ing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:30 executing program 3:

09:22:30 executing program 0:

09:22:30 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close(0xffffffffffffffff)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:31 executing program 5:

09:22:31 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:31 executing program 3:

09:22:31 executing program 4:

09:22:31 executing program 0:

09:22:31 executing program 5:

09:22:31 executing program 3:

09:22:31 executing program 0:

09:22:31 executing program 4:

09:22:31 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close(0xffffffffffffffff)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:31 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:31 executing program 5:

09:22:31 executing program 3:

09:22:31 executing program 0:

09:22:31 executing program 5:

09:22:31 executing program 4:

09:22:31 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:31 executing program 0:

09:22:31 executing program 3:

09:22:31 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close(0xffffffffffffffff)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:32 executing program 4:

09:22:32 executing program 5:

09:22:32 executing program 3:

09:22:32 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:32 executing program 0:

09:22:32 executing program 4:

09:22:32 executing program 3:

09:22:32 executing program 5:

09:22:32 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:32 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:32 executing program 0:

09:22:32 executing program 3:

09:22:32 executing program 5:

09:22:32 executing program 4:

09:22:32 executing program 0:

09:22:32 executing program 4:

09:22:32 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(0xffffffffffffffff)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:32 executing program 5:

09:22:32 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:32 executing program 3:

09:22:33 executing program 0:

09:22:33 executing program 5:

09:22:33 executing program 4:

09:22:33 executing program 3:

09:22:33 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:33 executing program 0:

09:22:33 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(0xffffffffffffffff)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:33 executing program 4:

09:22:33 executing program 5:

09:22:33 executing program 3:

09:22:33 executing program 0:

09:22:33 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:33 executing program 5:

09:22:33 executing program 4:

09:22:33 executing program 3:

09:22:33 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(0xffffffffffffffff)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:33 executing program 0:

09:22:34 executing program 5:

09:22:34 executing program 4:

09:22:34 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:34 executing program 3:

09:22:34 executing program 0:

09:22:34 executing program 5:

09:22:34 executing program 4:

09:22:34 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:34 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:34 executing program 3:

09:22:34 executing program 0:

09:22:34 executing program 5:

09:22:34 executing program 4:

09:22:34 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:34 executing program 3:

09:22:34 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close(r0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:34 executing program 0:

09:22:34 executing program 5:

09:22:34 executing program 4:

09:22:35 executing program 3:

09:22:35 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:35 executing program 4:

09:22:35 executing program 0:

09:22:35 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close(r0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:35 executing program 5:

09:22:35 executing program 3:

09:22:35 executing program 0:

09:22:35 executing program 4:

09:22:35 executing program 3:

09:22:35 executing program 5:

09:22:35 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close(r0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:35 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:35 executing program 0:

09:22:35 executing program 3:

09:22:35 executing program 4:

09:22:35 executing program 5:

09:22:35 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(0xffffffffffffffff)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:36 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:36 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcc", 0xd90)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

09:22:36 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:36 executing program 4:

09:22:36 executing program 5:

09:22:36 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(0xffffffffffffffff)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:36 executing program 4:

09:22:36 executing program 0:

09:22:36 executing program 5:
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:36 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:36 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
time(0x0)

09:22:36 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)

09:22:36 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(0xffffffffffffffff)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

[  324.682038][   T27] kauditd_printk_skb: 2 callbacks suppressed
[  324.682058][   T27] audit: type=1326 audit(1582276956.784:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9320 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
[  324.770272][   T27] audit: type=1326 audit(1582276956.814:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9317 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:37 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcc", 0xd90)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

09:22:37 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:37 executing program 5:
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:37 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:37 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:37 executing program 5:
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

[  325.416054][   T27] audit: type=1326 audit(1582276957.514:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9317 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
[  325.471013][   T27] audit: type=1326 audit(1582276957.574:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9320 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:37 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:37 executing program 4:
mlockall(0x1)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2000)

09:22:37 executing program 0:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc)
dup2(r0, r1)

09:22:37 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
mlock2(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0)

09:22:37 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:38 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

[  325.970525][   T27] audit: type=1326 audit(1582276958.074:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9372 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:38 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcc", 0xd90)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

09:22:38 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')

09:22:38 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(0xffffffffffffffff)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:38 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:38 executing program 4:
mlockall(0x1)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x2000)

[  326.662147][   T27] audit: type=1326 audit(1582276958.764:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9392 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
[  326.763708][   T27] audit: type=1326 audit(1582276958.864:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9372 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:38 executing program 5:
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x2, 0x1}, 0xc)
futex(0x0, 0x81, 0x0, 0x0, &(0x7f0000000440), 0x1)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xfffffe38)
open$dir(0x0, 0x0, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000140)='trusted.overlay.opaque\x00', &(0x7f0000000180)='y\x00', 0x2, 0x0)
set_tid_address(0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
open(0x0, 0x10002, 0x12c)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:39 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(0xffffffffffffffff)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:39 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:39 executing program 5:
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x2, 0x1}, 0xc)
futex(0x0, 0x81, 0x0, 0x0, &(0x7f0000000440), 0x1)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xfffffe38)
open$dir(0x0, 0x0, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000140)='trusted.overlay.opaque\x00', &(0x7f0000000180)='y\x00', 0x2, 0x0)
set_tid_address(0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
open(0x0, 0x10002, 0x12c)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:39 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(0xffffffffffffffff)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:39 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

[  327.462481][   T27] audit: type=1326 audit(1582276959.564:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9392 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:39 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
setreuid(0xee00, 0x0)

[  327.771412][   T27] audit: type=1326 audit(1582276959.874:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9441 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:40 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcc", 0xd90)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

09:22:40 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')

09:22:40 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:40 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
capget(&(0x7f0000000000)={0x19980330}, 0x0)

09:22:40 executing program 1:
r0 = getpid()
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
process_vm_readv(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  327.985878][   T27] audit: type=1326 audit(1582276960.084:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9450 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
[  328.029914][ T9457] capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use)
09:22:40 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:40 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r2)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:40 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:40 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
readv(r0, 0x0, 0x0)

09:22:40 executing program 3:
getpid()
socket$inet6(0xa, 0x1, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ttyS3\x00', 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
capset(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0xfffffff9})
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:40 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:40 executing program 0:
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x2, 0x1}, 0xc)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(0x0, 0x81, 0x0, 0x0, &(0x7f0000000440), 0x1)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0)
write$cgroup_pid(r0, &(0x7f0000000080), 0xfffffe38)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x101000, 0x0)
fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000140)='trusted.overlay.opaque\x00', &(0x7f0000000180)='y\x00', 0x2, 0x6)
set_tid_address(0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x2, 0x0)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x2, r2, 0x2)
ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0)
open(0x0, 0x10002, 0x12c)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r3 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r3, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:40 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
capget(&(0x7f0000000000)={0x19980330}, 0x0)

09:22:41 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0)

09:22:41 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, 0xffffffffffffffff)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, 0x0, &(0x7f0000000100))
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

09:22:41 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:41 executing program 0:
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x2}, 0xc)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x1)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
open$dir(0x0, 0x0, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, &(0x7f0000000180)='y\x00', 0x2, 0x6)
set_tid_address(0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x0, 0x0)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x2, r0, 0x0)
open(0x0, 0x10002, 0x12c)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r1 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r1, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:41 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:41 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000440)={@local, @empty, @void, {@ipv4={0x800, @gre={{0x6, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x7, 0x4}]}}}}}}, 0x0)

09:22:41 executing program 0:
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x2}, 0xc)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x1)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
open$dir(0x0, 0x0, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, &(0x7f0000000180)='y\x00', 0x2, 0x6)
set_tid_address(0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x0, 0x0)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x2, r0, 0x0)
open(0x0, 0x10002, 0x12c)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r1 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r1, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:41 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
readv(r0, 0x0, 0x0)

09:22:41 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:41 executing program 0:
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x2}, 0xc)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x1)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
open$dir(0x0, 0x0, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, &(0x7f0000000180)='y\x00', 0x2, 0x6)
set_tid_address(0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x0, 0x0)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x2, r0, 0x0)
open(0x0, 0x10002, 0x12c)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r1 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r1, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:41 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sndtimer(&(0x7f0000000200)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000480)={{}, 0x0, 0x0, 'id1\x00', 'timer1\x00'})

[  329.820374][   T27] kauditd_printk_skb: 8 callbacks suppressed
[  329.820395][   T27] audit: type=1326 audit(1582276961.924:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9552 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:42 executing program 4:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='cgroup\x00', 0x0, 0x0)
getxattr(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000600)=ANY=[@ANYBLOB='o'], 0x0, 0x0)

09:22:42 executing program 0:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894"], 0x1)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, r1)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r11 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r12 = dup(0xffffffffffffffff)
write$cgroup_int(r12, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r12, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

09:22:42 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, 0xffffffffffffffff)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, 0x0, &(0x7f0000000100))
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

09:22:42 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close(r0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

09:22:42 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sndtimer(&(0x7f0000000200)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000480)={{}, 0x0, 0x0, 'id1\x00', 'timer1\x00'})

09:22:42 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, 0xffffffffffffffff)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, 0x0, &(0x7f0000000100))
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

09:22:42 executing program 2:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000440)={@local, @empty, @void, {@ipv4={0x800, @gre={{0x6, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x7, 0x4}]}}}}}}, 0x0)

09:22:42 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:42 executing program 5:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
pipe2(&(0x7f0000000100), 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
read$alg(0xffffffffffffffff, &(0x7f0000000000)=""/200, 0xc8)
socket$inet6(0xa, 0x802, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000300)="2c16698dc2809411d7413c7fe22ca7725b12abfc0d4809651ba9336f6f9c11b57b828a346f8b45fc998817dbad8da8bdd26973f43c53439ad29a8f58b8b0620fd5a0e06d4e18719a82090ef4940773dbcaafb9c9d4362258e31c790954ba103d1fb70390f243d22879c40104e7c77ea9d47e5fb88823c12cbac2d9fdd07a1de5732d228c0dd00e35f8e92d1d76f98a091c9cd4187ab7ed28e70232e5171e57ee00c641129dad573cd18e245dce2e619e6e20a34a5203f78a3ce4e87b821550e40d2c62973bd7b50996896c7b2028eb71225c42e2da09bb43de651749c7efbcfe6f1d4315fed4d6fda612959fd8fb133c7f73e14bf1403f7e5b087dfab6aa3399")
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000600), 0x0)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, 0x0)

