={0x0, 0x5, 0x2, 0x1, 0x2, 0x5, 0x7, 0x2}, &(0x7f0000000180)={0x0, 0x7530})

16:24:24 executing program 3:
rt_sigprocmask(0x0, &(0x7f000003b000)={0xfffffffffffffffe}, 0x0, 0x8)
prlimit64(0x0, 0xb, &(0x7f000002fff0), 0x0)
r0 = gettid()
tkill(r0, 0x15)

[  196.549324] 9pnet: Insufficient options for proto=fd
[  196.625503] ------------[ cut here ]------------
16:24:24 executing program 0:
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe)
open(&(0x7f0000000b80)='./file0\x00', 0x200c2, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)

[  196.654024] refcount_t: underflow; use-after-free.
[  196.702170] WARNING: CPU: 1 PID: 8339 at lib/refcount.c:187 refcount_sub_and_test_checked+0x1c5/0x1f0
[  196.711769] Kernel panic - not syncing: panic_on_warn set ...
[  196.711769] 
[  196.719183] CPU: 1 PID: 8339 Comm: syz-executor.2 Not tainted 4.19.74 #0
[  196.726151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  196.735573] Call Trace:
[  196.738243]  dump_stack+0x172/0x1f0
[  196.739049] kobject: 'loop3' (00000000993a32c3): kobject_uevent_env
[  196.741981]  panic+0x263/0x507
[  196.741994]  ? __warn_printk+0xf3/0xf3
[  196.742015]  ? refcount_sub_and_test_checked+0x1c5/0x1f0
[  196.742029]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  196.742041]  ? __warn.cold+0x5/0x4a
[  196.742062]  ? refcount_sub_and_test_checked+0x1c5/0x1f0
[  196.742075]  __warn.cold+0x20/0x4a
[  196.742091]  ? refcount_sub_and_test_checked+0x1c5/0x1f0
[  196.742113]  report_bug+0x263/0x2b0
[  196.742130]  do_error_trap+0x204/0x360
[  196.742143]  ? math_error+0x340/0x340
[  196.742154]  ? wake_up_klogd+0x99/0xd0
[  196.742163]  ? vprintk_emit+0x264/0x690
[  196.742173]  ? vprintk_emit+0x1ab/0x690
[  196.742187]  ? error_entry+0x7c/0xe0
[  196.742203]  ? trace_hardirqs_off_caller+0x65/0x220
[  196.751833] kobject: 'loop3' (00000000993a32c3): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  196.751913]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  196.808845] kobject: 'loop4' (00000000a1012e3e): kobject_uevent_env
[  196.812003]  do_invalid_op+0x1b/0x20
[  196.812020]  invalid_op+0x14/0x20
[  196.812039] RIP: 0010:refcount_sub_and_test_checked+0x1c5/0x1f0
[  196.812052] Code: 1d 0f 2b 13 06 31 ff 89 de e8 67 a0 46 fe 84 db 75 1a e8 1e 9f 46 fe 48 c7 c7 80 2b 82 87 c6 05 ef 2a 13 06 01 e8 49 2f 1a fe <0f> 0b 45 31 e4 eb 90 e8 ff 9e 46 fe e9 ce fe ff ff 48 89 df e8 52
[  196.812059] RSP: 0000:ffff8880579f7848 EFLAGS: 00010286
[  196.812070] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  196.812078] RDX: 0000000000010da4 RSI: ffffffff8155dbd6 RDI: ffffed100af3eefb
[  196.812086] RBP: ffff8880579f78d8 R08: ffff888057810140 R09: ffffed1015d25079
[  196.812098] R10: ffffed1015d25078 R11: ffff8880ae9283c7 R12: 00000000ffffffff
[  196.842408] kobject: 'loop4' (00000000a1012e3e): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  196.845531] R13: 0000000000000000 R14: 1ffff1100af3ef0a R15: ffff8880579f78b0
[  196.845572]  ? vprintk_func+0x86/0x189
[  196.845600]  ? refcount_sub_and_test_checked+0x1c5/0x1f0
[  196.845616]  ? refcount_inc_checked+0x70/0x70
[  196.940767]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  196.946451]  ? p9_fd_close+0x29e/0x570
16:24:25 executing program 3:
rt_sigprocmask(0x0, &(0x7f000003b000)={0xfffffffffffffffe}, 0x0, 0x8)
prlimit64(0x0, 0xb, &(0x7f000002fff0), 0x0)
r0 = gettid()
tkill(r0, 0x15)