09:22:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup3(r8, r7, 0x0)
setsockopt$inet_group_source_req(r9, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:42 executing program 0:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894"], 0x1)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, r1)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r11 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r12 = dup(0xffffffffffffffff)
write$cgroup_int(r12, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r12, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  330.769020][   T27] audit: type=1804 audit(1582276962.874:64): pid=9599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/60/file0/bus" dev="loop2" ino=25 res=1
[  330.805596][ T9599] attempt to access beyond end of device
[  330.816705][ T9599] loop2: rw=2049, want=78, limit=63
[  330.841401][   T27] audit: type=1804 audit(1582276962.904:65): pid=9599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/60/file0/bus" dev="loop2" ino=25 res=1
[  330.851500][ T9599] Buffer I/O error on dev loop2, logical block 77, lost async page write
09:22:43 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, 0xffffffffffffffff)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, 0x0, &(0x7f0000000100))
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  330.934089][   T27] audit: type=1804 audit(1582276962.904:66): pid=9599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/60/file0/bus" dev="loop2" ino=25 res=1
[  330.975053][ T9597] attempt to access beyond end of device
[  331.003462][ T9597] loop2: rw=0, want=78, limit=63
[  331.047102][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
[  331.058933][ T9597] attempt to access beyond end of device
[  331.067509][ T9597] loop2: rw=0, want=78, limit=63
[  331.076867][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
09:22:43 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  331.096213][ T9597] attempt to access beyond end of device
[  331.113260][ T9597] loop2: rw=0, want=78, limit=63
09:22:43 executing program 4:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894"], 0x1)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, r1)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r11 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r12 = dup(0xffffffffffffffff)
write$cgroup_int(r12, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r12, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  331.157654][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
[  331.189030][ T9597] attempt to access beyond end of device
[  331.205664][ T9597] loop2: rw=0, want=78, limit=63
[  331.232492][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
[  331.253514][ T9597] attempt to access beyond end of device
[  331.265058][ T9597] loop2: rw=0, want=78, limit=63
[  331.275860][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
[  331.297065][ T9597] attempt to access beyond end of device
[  331.303726][ T9597] loop2: rw=0, want=78, limit=63
[  331.310718][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
[  331.319250][ T9597] attempt to access beyond end of device
[  331.325058][ T9597] loop2: rw=0, want=78, limit=63
[  331.330608][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
[  331.339115][ T9597] attempt to access beyond end of device
[  331.344941][ T9597] loop2: rw=0, want=78, limit=63
[  331.351433][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
[  331.360721][ T9597] attempt to access beyond end of device
[  331.366529][ T9597] loop2: rw=0, want=78, limit=63
[  331.372121][ T9597] Buffer I/O error on dev loop2, logical block 77, async page read
[  331.387903][ T9597] attempt to access beyond end of device
[  331.400893][ T9597] loop2: rw=0, want=78, limit=63
[  331.412232][ T9597] attempt to access beyond end of device
[  331.424644][ T9597] loop2: rw=0, want=78, limit=63
[  331.437934][ T9597] attempt to access beyond end of device
[  331.454455][ T9597] loop2: rw=0, want=78, limit=63
[  331.465961][ T9597] attempt to access beyond end of device
[  331.477913][ T9597] loop2: rw=0, want=78, limit=63
[  331.489195][ T9597] attempt to access beyond end of device
[  331.497812][ T9597] loop2: rw=0, want=78, limit=63
[  331.502924][ T9597] attempt to access beyond end of device
[  331.532566][ T9597] loop2: rw=0, want=78, limit=63
[  331.554617][ T9597] attempt to access beyond end of device
[  331.565190][ T9597] loop2: rw=0, want=78, limit=63
[  331.572745][ T9597] attempt to access beyond end of device
[  331.578497][ T9597] loop2: rw=0, want=78, limit=63
[  331.583641][ T9597] attempt to access beyond end of device
[  331.592612][ T9597] loop2: rw=0, want=78, limit=63
[  331.597665][ T9597] attempt to access beyond end of device
[  331.603579][ T9597] loop2: rw=0, want=78, limit=63
[  331.614806][ T9597] attempt to access beyond end of device
[  331.620543][ T9597] loop2: rw=0, want=78, limit=63
[  331.627885][ T9597] attempt to access beyond end of device
[  331.633607][ T9597] loop2: rw=0, want=78, limit=63
[  331.641635][ T9597] attempt to access beyond end of device
[  331.647419][ T9597] loop2: rw=0, want=78, limit=63
[  331.652535][ T9597] attempt to access beyond end of device
[  331.661107][ T9597] loop2: rw=0, want=78, limit=63
[  331.666163][ T9597] attempt to access beyond end of device
[  331.672539][ T9597] loop2: rw=0, want=78, limit=63
[  331.677598][ T9597] attempt to access beyond end of device
[  331.686560][ T9597] loop2: rw=0, want=78, limit=63
[  331.691703][ T9597] attempt to access beyond end of device
[  331.697455][ T9597] loop2: rw=0, want=78, limit=63
09:22:43 executing program 0:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894"], 0x1)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, r1)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r11 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r12 = dup(0xffffffffffffffff)
write$cgroup_int(r12, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r12, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  331.705700][ T9597] attempt to access beyond end of device
[  331.711589][ T9597] loop2: rw=0, want=78, limit=63
[  331.716641][ T9597] attempt to access beyond end of device
[  331.724875][ T9597] loop2: rw=0, want=78, limit=63
[  331.729974][ T9597] attempt to access beyond end of device
[  331.735684][ T9597] loop2: rw=0, want=78, limit=63
[  331.750257][ T9597] attempt to access beyond end of device
[  331.760406][ T9597] loop2: rw=0, want=78, limit=63
[  331.772748][ T9599] attempt to access beyond end of device
[  331.784447][ T9599] loop2: rw=0, want=78, limit=63
[  331.795825][ T9599] attempt to access beyond end of device
[  331.805025][ T9599] loop2: rw=0, want=78, limit=63
09:22:43 executing program 3:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894"], 0x1)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, r1)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r11 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r12 = dup(0xffffffffffffffff)
write$cgroup_int(r12, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r12, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  331.833175][ T9599] attempt to access beyond end of device
[  331.850972][ T9599] loop2: rw=0, want=78, limit=63
[  331.864825][ T9599] attempt to access beyond end of device
[  331.883828][ T9599] loop2: rw=0, want=78, limit=63
[  331.904658][ T9597] attempt to access beyond end of device
[  331.923366][ T9597] loop2: rw=0, want=78, limit=63
[  331.943792][ T9597] attempt to access beyond end of device
[  331.962388][ T9597] loop2: rw=0, want=78, limit=63
[  331.973987][ T9599] attempt to access beyond end of device
[  331.982062][ T9599] loop2: rw=0, want=78, limit=63
[  331.991660][ T9599] attempt to access beyond end of device
[  332.027686][ T9599] loop2: rw=0, want=78, limit=63
[  332.036377][ T9597] attempt to access beyond end of device
[  332.062389][ T9597] loop2: rw=0, want=78, limit=63
[  332.067404][ T9597] attempt to access beyond end of device
09:22:44 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  332.078299][ T9597] loop2: rw=0, want=78, limit=63
[  332.088249][ T9611] attempt to access beyond end of device
[  332.094836][ T9611] loop2: rw=0, want=78, limit=63
[  332.101120][ T9599] attempt to access beyond end of device
[  332.107067][ T9599] loop2: rw=0, want=78, limit=63
[  332.112804][ T9611] attempt to access beyond end of device
[  332.118647][ T9611] loop2: rw=0, want=78, limit=63
[  332.123901][ T9597] attempt to access beyond end of device
[  332.129743][ T9597] loop2: rw=0, want=78, limit=63
[  332.134848][ T9599] attempt to access beyond end of device
[  332.141129][ T9599] loop2: rw=0, want=78, limit=63
[  332.146467][ T9611] attempt to access beyond end of device
[  332.152695][ T9611] loop2: rw=0, want=78, limit=63
[  332.157890][ T9597] attempt to access beyond end of device
[  332.163633][ T9597] loop2: rw=0, want=78, limit=63
[  332.168943][ T9611] attempt to access beyond end of device
[  332.175146][ T9611] loop2: rw=0, want=78, limit=63
[  332.180634][ T9599] attempt to access beyond end of device
[  332.186705][ T9599] loop2: rw=0, want=78, limit=63
[  332.195179][ T9597] attempt to access beyond end of device
[  332.207381][ T9597] loop2: rw=0, want=78, limit=63
[  332.221975][ T9599] attempt to access beyond end of device
09:22:44 executing program 4:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894"], 0x1)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, r1)
r3 = accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x0)
write(r7, &(0x7f0000000340), 0x41395527)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r10, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r11 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r12 = dup(0xffffffffffffffff)
write$cgroup_int(r12, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r12, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  332.237667][ T9599] loop2: rw=0, want=78, limit=63
[  332.254219][ T9597] attempt to access beyond end of device
[  332.267373][ T9597] loop2: rw=0, want=78, limit=63
[  332.281391][ T9599] attempt to access beyond end of device
[  332.293632][ T9599] loop2: rw=0, want=78, limit=63
[  332.305007][ T9597] attempt to access beyond end of device
[  332.317176][ T9597] loop2: rw=0, want=78, limit=63
[  332.327666][ T9599] attempt to access beyond end of device
[  332.340158][ T9599] loop2: rw=0, want=78, limit=63
[  332.350723][ T9597] attempt to access beyond end of device
[  332.362933][ T9597] loop2: rw=0, want=78, limit=63
[  332.373437][ T9597] attempt to access beyond end of device
[  332.385707][ T9597] loop2: rw=0, want=78, limit=63
[  332.396601][ T9597] attempt to access beyond end of device
[  332.410505][ T9597] loop2: rw=0, want=78, limit=63
[  332.421916][ T9597] attempt to access beyond end of device
[  332.437208][ T9597] loop2: rw=0, want=78, limit=63
09:22:44 executing program 5:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
pipe2(&(0x7f0000000100), 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
read$alg(0xffffffffffffffff, &(0x7f0000000000)=""/200, 0xc8)
socket$inet6(0xa, 0x802, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000300)="2c16698dc2809411d7413c7fe22ca7725b12abfc0d4809651ba9336f6f9c11b57b828a346f8b45fc998817dbad8da8bdd26973f43c53439ad29a8f58b8b0620fd5a0e06d4e18719a82090ef4940773dbcaafb9c9d4362258e31c790954ba103d1fb70390f243d22879c40104e7c77ea9d47e5fb88823c12cbac2d9fdd07a1de5732d228c0dd00e35f8e92d1d76f98a091c9cd4187ab7ed28e70232e5171e57ee00c641129dad573cd18e245dce2e619e6e20a34a5203f78a3ce4e87b821550e40d2c62973bd7b50996896c7b2028eb71225c42e2da09bb43de651749c7efbcfe6f1d4315fed4d6fda612959fd8fb133c7f73e14bf1403f7e5b087dfab6aa3399")
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000600), 0x0)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, 0x0)

[  332.450802][ T9597] attempt to access beyond end of device
[  332.462577][ T9597] loop2: rw=0, want=78, limit=63
[  332.482527][ T9597] attempt to access beyond end of device
[  332.495755][ T9597] loop2: rw=0, want=78, limit=63
[  332.507223][ T9597] attempt to access beyond end of device
[  332.520602][ T9597] loop2: rw=0, want=78, limit=63
[  332.532055][ T9597] attempt to access beyond end of device
[  332.544112][ T9597] loop2: rw=0, want=78, limit=63
[  332.555059][ T9597] attempt to access beyond end of device
[  332.568011][ T9597] loop2: rw=0, want=78, limit=63
[  332.578817][ T9597] attempt to access beyond end of device
[  332.590846][ T9597] loop2: rw=0, want=78, limit=63
[  332.601540][ T9597] attempt to access beyond end of device
[  332.613854][ T9597] loop2: rw=0, want=78, limit=63
[  332.624871][ T9597] attempt to access beyond end of device
[  332.638006][ T9597] loop2: rw=0, want=78, limit=63
[  332.648879][ T9597] attempt to access beyond end of device
[  332.658107][ T9597] loop2: rw=0, want=78, limit=63
09:22:44 executing program 0:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
pipe2(&(0x7f0000000100), 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
read$alg(0xffffffffffffffff, &(0x7f0000000000)=""/200, 0xc8)
socket$inet6(0xa, 0x802, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000300)="2c16698dc2809411d7413c7fe22ca7725b12abfc0d4809651ba9336f6f9c11b57b828a346f8b45fc998817dbad8da8bdd26973f43c53439ad29a8f58b8b0620fd5a0e06d4e18719a82090ef4940773dbcaafb9c9d4362258e31c790954ba103d1fb70390f243d22879c40104e7c77ea9d47e5fb88823c12cbac2d9fdd07a1de5732d228c0dd00e35f8e92d1d76f98a091c9cd4187ab7ed28e70232e5171e57ee00c641129dad573cd18e245dce2e619e6e20a34a5203f78a3ce4e87b821550e40d2c62973bd7b50996896c7b2028eb71225c42e2da09bb43de651749c7efbcfe6f1d4315fed4d6fda612959fd8fb133c7f73e14bf1403f7e5b087dfab6aa3399")
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000600), 0x0)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, 0x0)

[  332.668387][ T9597] attempt to access beyond end of device
[  332.686713][ T9597] loop2: rw=0, want=78, limit=63
[  332.703232][ T9597] attempt to access beyond end of device
09:22:44 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
pipe2(&(0x7f0000000100), 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
read$alg(0xffffffffffffffff, &(0x7f0000000000)=""/200, 0xc8)
socket$inet6(0xa, 0x802, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000300)="2c16698dc2809411d7413c7fe22ca7725b12abfc0d4809651ba9336f6f9c11b57b828a346f8b45fc998817dbad8da8bdd26973f43c53439ad29a8f58b8b0620fd5a0e06d4e18719a82090ef4940773dbcaafb9c9d4362258e31c790954ba103d1fb70390f243d22879c40104e7c77ea9d47e5fb88823c12cbac2d9fdd07a1de5732d228c0dd00e35f8e92d1d76f98a091c9cd4187ab7ed28e70232e5171e57ee00c641129dad573cd18e245dce2e619e6e20a34a5203f78a3ce4e87b821550e40d2c62973bd7b50996896c7b2028eb71225c42e2da09bb43de651749c7efbcfe6f1d4315fed4d6fda612959fd8fb133c7f73e14bf1403f7e5b087dfab6aa3399")
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000600), 0x0)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, 0x0)

[  332.722409][ T9597] loop2: rw=0, want=78, limit=63
[  332.735011][ T9597] attempt to access beyond end of device
[  332.777775][ T9597] loop2: rw=0, want=78, limit=63
[  332.782882][ T9597] attempt to access beyond end of device
[  332.823264][ T9597] loop2: rw=0, want=78, limit=63
09:22:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup3(r8, r7, 0x0)
setsockopt$inet_group_source_req(r9, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:45 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup3(r8, r7, 0x0)
setsockopt$inet_group_source_req(r9, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  333.334475][   T27] audit: type=1804 audit(1582276965.434:67): pid=9687 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/61/file0/bus" dev="sda1" ino=16522 res=1
[  333.495980][   T27] audit: type=1804 audit(1582276965.444:68): pid=9687 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/61/file0/bus" dev="sda1" ino=16522 res=1
09:22:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup3(r8, r7, 0x0)
setsockopt$inet_group_source_req(r9, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  333.750691][ T9689] attempt to access beyond end of device
[  333.759881][   T27] audit: type=1804 audit(1582276965.444:69): pid=9687 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/61/file0/bus" dev="sda1" ino=16522 res=1
[  333.787912][ T9689] loop4: rw=2049, want=78, limit=63
09:22:45 executing program 5:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup3(r8, r7, 0x0)
setsockopt$inet_group_source_req(r9, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  333.811130][ T9688] attempt to access beyond end of device
[  333.820016][ T9688] loop4: rw=0, want=78, limit=63
[  333.825146][   T27] audit: type=1804 audit(1582276965.824:70): pid=9689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir668786558/syzkaller.IIQBfL/63/file0/bus" dev="loop4" ino=26 res=1
[  333.851239][ T9688] attempt to access beyond end of device
[  333.863861][ T9688] loop4: rw=0, want=78, limit=63
[  333.872982][ T9688] attempt to access beyond end of device
[  333.886009][ T9688] loop4: rw=0, want=78, limit=63
[  333.891307][   T27] audit: type=1804 audit(1582276965.834:71): pid=9689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir668786558/syzkaller.IIQBfL/63/file0/bus" dev="loop4" ino=26 res=1
[  333.915904][ T9688] attempt to access beyond end of device
[  333.936402][ T9688] loop4: rw=0, want=78, limit=63
[  333.951593][ T9688] attempt to access beyond end of device
[  333.967348][ T9688] loop4: rw=0, want=78, limit=63
[  333.978175][ T9688] attempt to access beyond end of device
[  333.986155][   T27] audit: type=1804 audit(1582276965.844:72): pid=9689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir668786558/syzkaller.IIQBfL/63/file0/bus" dev="loop4" ino=26 res=1
[  334.015137][ T9688] loop4: rw=0, want=78, limit=63
[  334.020503][ T9688] attempt to access beyond end of device
[  334.026324][ T9688] loop4: rw=0, want=78, limit=63
[  334.033758][ T9688] attempt to access beyond end of device
[  334.051891][ T9688] loop4: rw=0, want=78, limit=63
[  334.066505][ T9688] attempt to access beyond end of device
[  334.073341][ T9688] loop4: rw=0, want=78, limit=63
[  334.078591][ T9688] attempt to access beyond end of device
[  334.084544][ T9688] loop4: rw=0, want=78, limit=63
[  334.089819][ T9688] attempt to access beyond end of device
[  334.096499][ T9688] loop4: rw=0, want=78, limit=63
[  334.106583][ T9688] attempt to access beyond end of device
[  334.115736][ T9688] loop4: rw=0, want=78, limit=63
[  334.121049][ T9688] attempt to access beyond end of device
[  334.126923][ T9688] loop4: rw=0, want=78, limit=63
[  334.132224][ T9688] attempt to access beyond end of device
[  334.138183][ T9688] loop4: rw=0, want=78, limit=63
[  334.143381][ T9688] attempt to access beyond end of device
[  334.149253][ T9688] loop4: rw=0, want=78, limit=63
[  334.154349][ T9688] attempt to access beyond end of device
[  334.160339][ T9688] loop4: rw=0, want=78, limit=63
[  334.165524][ T9688] attempt to access beyond end of device
[  334.172301][ T9688] loop4: rw=0, want=78, limit=63
[  334.177516][ T9688] attempt to access beyond end of device
[  334.183840][ T9688] loop4: rw=0, want=78, limit=63
[  334.189090][ T9688] attempt to access beyond end of device
[  334.194825][ T9688] loop4: rw=0, want=78, limit=63
[  334.200136][ T9688] attempt to access beyond end of device
[  334.205948][ T9688] loop4: rw=0, want=78, limit=63
[  334.211335][ T9689] attempt to access beyond end of device
09:22:46 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
flistxattr(0xffffffffffffffff, 0x0, 0x0)

[  334.217209][ T9689] loop4: rw=0, want=78, limit=63
[  334.222593][ T9689] attempt to access beyond end of device
[  334.228539][ T9689] loop4: rw=0, want=78, limit=63
[  334.233780][ T9689] attempt to access beyond end of device
[  334.239687][ T9689] loop4: rw=0, want=78, limit=63
[  334.244901][ T9689] attempt to access beyond end of device
[  334.250786][ T9689] loop4: rw=0, want=78, limit=63
[  334.305469][ T9704] attempt to access beyond end of device
[  334.325651][ T9704] loop2: rw=2049, want=78, limit=63
[  334.383255][ T9703] attempt to access beyond end of device
[  334.394685][ T9703] loop2: rw=0, want=78, limit=63
[  334.410993][ T9703] attempt to access beyond end of device
[  334.428898][ T9703] loop2: rw=0, want=78, limit=63
[  334.445030][ T9703] attempt to access beyond end of device
[  334.461611][ T9703] loop2: rw=0, want=78, limit=63
[  334.479411][ T9703] attempt to access beyond end of device
[  334.497350][ T9703] loop2: rw=0, want=78, limit=63
[  334.513898][ T9703] attempt to access beyond end of device
09:22:46 executing program 5:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)

09:22:46 executing program 0:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

[  334.531833][ T9703] loop2: rw=0, want=78, limit=63
[  334.546838][ T9703] attempt to access beyond end of device
[  334.566080][ T9703] loop2: rw=0, want=78, limit=63
09:22:46 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  334.597464][ T9703] attempt to access beyond end of device
[  334.620242][ T9703] loop2: rw=0, want=78, limit=63
[  334.643308][ T9703] attempt to access beyond end of device
[  334.651170][ T9703] loop2: rw=0, want=78, limit=63
[  334.660913][ T9703] attempt to access beyond end of device
[  334.686071][ T9703] loop2: rw=0, want=78, limit=63
[  334.701121][ T9703] attempt to access beyond end of device
[  334.717954][ T9703] loop2: rw=0, want=78, limit=63
[  334.735484][ T9703] attempt to access beyond end of device
[  334.775707][ T9703] loop2: rw=0, want=78, limit=63
[  334.800039][ T9703] attempt to access beyond end of device
[  334.828069][ T9703] loop2: rw=0, want=78, limit=63
09:22:47 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  334.849696][ T9703] attempt to access beyond end of device
[  334.860562][ T9703] loop2: rw=0, want=78, limit=63
[  334.875659][ T9703] attempt to access beyond end of device
[  334.891481][ T9703] loop2: rw=0, want=78, limit=63
[  334.920466][ T9703] attempt to access beyond end of device
[  334.926207][ T9703] loop2: rw=0, want=78, limit=63
[  334.947808][ T9703] attempt to access beyond end of device
[  334.953490][ T9703] loop2: rw=0, want=78, limit=63
[  334.991091][ T9703] attempt to access beyond end of device
[  334.996760][ T9703] loop2: rw=0, want=78, limit=63
[  335.017823][ T9703] attempt to access beyond end of device
[  335.023493][ T9703] loop2: rw=0, want=78, limit=63
[  335.047944][ T9703] attempt to access beyond end of device
[  335.053788][ T9703] loop2: rw=0, want=78, limit=63
[  335.065552][ T9703] attempt to access beyond end of device
[  335.078195][ T9703] loop2: rw=0, want=78, limit=63
09:22:47 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
pipe2(&(0x7f0000000100), 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
read$alg(0xffffffffffffffff, &(0x7f0000000000)=""/200, 0xc8)
socket$inet6(0xa, 0x802, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000300)="2c16698dc2809411d7413c7fe22ca7725b12abfc0d4809651ba9336f6f9c11b57b828a346f8b45fc998817dbad8da8bdd26973f43c53439ad29a8f58b8b0620fd5a0e06d4e18719a82090ef4940773dbcaafb9c9d4362258e31c790954ba103d1fb70390f243d22879c40104e7c77ea9d47e5fb88823c12cbac2d9fdd07a1de5732d228c0dd00e35f8e92d1d76f98a091c9cd4187ab7ed28e70232e5171e57ee00c641129dad573cd18e245dce2e619e6e20a34a5203f78a3ce4e87b821550e40d2c62973bd7b50996896c7b2028eb71225c42e2da09bb43de651749c7efbcfe6f1d4315fed4d6fda612959fd8fb133c7f73e14bf1403f7e5b087dfab6aa3399")
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000600), 0x0)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, 0x0)

[  335.096908][ T9704] attempt to access beyond end of device
[  335.115151][ T9704] loop2: rw=0, want=78, limit=63
[  335.147184][ T9704] attempt to access beyond end of device
[  335.157885][ T9704] loop2: rw=0, want=78, limit=63
[  335.162892][ T9704] attempt to access beyond end of device
09:22:47 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  335.207878][ T9704] loop2: rw=0, want=78, limit=63
[  335.220749][ T9704] attempt to access beyond end of device
[  335.243108][ T9704] loop2: rw=0, want=78, limit=63
09:22:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup3(r8, r7, 0x0)
setsockopt$inet_group_source_req(r9, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  335.359856][   T27] kauditd_printk_skb: 7 callbacks suppressed
[  335.359954][   T27] audit: type=1326 audit(1582276967.464:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9717 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:47 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
waitid(0x0, 0x0, 0x0, 0x0, 0x0)

09:22:47 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  335.651355][   T27] audit: type=1326 audit(1582276967.754:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9757 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
[  335.789980][   T27] audit: type=1804 audit(1582276967.894:82): pid=9756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/63/file0/bus" dev="sda1" ino=16734 res=1
09:22:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r8, r7, 0x0)

[  335.835969][   T27] audit: type=1804 audit(1582276967.924:83): pid=9756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/63/file0/bus" dev="sda1" ino=16734 res=1
[  335.894767][   T27] audit: type=1804 audit(1582276967.924:84): pid=9756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/63/file0/bus" dev="sda1" ino=16734 res=1
09:22:48 executing program 5:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='cgroup\x00', 0x0, 0x0)
getxattr(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000600)=ANY=[@ANYBLOB='o'], 0x0, 0x0)

[  336.255018][   T27] audit: type=1804 audit(1582276968.354:85): pid=9778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/64/file0/bus" dev="loop2" ino=29 res=1
[  336.372502][   T27] audit: type=1804 audit(1582276968.424:86): pid=9784 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/64/file0/bus" dev="loop2" ino=29 res=1
09:22:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r8, r7, 0x0)

09:22:48 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r3, 0xffffffffffffffff)
r4 = accept4$inet6(r3, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r5 = getpid()
sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r6, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
fcntl$setpipe(r8, 0x407, 0x0)
write(r8, &(0x7f0000000340), 0x41395527)
vmsplice(r7, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r10 = socket$inet6(0xa, 0x3, 0x2)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r11, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r12 = dup(0xffffffffffffffff)
write$cgroup_int(r12, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r12, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r10, 0x0, 0x482, &(0x7f00000014c0)=""/205, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r10, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r9, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r9, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  336.467796][   T27] audit: type=1804 audit(1582276968.424:87): pid=9778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/64/file0/bus" dev="loop2" ino=29 res=1
[  336.554060][   T27] audit: type=1326 audit(1582276968.544:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9757 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:22:48 executing program 0:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

09:22:48 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:48 executing program 4:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc)

09:22:48 executing program 3:
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x0, 0x1}, 0xc)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, &(0x7f0000000180)='y\x00', 0x2, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

[  336.825750][   T27] audit: type=1804 audit(1582276968.924:89): pid=9791 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/65/file0/bus" dev="sda1" ino=16698 res=1
09:22:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r8, r7, 0x0)

09:22:49 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pause()

09:22:49 executing program 3:
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x0, 0x1}, 0xc)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, &(0x7f0000000180)='y\x00', 0x2, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  337.174753][ T9818] attempt to access beyond end of device
[  337.187432][ T9818] loop2: rw=2049, want=78, limit=63
[  337.193060][ T9818] buffer_io_error: 113 callbacks suppressed
[  337.193074][ T9818] Buffer I/O error on dev loop2, logical block 77, lost async page write
09:22:49 executing program 3:
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x0, 0x1}, 0xc)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, &(0x7f0000000180)='y\x00', 0x2, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

09:22:49 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)

[  337.535878][ T9833] attempt to access beyond end of device
09:22:49 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  337.607709][ T9833] loop2: rw=2049, want=78, limit=63
[  337.614513][ T9833] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  337.646553][ T9830] attempt to access beyond end of device
[  337.657917][ T9830] loop2: rw=0, want=78, limit=63
[  337.682138][ T9830] Buffer I/O error on dev loop2, logical block 77, async page read
09:22:49 executing program 3:
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x0, 0x1}, 0xc)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, &(0x7f0000000180)='y\x00', 0x2, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x39, 0x4023, 0x11})
r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl(r0, 0xffffffffffffffb2, &(0x7f0000000000))

[  337.780599][ T9830] attempt to access beyond end of device
[  337.787780][ T9830] loop2: rw=0, want=78, limit=63
[  337.809372][ T9830] Buffer I/O error on dev loop2, logical block 77, async page read
[  337.896261][ T9830] attempt to access beyond end of device
[  337.947066][ T9830] loop2: rw=0, want=78, limit=63
[  337.979491][ T9830] Buffer I/O error on dev loop2, logical block 77, async page read
[  338.026127][ T9830] attempt to access beyond end of device
[  338.054915][ T9830] loop2: rw=0, want=78, limit=63
[  338.074241][ T9830] Buffer I/O error on dev loop2, logical block 77, async page read
[  338.126616][ T9830] attempt to access beyond end of device
[  338.144455][ T9830] loop2: rw=0, want=78, limit=63
[  338.167686][ T9830] Buffer I/O error on dev loop2, logical block 77, async page read
[  338.210843][ T9830] attempt to access beyond end of device
[  338.216523][ T9830] loop2: rw=0, want=78, limit=63
[  338.240600][ T9830] Buffer I/O error on dev loop2, logical block 77, async page read
[  338.248639][ T9830] attempt to access beyond end of device
[  338.254280][ T9830] loop2: rw=0, want=78, limit=63
[  338.267814][ T9830] Buffer I/O error on dev loop2, logical block 77, async page read
[  338.279184][ T9830] attempt to access beyond end of device
[  338.290769][ T9830] loop2: rw=0, want=78, limit=63
[  338.303124][ T9830] Buffer I/O error on dev loop2, logical block 77, async page read
[  338.320108][ T9830] attempt to access beyond end of device
[  338.331492][ T9830] loop2: rw=0, want=78, limit=63
[  338.343377][ T9830] attempt to access beyond end of device
[  338.354733][ T9830] loop2: rw=0, want=78, limit=63
09:22:50 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = dup3(r1, r0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r5, 0xc02c5341, 0x0)