16:24:25 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$VIDIOC_SUBDEV_S_EDID(r1, 0xc0285629, &(0x7f0000000040)={0x0, 0x5, 0x200000000000000, [], &(0x7f0000000000)=0x1ff})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getpeername$inet6(r2, 0x0, 0x0)

16:24:25 executing program 3:
rt_sigprocmask(0x0, &(0x7f000003b000)={0xfffffffffffffffe}, 0x0, 0x8)
prlimit64(0x0, 0xb, &(0x7f000002fff0), 0x0)
tkill(0x0, 0x15)

[  196.950396]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  196.953736] kobject: 'loop3' (00000000993a32c3): kobject_uevent_env
[  196.955893]  ? lockdep_hardirqs_on+0x415/0x5d0
[  196.955922]  refcount_dec_and_test_checked+0x1b/0x20
[  196.955943]  p9_req_put+0x20/0x60
[  196.955962]  p9_fd_close+0x2ee/0x570
[  196.983105]  p9_client_create+0x98c/0x1400
[  196.988090] kobject: 'loop3' (00000000993a32c3): fill_kobj_path: path = '/devices/virtual/block/loop3'
16:24:25 executing program 4:
ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x7)

[  196.988732]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  197.004679]  ? p9_client_zc_rpc.constprop.0+0x10b0/0x10b0
[  197.010731]  ? rcu_read_lock_sched_held+0x110/0x130
[  197.016226]  ? __lockdep_init_map+0x10c/0x5b0
[  197.021059]  ? lockdep_init_map+0x9/0x10
[  197.025776]  v9fs_session_init+0x1e7/0x18c0
[  197.030292]  ? v9fs_session_init+0x1e7/0x18c0
[  197.035117]  ? check_preemption_disabled+0x48/0x290
[  197.040336]  ? lock_downgrade+0x810/0x810
[  197.044827]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  197.050570]  ? v9fs_show_options+0x7e0/0x7e0
[  197.055491]  ? v9fs_mount+0x5e/0x920
[  197.059330]  ? rcu_read_lock_sched_held+0x110/0x130
[  197.060329] kobject: 'nullb0' (00000000f014bf3d): kobject_uevent_env
[  197.064451]  ? kmem_cache_alloc_trace+0x348/0x760
[  197.064463]  ? free_pages+0x46/0x50
[  197.064486]  v9fs_mount+0x7d/0x920
[  197.064503]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  197.064522]  mount_fs+0xa8/0x31f
[  197.064542]  vfs_kern_mount.part.0+0x6f/0x410
[  197.064560]  do_mount+0x53e/0x2bc0
[  197.064581]  ? copy_mount_string+0x40/0x40
[  197.064601]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  197.064614]  ? copy_mount_options+0x280/0x3a0
[  197.064630]  ksys_mount+0xdb/0x150
[  197.064646]  __x64_sys_mount+0xbe/0x150
[  197.064662]  do_syscall_64+0xfd/0x620
[  197.064682]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  197.111606] kobject: 'nullb0' (00000000f014bf3d): fill_kobj_path: path = '/devices/virtual/block/nullb0'
[  197.112655] RIP: 0033:0x459a09
[  197.112670] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  197.112677] RSP: 002b:00007f4372e03c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  197.112692] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09
[  197.112701] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000
[  197.112709] RBP: 000000000075bfc8 R08: 0000000020000540 R09: 0000000000000000
[  197.112718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4372e046d4
[  197.112727] R13: 00000000004c5fa0 R14: 00000000004dac40 R15: 00000000ffffffff
[  197.122088] Kernel Offset: disabled
[  197.242232] Rebooting in 86400 seconds..