09:22:50 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

09:22:50 executing program 3:
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000240)={[], [], 0x2})

[  338.367461][ T9830] attempt to access beyond end of device
[  338.382270][ T9830] loop2: rw=0, want=78, limit=63
[  338.393598][ T9830] attempt to access beyond end of device
[  338.408224][ T9830] loop2: rw=0, want=78, limit=63
[  338.419973][ T9830] attempt to access beyond end of device
[  338.430080][ T9830] loop2: rw=0, want=78, limit=63
[  338.455214][ T9830] attempt to access beyond end of device
[  338.463658][ T9862] overlayfs: unrecognized mount option "" or missing value
09:22:50 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet6(0xa, 0x802, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(r0, r1, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
socket$inet6(0xa, 0x0, 0x0)

[  338.473763][ T9830] loop2: rw=0, want=78, limit=63
[  338.478848][ T9830] attempt to access beyond end of device
[  338.495700][ T9830] loop2: rw=0, want=78, limit=63
09:22:50 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  338.523329][ T9830] attempt to access beyond end of device
09:22:50 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  338.546708][ T9830] loop2: rw=0, want=78, limit=63
09:22:50 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r4, r3)
r5 = accept4$inet6(r4, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r6 = getpid()
sched_setattr(r6, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r7, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x0, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
fcntl$F_GET_RW_HINT(r9, 0x40b, &(0x7f0000000300))
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
r12 = dup(0xffffffffffffffff)
write$uinput_user_dev(r12, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001]}, 0x45c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  338.577901][ T9830] attempt to access beyond end of device
[  338.613868][ T9830] loop2: rw=0, want=78, limit=63
[  338.630332][ T9830] attempt to access beyond end of device
[  338.651810][ T9830] loop2: rw=0, want=78, limit=63
[  338.666557][ T9830] attempt to access beyond end of device
[  338.698119][ T9830] loop2: rw=0, want=78, limit=63
[  338.715398][ T9830] attempt to access beyond end of device
[  338.733566][ T9830] loop2: rw=0, want=78, limit=63
09:22:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  339.123243][ T9896] attempt to access beyond end of device
[  339.147201][ T9896] loop2: rw=2049, want=78, limit=63
[  339.180815][ T9893] attempt to access beyond end of device
[  339.203812][ T9893] loop2: rw=0, want=78, limit=63
[  339.238738][ T9893] attempt to access beyond end of device
[  339.255132][ T9893] loop2: rw=0, want=78, limit=63
[  339.266467][ T9893] attempt to access beyond end of device
[  339.286778][ T9893] loop2: rw=0, want=78, limit=63
[  339.291867][ T9893] attempt to access beyond end of device
[  339.297548][ T9893] loop2: rw=0, want=78, limit=63
[  339.302646][ T9893] attempt to access beyond end of device
[  339.308425][ T9893] loop2: rw=0, want=78, limit=63
[  339.313439][ T9893] attempt to access beyond end of device
[  339.320100][ T9893] loop2: rw=0, want=78, limit=63
[  339.325341][ T9893] attempt to access beyond end of device
[  339.331083][ T9893] loop2: rw=0, want=78, limit=63
[  339.336232][ T9893] attempt to access beyond end of device
[  339.341954][ T9893] loop2: rw=0, want=78, limit=63
[  339.347018][ T9893] attempt to access beyond end of device
[  339.352814][ T9893] loop2: rw=0, want=78, limit=63
[  339.358057][ T9893] attempt to access beyond end of device
[  339.363771][ T9893] loop2: rw=0, want=78, limit=63
[  339.369011][ T9893] attempt to access beyond end of device
[  339.375902][ T9893] loop2: rw=0, want=78, limit=63
[  339.390275][ T9893] attempt to access beyond end of device
[  339.402251][ T9893] loop2: rw=0, want=78, limit=63
[  339.412496][ T9893] attempt to access beyond end of device
[  339.420955][ T9893] loop2: rw=0, want=78, limit=63
[  339.426104][ T9893] attempt to access beyond end of device
[  339.432782][ T9893] loop2: rw=0, want=78, limit=63
[  339.437968][ T9893] attempt to access beyond end of device
[  339.443772][ T9893] loop2: rw=0, want=78, limit=63
[  339.452297][ T9893] attempt to access beyond end of device
[  339.458124][ T9893] loop2: rw=0, want=78, limit=63
[  339.463451][ T9893] attempt to access beyond end of device
[  339.473046][ T9893] loop2: rw=0, want=78, limit=63
[  339.478259][ T9893] attempt to access beyond end of device
[  339.483999][ T9893] loop2: rw=0, want=78, limit=63
09:22:51 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  339.498727][ T9893] attempt to access beyond end of device
[  339.515973][ T9893] loop2: rw=0, want=78, limit=63
[  339.534880][ T9893] attempt to access beyond end of device
[  339.555159][ T9893] loop2: rw=0, want=78, limit=63
09:22:51 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r4, r3)
r5 = accept4$inet6(r4, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r6 = getpid()
sched_setattr(r6, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r7, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x0, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
fcntl$F_GET_RW_HINT(r9, 0x40b, &(0x7f0000000300))
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
r12 = dup(0xffffffffffffffff)
write$uinput_user_dev(r12, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001]}, 0x45c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

09:22:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:51 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:52 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  340.333765][ T9937] attempt to access beyond end of device
[  340.373945][ T9937] loop2: rw=2049, want=78, limit=63
[  340.382899][ T9936] attempt to access beyond end of device
[  340.397802][ T9936] loop2: rw=0, want=78, limit=63
[  340.411114][ T9936] attempt to access beyond end of device
09:22:52 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

09:22:52 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet6(0xa, 0x802, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(r0, r1, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
socket$inet6(0xa, 0x0, 0x0)

[  340.427760][ T9936] loop2: rw=0, want=78, limit=63
[  340.447307][ T9936] attempt to access beyond end of device
09:22:52 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  340.495540][ T9936] loop2: rw=0, want=78, limit=63
[  340.507898][ T9936] attempt to access beyond end of device
[  340.523971][ T9936] loop2: rw=0, want=78, limit=63
[  340.546431][ T9936] attempt to access beyond end of device
[  340.568644][ T9936] loop2: rw=0, want=78, limit=63
[  340.586062][ T9936] attempt to access beyond end of device
09:22:52 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r4, r3)
r5 = accept4$inet6(r4, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r6 = getpid()
sched_setattr(r6, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r7, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x0, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
fcntl$F_GET_RW_HINT(r9, 0x40b, &(0x7f0000000300))
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
r12 = dup(0xffffffffffffffff)
write$uinput_user_dev(r12, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001]}, 0x45c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

[  340.617245][ T9936] loop2: rw=0, want=78, limit=63
[  340.635849][ T9936] attempt to access beyond end of device
[  340.653867][ T9936] loop2: rw=0, want=78, limit=63
[  340.669988][ T9936] attempt to access beyond end of device
[  340.687958][ T9936] loop2: rw=0, want=78, limit=63
[  340.705204][ T9936] attempt to access beyond end of device
[  340.722349][ T9936] loop2: rw=0, want=78, limit=63
[  340.745949][ T9936] attempt to access beyond end of device
[  340.764849][ T9936] loop2: rw=0, want=78, limit=63
[  340.776769][ T9936] attempt to access beyond end of device
[  340.792813][ T9936] loop2: rw=0, want=78, limit=63
[  340.805689][ T9936] attempt to access beyond end of device
[  340.827775][ T9936] loop2: rw=0, want=78, limit=63
[  340.840679][ T9936] attempt to access beyond end of device
[  340.871964][ T9936] loop2: rw=0, want=78, limit=63
[  340.891839][ T9936] attempt to access beyond end of device
[  340.915489][ T9936] loop2: rw=0, want=78, limit=63
[  340.935097][ T9936] attempt to access beyond end of device
[  340.989795][ T9936] loop2: rw=0, want=78, limit=63
[  341.013410][ T9936] attempt to access beyond end of device
[  341.042597][ T9936] loop2: rw=0, want=78, limit=63
[  341.083234][ T9936] attempt to access beyond end of device
[  341.096861][   T27] kauditd_printk_skb: 23 callbacks suppressed
[  341.096880][   T27] audit: type=1800 audit(1582276973.194:113): pid=9948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16748 res=0
[  341.111031][ T9936] loop2: rw=0, want=78, limit=63
[  341.134040][ T9936] attempt to access beyond end of device
[  341.140195][ T9936] loop2: rw=0, want=78, limit=63
[  341.145300][ T9936] attempt to access beyond end of device
[  341.153942][ T9936] loop2: rw=0, want=78, limit=63
[  341.159269][ T9936] attempt to access beyond end of device
[  341.165005][ T9936] loop2: rw=0, want=78, limit=63
[  341.194192][   T27] audit: type=1804 audit(1582276973.264:114): pid=9948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir805191169/syzkaller.uGShOs/67/file0" dev="sda1" ino=16748 res=1
09:22:53 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:53 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r6, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:53 executing program 0:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet6(0xa, 0x802, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(r0, r1, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
socket$inet6(0xa, 0x0, 0x0)

[  341.693903][   T27] audit: type=1804 audit(1582276973.794:115): pid=9979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/71/file0/bus" dev="loop2" ino=35 res=1
[  341.764229][ T9979] attempt to access beyond end of device
[  341.775612][   T27] audit: type=1804 audit(1582276973.824:116): pid=9979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/71/file0/bus" dev="loop2" ino=35 res=1
09:22:53 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0)
dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

09:22:53 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

[  341.820676][ T9979] loop2: rw=2049, want=78, limit=63
[  341.824838][   T27] audit: type=1804 audit(1582276973.824:117): pid=9979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/71/file0/bus" dev="loop2" ino=35 res=1
[  341.926892][ T9977] attempt to access beyond end of device
[  341.937811][ T9977] loop2: rw=0, want=78, limit=63
[  341.964105][ T9977] attempt to access beyond end of device
09:22:54 executing program 3:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet6(0xa, 0x802, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(r0, r1, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
socket$inet6(0xa, 0x0, 0x0)

[  342.002516][ T9977] loop2: rw=0, want=78, limit=63
[  342.022567][ T9977] attempt to access beyond end of device
[  342.045981][ T9977] loop2: rw=0, want=78, limit=63
[  342.056882][ T9977] attempt to access beyond end of device
[  342.102266][ T9977] loop2: rw=0, want=78, limit=63
[  342.115872][ T9977] attempt to access beyond end of device
[  342.128340][ T9977] loop2: rw=0, want=78, limit=63
[  342.140199][ T9977] attempt to access beyond end of device
[  342.149143][ T9977] loop2: rw=0, want=78, limit=63
[  342.161473][ T9977] attempt to access beyond end of device
[  342.191507][ T9977] loop2: rw=0, want=78, limit=63
[  342.207771][ T9977] buffer_io_error: 61 callbacks suppressed
[  342.207784][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
[  342.228984][ T9977] attempt to access beyond end of device
[  342.239227][ T9977] loop2: rw=0, want=78, limit=63
[  342.252436][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
[  342.270495][ T9977] attempt to access beyond end of device
[  342.283959][ T9977] loop2: rw=0, want=78, limit=63
[  342.296746][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
09:22:54 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  342.316936][ T9977] attempt to access beyond end of device
[  342.338871][ T9977] loop2: rw=0, want=78, limit=63
[  342.352782][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
[  342.372195][ T9977] attempt to access beyond end of device
[  342.385808][ T9977] loop2: rw=0, want=78, limit=63
[  342.396434][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
[  342.418341][ T9977] attempt to access beyond end of device
[  342.433791][ T9977] loop2: rw=0, want=78, limit=63
[  342.449856][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
[  342.482058][ T9977] attempt to access beyond end of device
[  342.500036][ T9977] loop2: rw=0, want=78, limit=63
[  342.517669][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
[  342.532037][   T27] audit: type=1800 audit(1582276974.634:118): pid=9985 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16749 res=0
[  342.575804][ T9977] attempt to access beyond end of device
[  342.600328][ T9977] loop2: rw=0, want=78, limit=63
[  342.620708][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
[  342.629081][   T27] audit: type=1804 audit(1582276974.694:119): pid=9985 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir865095362/syzkaller.81kqZv/75/file0" dev="sda1" ino=16749 res=1
[  342.687676][ T9977] attempt to access beyond end of device
[  342.721648][ T9977] loop2: rw=0, want=78, limit=63
[  342.747408][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
[  342.797795][ T9977] attempt to access beyond end of device
[  342.817678][ T9977] loop2: rw=0, want=78, limit=63
[  342.830131][ T9977] Buffer I/O error on dev loop2, logical block 77, async page read
09:22:55 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0)
dup(0xffffffffffffffff)

[  342.847079][ T9977] attempt to access beyond end of device
[  342.862275][ T9977] loop2: rw=0, want=78, limit=63
[  342.873143][ T9977] attempt to access beyond end of device
[  342.939954][ T9977] loop2: rw=0, want=78, limit=63
[  342.976156][ T9977] attempt to access beyond end of device
[  342.997818][ T9977] loop2: rw=0, want=78, limit=63
[  343.000518][   T27] audit: type=1800 audit(1582276975.104:120): pid=9994 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16762 res=0
[  343.002868][ T9977] attempt to access beyond end of device
[  343.067780][ T9977] loop2: rw=0, want=78, limit=63
[  343.067809][   T27] audit: type=1804 audit(1582276975.134:121): pid=10012 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir805191169/syzkaller.uGShOs/68/file0" dev="sda1" ino=16762 res=1
09:22:55 executing program 0:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet6(0xa, 0x802, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(r0, r1, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
socket$inet6(0xa, 0x0, 0x0)

09:22:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:55 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, 0x0)

09:22:55 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  343.492380][   T27] audit: type=1804 audit(1582276975.594:122): pid=10025 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/72/file0/bus" dev="loop2" ino=36 res=1
[  343.552105][T10025] attempt to access beyond end of device
[  343.602444][T10025] loop2: rw=2049, want=78, limit=63
09:22:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:55 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28837e4a8100000000000001e500f35910074a00c6a80dfe80000006000000000000ff6bcad0964e69f9efa5c7cea88b044343f72ad8a58202df01f7b06e09b7d94c0d0a432f7c6f0a65519254231b5ed89132d54196c71f42879e22fa900af7ccb8249fdc7859226d9f81d6d209538f3afac20dd72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00365f0c891685447ace66617811fd000000eae0247d92dfde8b84309c4d17990f1738824e531710bf192f71356384353b0da6bb67c20340d76e98d336d8f16552b2846f124e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de3311ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21aa8b2896e0fb278349cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf89d3b9c2ecc33af01cc2f5f0b090880fb9f28459615fe061acf6231701844566b4558b3fd00ad6d6935d92f386121e7612fdcdb178179e0678f4639404249c0eac91e32f021c15279c119aacc6824bf6c1ccd928db57ac79184e84e2457520585ccb7025cdb035652b5e760a56534a61b3f7a80eed55047dc0b50225fb3878e5e58b363dfd42c1d31aeea8e4a16ab4f735c06d3e9e9540a58490bb373389c77b04c08554d7267cbdb2ad91af4bb5c4c2ebe696cc8fa4b03770bcb44deaf6a9db15c290e09f5015528415730edcd0e018d6558a1b1c9a579aa2129d5bab45f127c3947926ff07628c1c7d45aa350c37a0c67c0fcba07816421488d178599ba32641e90000"], 0x1)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r4, r3)
r5 = accept4$inet6(r4, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r6 = getpid()
sched_setattr(r6, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r7, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x2)
getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x0, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
fcntl$F_GET_RW_HINT(r9, 0x40b, &(0x7f0000000300))
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
r12 = dup(0xffffffffffffffff)
write$uinput_user_dev(r12, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001]}, 0x45c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

09:22:56 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0)

09:22:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:56 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  344.502273][T10065] attempt to access beyond end of device
[  344.522921][T10065] loop2: rw=2049, want=78, limit=63
09:22:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:56 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]})
sched_setattr(0x0, 0x0, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pause()

09:22:56 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)

09:22:57 executing program 0:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet6(0xa, 0x802, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(r0, r1, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
socket$inet6(0xa, 0x0, 0x0)

09:22:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:57 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))

09:22:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:57 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x1000400, 0x0, 0x7c02, 0x220, 0x0, 0x220, 0x330, 0x330, 0x330, 0x330, 0x330, 0x3, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'ip6gretap0\x00', 'vxcan1\x00'}, 0x0, 0x1f0, 0x220, 0x0, {}, [@common=@unspec=@conntrack1={{0xb8, 'conntrack\x00'}, {{@ipv4=@multicast1, [], @ipv4=@broadcast, [], @ipv4=@broadcast, [], @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, @common=@srh1={{0x90, 'srh\x00'}, {0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @loopback, @ipv4={[], [], @local}}}]}, @common=@inet=@SET2={0x30, 'SET\x00'}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460)

09:22:57 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2f)

09:22:58 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:58 executing program 3:
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000180)=ANY=[@ANYBLOB="6c0200810000738bfe880000000000000000000000000101"], 0x18)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
r2 = dup2(r0, r1)
write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0xd10a)
clone(0x20000000, &(0x7f00000000c0)="9ca409f3b86f5305fffd4a9858e508e02706132c299aba427d45da83a762f9ebdc3a417ee1fa5ba6ac1e42de9a6b4326bd7ba7f8118791cfc1193f54c75cc9ca057d2d91c14d3e0e2cb74b1392a6542aa8d8b05fecbe1760bd6fe524a461fa76ec266e6a67355107eb836c6e5b1fdab9d2c48ce37c9d5c2c09665cf78d", &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000200)="b99f1f0f0be82738ded5cabfe4645aa2b9bd21d3a43c5cf3f1944f418df83f058acc275744ab50e2323ae58ee7bb8e61077c18312c91fea2db6ed23ed4410ce0ba81689a")
syz_open_dev$tty1(0xc, 0x4, 0x1)

[  346.284293][   T27] kauditd_printk_skb: 14 callbacks suppressed
[  346.284313][   T27] audit: type=1804 audit(1582276978.384:137): pid=10137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/78/file0/bus" dev="loop2" ino=41 res=1
[  346.374718][   T27] audit: type=1804 audit(1582276978.454:138): pid=10143 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/78/file0/bus" dev="loop2" ino=41 res=1
09:22:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:58 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)
socket(0x10, 0x2, 0x0)

09:22:58 executing program 0:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet6(0xa, 0x802, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write(r0, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(r0, r1, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000140))
socket$inet6(0xa, 0x0, 0x0)

09:22:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:22:59 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:22:59 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000140))

09:22:59 executing program 3:
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000180)=ANY=[@ANYBLOB="6c0200810000738bfe880000000000000000000000000101"], 0x18)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
r2 = dup2(r0, r1)
write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0xd10a)
clone(0x20000000, &(0x7f00000000c0)="9ca409f3b86f5305fffd4a9858e508e02706132c299aba427d45da83a762f9ebdc3a417ee1fa5ba6ac1e42de9a6b4326bd7ba7f8118791cfc1193f54c75cc9ca057d2d91c14d3e0e2cb74b1392a6542aa8d8b05fecbe1760bd6fe524a461fa76ec266e6a67355107eb836c6e5b1fdab9d2c48ce37c9d5c2c09665cf78d", &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000200)="b99f1f0f0be82738ded5cabfe4645aa2b9bd21d3a43c5cf3f1944f418df83f058acc275744ab50e2323ae58ee7bb8e61077c18312c91fea2db6ed23ed4410ce0ba81689a")
syz_open_dev$tty1(0xc, 0x4, 0x1)

[  347.273274][   T27] audit: type=1800 audit(1582276979.374:139): pid=10171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16546 res=0
09:22:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  347.384020][   T27] audit: type=1804 audit(1582276979.414:140): pid=10171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir865095362/syzkaller.81kqZv/78/file0" dev="sda1" ino=16546 res=1
09:22:59 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)

09:22:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r3, r2, 0x0)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  347.948531][   T27] audit: type=1804 audit(1582276980.054:141): pid=10209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/82/file0/bus" dev="loop2" ino=44 res=1
[  347.955431][T10209] attempt to access beyond end of device
[  347.979519][T10209] loop2: rw=2049, want=78, limit=63
[  347.985567][T10209] buffer_io_error: 6 callbacks suppressed
09:23:00 executing program 3:
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000180)=ANY=[@ANYBLOB="6c0200810000738bfe880000000000000000000000000101"], 0x18)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
r2 = dup2(r0, r1)
write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0xd10a)
clone(0x20000000, &(0x7f00000000c0)="9ca409f3b86f5305fffd4a9858e508e02706132c299aba427d45da83a762f9ebdc3a417ee1fa5ba6ac1e42de9a6b4326bd7ba7f8118791cfc1193f54c75cc9ca057d2d91c14d3e0e2cb74b1392a6542aa8d8b05fecbe1760bd6fe524a461fa76ec266e6a67355107eb836c6e5b1fdab9d2c48ce37c9d5c2c09665cf78d", &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000200)="b99f1f0f0be82738ded5cabfe4645aa2b9bd21d3a43c5cf3f1944f418df83f058acc275744ab50e2323ae58ee7bb8e61077c18312c91fea2db6ed23ed4410ce0ba81689a")
syz_open_dev$tty1(0xc, 0x4, 0x1)

[  347.985585][T10209] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  348.011754][   T27] audit: type=1804 audit(1582276980.054:142): pid=10209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/82/file0/bus" dev="loop2" ino=44 res=1
09:23:00 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r3, r2, 0x0)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  348.377347][   T27] audit: type=1804 audit(1582276980.474:143): pid=10229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/83/file0/bus" dev="loop2" ino=45 res=1
09:23:00 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:00 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r3, r2, 0x0)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  348.422383][T10229] attempt to access beyond end of device
[  348.440314][T10229] loop2: rw=2049, want=78, limit=63
[  348.445566][T10229] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  348.543900][   T27] audit: type=1804 audit(1582276980.514:144): pid=10229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/83/file0/bus" dev="loop2" ino=45 res=1
09:23:00 executing program 0:
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000180)=ANY=[@ANYBLOB="6c0200810000738bfe880000000000000000000000000101"], 0x18)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
r2 = dup2(r0, r1)
write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0xd10a)
clone(0x20000000, &(0x7f00000000c0)="9ca409f3b86f5305fffd4a9858e508e02706132c299aba427d45da83a762f9ebdc3a417ee1fa5ba6ac1e42de9a6b4326bd7ba7f8118791cfc1193f54c75cc9ca057d2d91c14d3e0e2cb74b1392a6542aa8d8b05fecbe1760bd6fe524a461fa76ec266e6a67355107eb836c6e5b1fdab9d2c48ce37c9d5c2c09665cf78d", &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000200)="b99f1f0f0be82738ded5cabfe4645aa2b9bd21d3a43c5cf3f1944f418df83f058acc275744ab50e2323ae58ee7bb8e61077c18312c91fea2db6ed23ed4410ce0ba81689a")
syz_open_dev$tty1(0xc, 0x4, 0x1)

09:23:00 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x666c611dbfd5b0, 0x0)

09:23:00 executing program 3:
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000180)=ANY=[@ANYBLOB="6c0200810000738bfe880000000000000000000000000101"], 0x18)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
r2 = dup2(r0, r1)
write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0xd10a)
clone(0x20000000, &(0x7f00000000c0)="9ca409f3b86f5305fffd4a9858e508e02706132c299aba427d45da83a762f9ebdc3a417ee1fa5ba6ac1e42de9a6b4326bd7ba7f8118791cfc1193f54c75cc9ca057d2d91c14d3e0e2cb74b1392a6542aa8d8b05fecbe1760bd6fe524a461fa76ec266e6a67355107eb836c6e5b1fdab9d2c48ce37c9d5c2c09665cf78d", &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000200)="b99f1f0f0be82738ded5cabfe4645aa2b9bd21d3a43c5cf3f1944f418df83f058acc275744ab50e2323ae58ee7bb8e61077c18312c91fea2db6ed23ed4410ce0ba81689a")
syz_open_dev$tty1(0xc, 0x4, 0x1)

[  348.879684][   T27] audit: type=1804 audit(1582276980.984:145): pid=10238 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/84/file0/bus" dev="sda1" ino=16737 res=1
[  348.982877][   T27] audit: type=1804 audit(1582276980.984:146): pid=10238 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/84/file0/bus" dev="sda1" ino=16737 res=1
09:23:01 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r2, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:01 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val={0x0, 0x0, 0x3}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:01 executing program 0:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000000, 0x0)
getpid()
tkill(0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00')
preadv(r0, &(0x7f0000000140)=[{0x0, 0x300}, {&(0x7f0000000380)=""/141, 0x8d}], 0x2, 0x1ff)

09:23:01 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)

09:23:01 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  349.582156][T10270] attempt to access beyond end of device
[  349.597130][T10270] loop2: rw=2049, want=78, limit=63
[  349.625523][T10270] Buffer I/O error on dev loop2, logical block 77, lost async page write
09:23:01 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="08418330e91000105ab071")
r1 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x88880, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @dev}, 0x1c)
sendto$inet6(r1, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f0000000000), 0x4)

09:23:01 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r2, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:02 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:02 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="08418330e91000105ab071")
r1 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x88880, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @dev}, 0x1c)
sendto$inet6(r1, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f0000000000), 0x4)

09:23:02 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val={0x0, 0x0, 0x3}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:02 executing program 0:
r0 = mq_open(&(0x7f0000000100)='-$\x00', 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x14000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x0)
socket$alg(0x26, 0x5, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000000, 0x0)
r1 = getpid()
tkill(r1, 0x9)
r2 = epoll_create(0x1)
writev(r0, &(0x7f0000000200)=[{0x0}, {&(0x7f0000000080)="ae53a94518baa449cbe37c87761f7157f7b05bedea4c59829841d390b5cfe5b3a5d032f9a1900eca4613008d0c74849e2f4eea198f721f72b9533b2fa2ac4302afe3f1829767b2219d4d6c", 0x4b}], 0x2)
fcntl$setstatus(r2, 0x4, 0x42400)
semctl$GETALL(0x0, 0x0, 0xd, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000bc0)=ANY=[], 0x0)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x0])
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40080, 0x0, 0x0)

[  350.154345][T10297] attempt to access beyond end of device
[  350.208153][T10297] loop2: rw=2049, want=78, limit=63
[  350.214258][T10297] Buffer I/O error on dev loop2, logical block 77, lost async page write
09:23:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r2, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:02 executing program 1:
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:02 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  350.707260][T10323] attempt to access beyond end of device
[  350.740075][T10323] loop2: rw=2049, want=78, limit=63
09:23:02 executing program 3:
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000180)=ANY=[@ANYBLOB="6c0200810000738bfe880000000000000000000000000101"], 0x18)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
r2 = dup2(r0, r1)
write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0xd10a)
clone(0x20000000, &(0x7f00000000c0)="9ca409f3b86f5305fffd4a9858e508e02706132c299aba427d45da83a762f9ebdc3a417ee1fa5ba6ac1e42de9a6b4326bd7ba7f8118791cfc1193f54c75cc9ca057d2d91c14d3e0e2cb74b1392a6542aa8d8b05fecbe1760bd6fe524a461fa76ec266e6a67355107eb836c6e5b1fdab9d2c48ce37c9d5c2c09665cf78d", &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000200)="b99f1f0f0be82738ded5cabfe4645aa2b9bd21d3a43c5cf3f1944f418df83f058acc275744ab50e2323ae58ee7bb8e61077c18312c91fea2db6ed23ed4410ce0ba81689a")

[  350.775184][T10323] Buffer I/O error on dev loop2, logical block 77, lost async page write
09:23:03 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x12000)

09:23:03 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})

09:23:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = dup3(0xffffffffffffffff, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:03 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:03 executing program 3:
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000180)=ANY=[@ANYBLOB="6c0200810000738bfe880000000000000000000000000101"], 0x18)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
r2 = dup2(r0, r1)
write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0xd10a)
clone(0x20000000, &(0x7f00000000c0)="9ca409f3b86f5305fffd4a9858e508e02706132c299aba427d45da83a762f9ebdc3a417ee1fa5ba6ac1e42de9a6b4326bd7ba7f8118791cfc1193f54c75cc9ca057d2d91c14d3e0e2cb74b1392a6542aa8d8b05fecbe1760bd6fe524a461fa76ec266e6a67355107eb836c6e5b1fdab9d2c48ce37c9d5c2c09665cf78d", &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000200)="b99f1f0f0be82738ded5cabfe4645aa2b9bd21d3a43c5cf3f1944f418df83f058acc275744ab50e2323ae58ee7bb8e61077c18312c91fea2db6ed23ed4410ce0ba81689a")

[  351.334057][   T27] kauditd_printk_skb: 6 callbacks suppressed
[  351.334093][   T27] audit: type=1804 audit(1582276983.434:153): pid=10350 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/88/file0/bus" dev="loop2" ino=49 res=1
[  351.463314][   T27] audit: type=1804 audit(1582276983.504:154): pid=10350 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/88/file0/bus" dev="loop2" ino=49 res=1
09:23:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = dup3(0xffffffffffffffff, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:03 executing program 1:
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  351.718696][   T27] audit: type=1804 audit(1582276983.824:155): pid=10369 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/89/file0/bus" dev="loop2" ino=50 res=1
[  351.752506][T10369] attempt to access beyond end of device
[  351.760784][T10369] loop2: rw=2049, want=78, limit=63
09:23:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = dup3(0xffffffffffffffff, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  351.766106][T10369] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  351.775045][   T27] audit: type=1804 audit(1582276983.854:156): pid=10369 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/89/file0/bus" dev="loop2" ino=50 res=1
09:23:03 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:03 executing program 3:
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(&(0x7f0000000280)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='ext4\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x5, &(0x7f0000002340)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5e43296477c2079f73", 0x3a, 0x3fc}, {&(0x7f00000001c0)="7649fa8b60ea69449c40e6f532f2f76a940ce1e4a2cd7ae487e9b9fdaf858ff42499b1836e3ae7e885504ea2ec15b80119cc33d400d6f17b67a3aaa6255e57acc687bd9518ec5e83737238232e7f8c417aa344a31b0190f96371a18d80b0bf368906a96fa98fc3340c61906fc9e8525f", 0x70, 0x9}, {&(0x7f00000023c0)="89d561bb8f17e3f2c5648dd597325fde737ecbea54e58a5cbe537e549dfe84747122c23d94a135c7d0a61fd4e070a726459f3fe3ba9a08f7e003287b2a914092c36aaed881c9103f8a257186bf9956572d14833f3d125b8d3eab7957218733f76cb351130c4bb2b114e0106b435107f632d7d1cce15aa81828e7e5874b5d4522dabae1962c0f0b3504e4d5fe485294836cfebd3b6b6823b1452ee97b9c0cb7a00ea3111376328408b07854b45b2ca40fe168a2979a45434a9d943f2c6cd48d0aceb2dad8930afeacf968f315c93f33d67448d244408ca789a8bc6e68210049cea6c3c33570262cc6d89efe7155e4632f3998bf3ec4cc5beba4a8b2b805d397601838340df9fc5630b26a3762fadbc0efe8e1b7acb62d698f0b6366e081eeec02b550cdc09760dd058c47c60607c13d51d5e50f8299324c453809e93472d6810838d52b0e460ebd52f5767714fefb0479e970a370f4ceb4f04d05927530ec13c1cde5ce75dc36f4613bcd5733955f27985ed862e03012155b318f9f64da904528ffabb80b2344a64c30dd5579e005474ae4d57ac71dd72d6ab1c0bbcee20ce73334a1ba09d9d858ec26c7dba71de3721d2cb1ccd3a7df48a99242769f8fe115be1d4b7a360ee33fceaa88fd84c9adba833cc0aa456da0ebe24ec6e2d89db2f93186f9d8c669da3e2af7e3a357ed724eebbbbb7cc44f3d5900c6af9079d8f98f0a5497f06b044c89f0039006352b770cbb8e98c575889d40f94cb4fb31c66b7d4d6f99a0ee35bdd6d9389a269bece37e5ccc9ea22d43ed855affb2fee762a49415fbc19df76de9fef0ab5c30235b799084d6ac677abbc279e896fd553f693ca88e4e4b2b3287d8c07954dada29a890ca864099cf235a6793b2b4ba22f53119d399bb2116f78166d9e60250647fd481b68bc73e8f73a52b3c874f58587f0a20970ab492aefb902e16b89022477a6839641448b8e1f81b35669797a01efc2f51daded17dc5d81f59905d8aa2aebaf097d84796ee185c90b7fc68b6900f49e20ecf953d1e56d65478d5efc624c52b2a3135652f4334432f8c8c8359e15e4064a4125d8fcdcef2f7d44509791b64eba57d097173f62f8ab04796268443bd720ab981da6e6970587f8649396140c9c471f941f19641dee17add467f95a702489c35b124208fd4125370b35ef9fd2453ccc6d3cdaebaff62c4c8d5a3985e1436f6f2d9a8bd0aba617611f32c53ce60501a292b916f06f7e25ff167cbddbbba5c18949280d60d596684386d1ff97bc129b66f6ba87ecaa3af29ceab12f0eb85d655568aef60f24dd682637d31fdc76d577b0f99817b5703a3c9441f63bd239878677bfa31f9172ebe2e0f96a265efd4b45c57ea39b6335ef6eb35b4c2ed2907884b36bfd7f34efa3ba137032d460c09f04e2a58b46bb8e574ae81e387b082f2a83712656a07ea4c0e1c8878b24b34897c24d6c23e0f5ca075d1407dd74cf0baf4cdbb3c26bcee2d3d6df01641af82c88620c53cbe9b18aedef86a699700441967776a2ac7eb6e0847bbb8073e6239ffefbaeb216de09c542450ac717a0e8977fc4d5cd128659e2503ae4db9d8349f9440ad03ae6841827f42feb60b3fe04eff26bb97779b2a10f42d9f36caa0650457a73f96f15f1f793a9d5309926cd2f76324ce4b84666a1cc2119928be576e210ee04fe6db619bc86c0898fc4c142f5306d693239de8cca78a8a7b8abe733e984c410832023acbc83a8925c2c24b5d87e406ce30f1a55acc2ae05cc41cb71351a9db0902c1871682c29f66ddbe52859e8b1410e6340d4619b375a2c53a74aaf7fc5be19b27ad23e9e26843832010536a31b9cdfeb493bcd435c0ce629d087afaaaab8ba602d215d54bbdf46a59ccd1becbab95f05a7adcf2ef0356ce5a2fbbc66f4498adcf5a0b20b238d4473c6120c17a6394cc48b13aaf8e4cf896b6ea9572751d7a56cd441e9428d64b45743d1cf1129ef92fdd1dd2b1dbffc947ef6c80aa137020fd890ddd08f16f0ae6b56048684cf4dcf0bb11eef38c8e0d07688c6af64b30eba21932206a7e86d96ecb56b5825705d3298f986b5629e31a8c289fe38fa32100bfb40deec489ea7ce3559b2ff8f465d59bb2d948242fbec192e2bbc61eb19b7539d96f70fe7c53ae07d60ca39828ff3294f1217a63594503e40ebc1af3f60623aa67b06449bd7dbac128f797427064d6dccd20c451a71177da258600271e8d10b7386bc71aca20f583248b318282f5e14b7ef6210f11ecf5f8979fd8dbae1ad5eea4c632c1669e853a560ab2ae6ea756fe17d744582ecec14dfa8795a93d9e39560a570ddb245f8c766e02da4f6742d8b67d8a334cd196c7618623c0e578326336ee79358090d46932dff0b199118bdb4ac5747ce64fac271124179a475706dffe5e9bad4318dc3b7e817615e1f3988cbcca7ed0466e2cd39247fff549c304088291d01beb99279925cc09eee3b65fb8785ade1de3f129204784bb9f87a033fbc7fad15282c183c854ffb4b32a427fe7f99f438c3210167b6c5e452eb27978e50df58de9e66cf2414ff93e0f20ca8a29c1933457eed4390878356790e4837896d81798e9ffdbcdd33925820de42decbe015d9337f2fa27e4123b37dcdb5e8cf7a2d29479e3af78c9b44b1d3e64efbf0009fbeae0e6370863bfae0002af0950437eab3bc027c07151e15d4df1c7620b9dede9c72c429bf3c2297ee8fd85faf3e9da8892607e0ac600202e58e28c900d22beb0cb6b2584e6a2c4629bb621ddaa38aaa5d1952e1e23f4637244d914abebd328af984a3b8f1072f16916e88afe6def5a01e912f91db97248d064f108e7bc34e69f6382f6ea626f89914cb40254d65c428537e60f52fb0fd5a7cc23ec7b7d24b7d8e9c5de11ce8a30e069abff5a2d21002cc0ad0bb8e98547c314c885b84ca175a661e313c9867e6aeeddcdb341ca49ddcf82f8e1d9501c5d14645f8449591449b25fbd19bd9c60b5f5eca1be80a2269771cd92b446a82fbb1fdfd005da9021e8c44cf8d229b25dd8706510346b136967ba5f339d64f1c98cb745427213df2d109f708d6838384b77675d75105473c2d558b1e1f7629177e6b4b06b7f7adc3e67d1a9a2716affbe97c0073490a665fbc684e38dd1c30921f9cf154925c834a95082ea29c3fcdf70eeeb08ee16b3e442de7fbd736f9b1b87e0f4446650cdd6236ce53435e38fe41af86c9149693a4af32360d5e412ca54954e7943e5c68d2f2122b7011d36bc7a0d33ed42147bf25a7b8252852cddbb4c4d0ba6f54b9e97e6eaeb7efc061b378c7ccd47b95d8b8ac1ce3345c14c7c3a63ab4a73ddc08412fa43a3bced65ea0af997a119b3ec00b845200e1a04e27f9c86f0606aa916e43e679cc6dbfd00a2cbc2158e004d91497dc09e1776ae3364c46a0256168086dabf94d5fd9c114e07d66c6afef34729c6ebaab844a9886f68360c7271fa7542a3fc1374206890a3dc1e47a3b31e918bc90c727f11fb4a8d52ea33b409b5fe6b2450a66ff6b064c9c4da26c8cff9d1c453760cb2548b4311ea354ec1ce3cddcf512150d22ca5acff0e635d4506c9f1c96043b6b1acff45b33faa900548514e1dd9775c08a3eecbfa68f96d18f8e93065c370c5dac6f34c303b5ab0dd8078c656bf67c6832b1a9dc1bcee2d3eb6228f804a0c8741ebd590f623d5aad54d3138c14448bea76d97c8b837dfaaec3d9728e0145a6f3dc8daa3fcb8e619cf3f6e3d9f677ddcfcf9f8e0e3f34e27b6d1ca15a870125f67c8868908b88b5009d9a2c8d249951f3544785ac1fdea43d4f133e433c8a50872a47f95f22758f3ca7e6353cc7220fff36ba367a22d0496c2685d9b34c34623aae5eefa45e9854d02c292ee9665592e5b435ef31cb605470b246fc533d737b90e2956e4022eb6a3b380143c44d733a31c51c518ab4a2281c5282cb2ed24c5e4252bdd87a362a0db44fab63470443c811d8256a1b71d3f6828c54f85dfc33e72228d877b9dbe721a67e70d32552df81a165cb01d102d1bcb9ec98967dd0aa4a9a402e88e0d5dd7760e32fa88df4e212ff326200a748508efa341de7ba2fb8f3be107437cda838b74f866807dee6d437b91f4caf8d9b832f34dbd8182b892c2f95f4f7f25be9e3f9b335cc715b43f57fc4be6c58ca54045081e5192ff535c0a64537a06c4d7fc60958d48cef46845c3e8ac2f91e47ffd21ef94e432505384b8410e0e6f85e63eb3f5f72c11737f722ae3e986e3ee9d10ab9bdc020f23371425f745d1f19257e121079e21a4f5a0f36b0db6aa3ba5ebd99a20a2a6c73e023081ebe7c6da3580e15795f2bf9d6e55ea3739058ebb8063c2a9448e628b41fd7db6bb9319cde4f3a151f372ddc4bbaa2f69ae69d3f2503f77e53be960b9d185cb39ab6ea19fc207457bdc9adba659b9ff5a77d549afe79c71bb1d7cd723c4e92204d3dcf26cd34a1e150d38f490fb55195897decfd33de5d4f1a36de196e5405f331d428541fa3434691074c583d8421f59452479ec40e1accc7e5155eb4760c0c798e82076bbb07aea1a56508a53439b1bb2d2eb42befcb6a64dd32470ae08c2b500b186d28e9c6516f02e0321d2b7d060b43a07ee537835656ac6c142b9e392d292ab6f0feca72861b5747ecae26dcd345b3cbd2bb38f4224f5f8d206d8bd46fbdeb135402ecd44cd659e06f994b1233074568a2e7d63857819fd505bd1319c0de21ff389016ae910ab06205122a757ab12fff10ce99af9e95d18e1a2f892e2e977d7c0b7f47ff61b98bbfe9cfea9b86e56fd34b94b0d2ac74104c68d937d7ee480a2b2d1534a3d4cff17320c940825a42255329423f18a863dd3887a6fbe938c7b24654b71fc57ee588b7a14ec133979497af2a251274f0008d9fe2d61e2e7c8fd480c07fa9eb923dab04cdecb9681f0babf092bea41b86a8d5c34cb2c4fd3d6fcba15671d41872b9eb453a15f1c4b3e46f57c7fac47cf5963adb085d9657ac9bf03b92cacf1b8d098c68ed6f6f83a8e1e7871fbb42cec317f06067d1e3e783287d5428203aff0d8b23ec7c66e1e802fa70d431abf2bee336249d1574c1869643e83c61015bb177a6f450ec3db445c7ff66902e126121684ecad16448937cd4ff1e3f18464cabc00877fbdd743ebfeefa0221265a3ce1916be3e833d9f2e2ba4551dd86a3a2d64bfb900a234e37db5b8e90f5e333415f381da62a3740a11bfe1373b231688c5427ef91b9844249f2842f54e17b68ae9e192d8b8444b9ab74de4e8eb19b5a996a32c9ae37f57e6603c5e9e47f7f4a46b59d69fb1d310c7ed9a54ccad2bdd750857c6a282ec302046a76ab5cc8e534df1322b98804a39e2be506980cc3677b3e0b0dfce293188c8f9bebfee39f0fa0d59be3622eeb2d636b6c0d3773eef2cac2e170787cf905ac1b9592b047318007eb9563eabd7af76cf30d381e02ee0d1b72541df62656aa30e1d781d9e46711a884a2181413187c7a76d16ef2b6578ef884f73cbf86a78f9b2566b288cae0fa413a7efb1f95a85959489e7dda1d6624033e79b7fb5c53717eec25e9ffbe04c55cdbfa67ebc0a5c74667f8a98d7dc985f9d1e269e88fab3c51c61bdd1e029480cb181afa096dabd91d706889f19b5060b3681047a4ed75542f45326a4e21da565c3d45ee430607113d46544bd0050184a3ee1b759edd2bd6719ed92bdaaff414fce008f949a2bfd5cefb4d2228f1b17ff4fa5e08bb61295364d1c389ae3736e889f02e0b8b8cc56926bb0c1bc08fb41ea98c67c98e66ecc7d6cb8a77a92806ad96d", 0x1000}, {&(0x7f0000001280)="aa948f56e61adb364206e4f5f2ff790e931b6e1a765dad8c18867fa58d13eb440889e7382158721e0c411bba48d0077ec0e1fc34689c612d1c7581f3d2ffe896372a89f3fece301254047fa1f0c020f3b315b88eebe4f0226b221bfdc8861c842f58279d23c2f06111e53a16c4cacd37b8c3ff8101dabdbf71b3a3134c9e3f3dfce9b1aeb5d2adadd76d82371f53b1007dd5f629c12c1ba9da4f97c3b9d114f4701ff87cc1ba87df92289317e5d39554908a1d2ecc5e844d60326392bc", 0xbd, 0x5}, {&(0x7f0000001340)="f9cd16ca15117e88af326f22fb17f6c871a6d2a2e83138b943fb5e30ee9a012085fd28181f422e7a9c38233df3a70e5f0300efe555f29c1c4aba7f946b070c7428bd5de0e2c42b3b284fedbb0351ff4523746d282875327d753d395ccde384efe6add4606dc9654dcebf9bb33dc649d57111527f78ca783da8faa63e3580b4737357c90d5c337c09c2635aa94f91568d6617cfafccaa432b789f37f024869699bdcbb6a847ad017e6332292ba1a875c5e394dc79ac32667c474c9174a4cfb22ae67ac9460fe57f9b7dc597f19368123d5dc577c154c71f7b91a4e9468a64b397ff246c4e9175cf4d88f1e902b7cfbff45c0e10559f38a64f214147fbd31b23f40a64be216c87d1eb8c6f56632936aaaff341dac84cc4b114636dc4462884b70f7e77b20823edac8690993d5384143fe33d2a62ebec7d265fda0d4bf8a238650fb01c4b2ec70d4b8aee08219881fec4b6736a0c2ce07159c56625abdc70d6748e603b74bdcd0800e9900b748678057d6862553573634e821e1a25520763fe8251d0b3fbeb46f5625fac757812f6dcfb47f3dd313772f5d9dfc55e20043ddfe73ca8414e11b6b1a0362bf2aeca0b93a10df66a58cf2ec7538f914e7631b488e1961e55b3e9bbc7ecae4c4fca5256a0041ac748a7e5bc90d8519b655bcf1c1d5b100c8ed8cbc6d468103cb2979d5c42f39f7cf046d870ac7397d3a575195ade6de2b74d6f213ada4e6a1aef7800bed39c25cfc8242fd50f9a1d89ccad524ddae55f82a1eeb135cefbd068156e421c1fae793c99218d58bbb16558a48eae737c90019ec509f51380950b337061dc83bf66316d346aab612a9f071a35cf9a7050c8bd838a34223d5efa09f8d647a7f3669ee63532dd5def05c244e4ef3b6321792603658a6e55b592c81e573e6245af725e8651c09951dde211ac192b09e4190351230450bd13fc9d30012eb31924563c250bb1156a7687e82e1573644e7bae8f8287bbcacbc5989415214e2d02b3f8fd5e53a870d52bb3340494a9f38d00d20b1378729156031938999bb5f50fab6072aac228db3da47609ffe1af74a2bb24f3dcb16a32988e86722bd7cafdd017c1d0a4507793c61b53a15796b7ac641dcf71fe839f990f331455ab18e221bd41ba5f184225f9634378554a8c75525cf8a6d0b6ad9da8e8b2032708395641a7467e3371ed0fae1ba92ebacfb64c7a6b35f8a6b471962c56d63332152c777098f9d11a00bcff5d5280e6ef735e77bc1d702caa761d5de83b014a9b8b52dd2242c077605d642dc8765bd2dcf2a32ca336047e14810fa29def605f286d00b53bc38ae2deb9c58d117c9e8556639726da8f89facbcb854625d3377f87d1bf21e8eac6802cf8e4ddf13e2f131bb32f47a03465b27a4f2f06a35b1b201693b009220584dccd520755a3c8c9f8f2185ff9d5f94c8b48ae520476edf356163f2ad35d3fad4ec500d21cc302c755d901bc25412f85a0a367c3a62a7c81e33f50a3e581febabdd38cc5cc477fcbc4eda7467e3ef1d95e167024d0fdc42917e166873f0cefb83b9a6f339ee381595f76bedcdfcb5b0224eb16283a7ecf55837d25e9a6c57b2a0995cc8439ba5b2ce5cd509ff824c3e5d4b67a825dee0f884fe1c0dc74e5fe398fda23b2b67f7693bcfb01e4f76bd1b63c0861fc2937be8adb67e826138e80b9c4e545ef440c49508bff30873585d634daab9c3d4fc134bafc805f5b6e6e8183f099b101b82382c23c41ccb5ae5d4b0c40a72f5e6e4b46f3c2dc390b6da9e6e3d81101a1ef9ff538fe32c3addc13061e872ef0575813b6c46729f4471312f95089b0535f686eec74dc852cb38e22d9ed3dd14cbc9de8889a5c6afa50e927f52883fef60f337c5630b6e7d4fa977381d0c6d14bfe56224a98045e885c3c8de9514b08d998000ea23b3216c315fbe1c813ac174cd966377207cb8a4d89daafe31dd3c93c8ebc009a22f7da13dc950ae24a9c07186b1d49ee708290e532c1b5657e45edf99f7bc13188de996e352ed1dea50a4687c15b9f3279bac53557269fb14feaaef570aa44e0ec44aa1e35a07fc478607956db1b9be27c82a12ba7f8ce7ea74fdb679b9ba1421aaa70dfd7188bdeae2d66b60feaf325cc5ec894a9d8f11dc36c9e0b5c26e5a618d0b58066aea4ae64f75920a33edf0054616b3278e9a09de9fd41f37e69d5b23b1acac11a21a29cf41b553699853ba66cfcad444e9b79e95a1935b52aaddb189cb5109a42f01e8da7a2d22efcb38f9776464998de1c9cf75e9e19d9a1a11fec438b1cbe813236d9759afa5bdd0eed02f852724197733a8f17d8adea689c68ffc7e0cd4773ca093583c03a8de3b939827e62477ef85e94c5a01e28cde5b29c14b25e29d76371b28fc394b511ca9d40ea496a4420ad411d8a1a40797926a4dcf891f079a2142381a1d63b00d630ef7a9a63696994c4fa1caacd0d2cfd909677c8c74ad24124ccbbb3535eca5dc58aab2a91fc6a4c53bd17c56e8851196d8e6087e2c85fad8b15a9a75accce9a3593e46f817fb8db94f42e5e734a3d4865b0872f8b5391f367fdbfd57894997e42409d90aebc7a262f89a3258c8dcc56eebd07fee3adc863f2abe786290148942475f3cfda78ef1b08ebd70165b9a4741d9ca8c896a809f774f123bb7f8c8f7131b558e3536d7f63d1942c866325ee5ac34cfb62de7d7f25d0b94c27cde82569875025035b32da1d309abf31b882b64ac05f0f6938653741156be0648c726a272407fd351911e68613f15b04dbcc6e4d11d83f7c1d602d591c8f0a3136328c53df5d16e3c31c3e027cc4069e75a0778f92318a9c923e7c452acfdd6746d526981ad984e84a582f0502da3139f840586ad886bb34082b6aa07a259bbdcfb41012740cc0d942a7feb6d32ac7f89108c23e447a74d1b32c9dee7c13b9a7bfeca01864009203b22d7f39eb357b672453fc341ae482b83a1e9b513fba675153f344db41e2e2d45cab41723be3c8abf3c80ca5ba091b0b9f90f856caac9a3bf9bfda47b2fd9cfd2901db81e0158f0db8c17f0ddb076794fe1d2e9a85733020a1b85b87dffff2675f8cc2cdc14aa2a641029d4f166268c1b96ccc1c0d4e2867d48ab0b3fd50f785af82fe165eb2633e03a54b0cc943f441c035cf68b849cad09ed5284b5cffdb38ce90a1c5cd561e2109e31cf4f0485cdec39064b1cc86f9895eaf2d5a48cbb308ffd9bc75a3be957d856fa20b4bb7ee3746742f9377b569f5ceae5122071971049e4c4c18e298afb6fe482e36b7500452c9bb4a12da54cc9d3392def22ebe15d73a1cc062e998be87b4ebea31aedbc85a4d856ea305a7e9cfc5efb0c1bec50e14b4a56bef0e567fd6d9a40cb16aa16ac59cbb59cd87e58b2377c16242399f799d8b586b8d4bf80a0d8636073ff7392c2851bbf4427ea0ea07a15140c24d7997165078445d232899bdae6d0e4a45e6fdd51527efb578a8d0cca78a96c1c50931433aa987d408e4508d2078fecd4fa6188d2eb97a7308826de2cb92177dc2212647ae3f99a0fce4cf2ef58d2fec975862b9b64db5727e1a7eec092f4ca345154bb8109ead944c8cb7b10b15faeeba5735ec6e371bd2e0832321f0f096c61349ec07482cfa4285d2b944c23cfc63fb47958f65cca668a7ecc9e6e88b9b0e93ce33c86f07bec6d7e0f3413eab217123b95ba716b762ea32c6ff045cdb84050a33c312b37d8b707d37e0e20f1d5989487af9163f1e45e514aa144f8aeab781bd2b7bac6d9a712cf84edd1d2b3900a7bcad712cc92946e8a0049fc9fa274f6c408a3ddf55d1f4e078fa070f5b9e865aa6d031d135ecca83188b7aecb1f2494f2d28bb5981569a2b984153c394b42f51cbe015d1d333ff5181a320494cfbc0b1caeca4428f093b5b88978f26a44b9ff28429b62565ddda1e142d0570e651150feb8abfc145781a77bc21c0c0eea67f6306add70424ddbbbbe374f38c3cbbc9f73eb1dde56f6c4e7a8443c226c73cfc6009078aac3c1794b38b50a2581aea885863d680641f069173bfc60dd3c905808b56f0acf759d3b98a4cd06a52f16c066a3dd7c15b80d32c05a9c7448574ffe6cfbcf96a0a87e2110225e72daf90614060a3b97f98628b37287ec4611297b9206ed1c27d4467b7ad4b81c4ec11b00a2c2e66d185ab49898b30805f8c54b5e458fd4708e58b64c374f98762c9ccfe0c5f451fb5e4e577a0dbd9da98615491bda3b4f197ed5815da2421102464cb84f7f768f1447ea0293fc04a4a8bb0a680543ab8ebf714f5fd844cb9fb729f3078e40eed6b1c40079ea93bfe47adebb3def59c5af5e95fd4e9352d931f8ced684a8568446c38f011adacb1c3a0340214053b89189e573f0c9ee9df56fcf2268eb9deb9be82304e39ecd6b891975b7e98e54ad720b1c58f36b1d478108d3eb2170216a9c5a1a2a8bd950668051704827668eb5ac0c172c42f939ca50c89cce935750ac5fa18a900b237812496d4df2cefec8dc43ba83848e46408f4df1447aa4a9d33c8b43c058aec4c257d842c74062abcd27c50e7c2789b62ab74bef68063e82f3ae963310b1b9809ef34f2306844d8ea5796a8c019cb2404bc85f084eee7ec3e483e61df6c435af286061c70ee419004849eb316637147c97027614fea55abcdcfc07a4329d669c7f164c4b40281fbcefe3eb5bd9ced75f3682c5389c29a9ca52845c983b143e12b8360c6d47350811d7ad734258209c444adfe3266c07e4e0fc5ec54044299cf15d94568ee8b18cbda59d13ee83855b416c6f4ccbf9ccc64e9fa59c2aa7086d5afcc4c35314efea1bd827aaf7278a6cd9a50c24c790a91bf3231e399729e57349ce1172a504cf3b171726acf01a3553dcacc34b0e6763746da75e62811289c67ebf67cb3a5221a744f1dbe1ea5e9fce3c005b0ca5596c6f897c23cb927a91ef96e8fb11e853b05d7e71509a65c9b16a27b1bf15ada5e18d53a2ab739613fb12eb03be503b4e5017fa65fb710235db1ab11a0d288e15d00f29b31b305859b0ebad155a0a8c0db3e0b8f26cd088329b43b2d3cebec267ecf80072e445e6aa2826515ce4207ebeb162c5a48dc3661700958bb4fa571eb393ed57814e3c978a322320304f748be1767fea3497ed84c19379753629340db8ebc90afe8463c5a283ff35d51c43c7aaa4faa5985554fac0945700add606bc11eb7492726c6e6e7638a54794b1462807b1e96fabb4981f1b1aaf51e7c38131c77dbac8f2b30ed0050dc4213825dcc0c650e1d90b19597eda15e4e3c640609f258391d8bf8e360c04da691ea280ac7ced80d2ee4f183fd2becd9b196149b3beb6f707be2ad0f224f5c4e4d249fb1c539064d0462ff656072aa241536a41af94b5f309fb26e14f316ae49fed18f25fefce788bcc417819bc7fe3671664513972823c46d457989fe149ec1be2a622e1c546b57b9d79ed6047735c687229bbfc6f6d3d7557499aabba3a4cbfbdfc26b165f2dca435a17c8f92ceaeaeca32a66473314c335ce64c4c1012282ff89b82747425d898b8fed9e04d9489d335c8aa44efe1546f5d39f4fd800efea71f46ba434df12a0d5c4ff5aec69f028ce01777e7b23ffca2d5ce7104ec38b80c0cf63e5279f3542b505616919255604f209074f1c68d8c9f818ea743f0874770e1b88993758f1faf79f05a856d9671b40e2ad7584d25f973f5fc88bf59c83207593ad3eec88de20e1ed4d7d11c5a49918195850983c714c2879482777880e12100cb258c01b66d47fbd718db9dc12920a0382597b95c3e01f7f00d1a844", 0x1000, 0x2}], 0x4801, 0x0)

[  352.105039][ T2520] blk_update_request: I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.116158][T10382] EXT4-fs (loop6): unable to read superblock
09:23:04 executing program 3:
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000080)}, 0x20)
r0 = gettid()
r1 = creat(&(0x7f0000000280)='./file0\x00', 0x9c)
write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='#! ./file0'], 0xa)
prctl$PR_SET_PTRACER(0x59616d61, r0)
recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)

[  352.154257][T10385] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
[  352.164823][   T27] audit: type=1804 audit(1582276984.264:157): pid=10383 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/90/file0/bus" dev="loop2" ino=51 res=1
[  352.202593][T10383] attempt to access beyond end of device
09:23:04 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})

[  352.298070][T10383] loop2: rw=2049, want=78, limit=63
[  352.306244][T10383] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  352.318409][   T27] audit: type=1804 audit(1582276984.294:158): pid=10383 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/90/file0/bus" dev="loop2" ino=51 res=1
09:23:04 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)
write(0xffffffffffffffff, &(0x7f0000000600)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e9e688d35a978813c38add66548d7575727ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f", 0xe00)

09:23:04 executing program 1:
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:04 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  352.874555][   T27] audit: type=1804 audit(1582276984.974:159): pid=10417 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/91/file0/bus" dev="loop2" ino=52 res=1
[  352.925705][T10417] attempt to access beyond end of device
[  352.945330][T10417] loop2: rw=2049, want=78, limit=63
[  352.965085][T10417] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  352.982060][   T27] audit: type=1804 audit(1582276985.014:160): pid=10417 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/91/file0/bus" dev="loop2" ino=52 res=1
09:23:05 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socket$netlink(0x10, 0x3, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:05 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})

09:23:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:05 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socket$netlink(0x10, 0x3, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  353.428057][   T27] audit: type=1804 audit(1582276985.534:161): pid=10437 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/92/file0/bus" dev="loop2" ino=53 res=1
[  353.470980][T10437] attempt to access beyond end of device
[  353.512378][T10437] loop2: rw=2049, want=78, limit=63
[  353.526413][   T27] audit: type=1804 audit(1582276985.564:162): pid=10437 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/92/file0/bus" dev="loop2" ino=53 res=1
[  353.550794][T10437] Buffer I/O error on dev loop2, logical block 77, lost async page write
09:23:05 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socket$netlink(0x10, 0x3, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:05 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:07 executing program 3:
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000080)}, 0x20)
r0 = gettid()
r1 = creat(&(0x7f0000000280)='./file0\x00', 0x9c)
write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='#! ./file0'], 0xa)
prctl$PR_SET_PTRACER(0x59616d61, r0)
recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)

09:23:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:07 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:07 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:07 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:07 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  355.615848][T10465] attempt to access beyond end of device
[  355.622027][T10465] loop2: rw=2049, want=78, limit=63
[  355.634619][T10465] Buffer I/O error on dev loop2, logical block 77, lost async page write
09:23:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:08 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:08 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:08 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  356.356651][   T27] kauditd_printk_skb: 5 callbacks suppressed
[  356.356677][   T27] audit: type=1804 audit(1582276988.454:168): pid=10494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/95/file0/bus" dev="loop2" ino=56 res=1
09:23:08 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x2)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r10 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r11 = dup(0xffffffffffffffff)
write$cgroup_int(r11, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r11, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:10 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
getpid()
connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00')
sendfile(r0, r1, 0x0, 0xedc0)
tkill(0x0, 0x0)

09:23:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:10 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:10 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:10 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)

09:23:10 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
r9 = socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r10 = dup(0xffffffffffffffff)
write$cgroup_int(r10, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r10, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000})
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[  358.705080][T10534] syz-executor.3 (10534) used greatest stack depth: 9880 bytes left
[  358.713415][   T27] audit: type=1804 audit(1582276990.804:169): pid=10525 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/96/file0/bus" dev="loop2" ino=57 res=1
09:23:10 executing program 3:
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f00000006c0)=0x2000000000000001, 0x4)
setsockopt$inet_tcp_int(r2, 0x6, 0x2, &(0x7f0000000200)=0x7fff, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0xf087}, 0x14)
splice(r0, 0x0, r2, 0x0, 0x4ffe1, 0x0)

[  358.754869][   T27] audit: type=1804 audit(1582276990.844:170): pid=10525 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/96/file0/bus" dev="loop2" ino=57 res=1
09:23:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:11 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
dup(r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:11 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(0x0, 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  359.261407][   T27] audit: type=1804 audit(1582276991.364:171): pid=10556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/97/file0/bus" dev="loop2" ino=58 res=1
[  359.329255][   T27] audit: type=1804 audit(1582276991.364:172): pid=10556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/97/file0/bus" dev="loop2" ino=58 res=1
09:23:11 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
dup(r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:11 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r9 = dup(0xffffffffffffffff)
write$cgroup_int(r9, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r9, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:11 executing program 3:
socket$inet6(0xa, 0x0, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpid()
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)

09:23:11 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(0x0, 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

[  359.836168][   T27] audit: type=1804 audit(1582276991.934:173): pid=10578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/98/file0/bus" dev="loop2" ino=59 res=1
09:23:12 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)

[  359.910859][   T27] audit: type=1804 audit(1582276991.964:174): pid=10578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/98/file0/bus" dev="loop2" ino=59 res=1
09:23:12 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(0x0, 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:12 executing program 3:
unshare(0x8000400)
wait4(0x0, 0x0, 0x0, 0x0)
tkill(0x0, 0x0)
pipe2$9p(0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000500)='map_files\x00')
fchdir(r0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x568)
fchown(0xffffffffffffffff, 0x0, 0x0)

09:23:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:12 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
dup(r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:12 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:12 executing program 3:
unshare(0x8000400)
wait4(0x0, 0x0, 0x0, 0x0)
tkill(0x0, 0x0)
pipe2$9p(0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000500)='map_files\x00')
fchdir(r0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x568)
fchown(0xffffffffffffffff, 0x0, 0x0)

09:23:12 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r9 = dup(0xffffffffffffffff)
write$cgroup_int(r9, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r9, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000004c0)=0xdc)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[  360.434959][   T27] audit: type=1804 audit(1582276992.534:175): pid=10621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/99/file0/bus" dev="loop2" ino=60 res=1
[  360.532899][   T27] audit: type=1804 audit(1582276992.534:176): pid=10621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/99/file0/bus" dev="loop2" ino=60 res=1
09:23:12 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:12 executing program 3:
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(&(0x7f0000000280)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='ext4\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', 0x0, 0x0, 0x4, &(0x7f0000002340)=[{&(0x7f00000000c0)}, {&(0x7f00000001c0), 0x0, 0x9}, {&(0x7f00000023c0)="89d561bb8f17e3f2c5648dd597325fde737ecbea54e58a5cbe537e549dfe84747122c23d94a135c7d0a61fd4e070a726459f3fe3ba9a08f7e003287b2a914092c36aaed881c9103f8a257186bf9956572d14833f3d125b8d3eab7957218733f76cb351130c4bb2b114e0106b435107f632d7d1cce15aa81828e7e5874b5d4522dabae1962c0f0b3504e4d5fe485294836cfebd3b6b6823b1452ee97b9c0cb7a00ea3111376328408b07854b45b2ca40fe168a2979a45434a9d943f2c6cd48d0aceb2dad8930afeacf968f315c93f33d67448d244408ca789a8bc6e68210049cea6c3c33570262cc6d89efe7155e4632f3998bf3ec4cc5beba4a8b2b805d397601838340df9fc5630b26a3762fadbc0efe8e1b7acb62d698f0b6366e081eeec02b550cdc09760dd058c47c60607c13d51d5e50f8299324c453809e93472d6810838d52b0e460ebd52f5767714fefb0479e970a370f4ceb4f04d05927530ec13c1cde5ce75dc36f4613bcd5733955f27985ed862e03012155b318f9f64da904528ffabb80b2344a64c30dd5579e005474ae4d57ac71dd72d6ab1c0bbcee20ce73334a1ba09d9d858ec26c7dba71de3721d2cb1ccd3a7df48a99242769f8fe115be1d4b7a360ee33fceaa88fd84c9adba833cc0aa456da0ebe24ec6e2d89db2f93186f9d8c669da3e2af7e3a357ed724eebbbbb7cc44f3d5900c6af9079d8f98f0a5497f06b044c89f0039006352b770cbb8e98c575889d40f94cb4fb31c66b7d4d6f99a0ee35bdd6d9389a269bece37e5ccc9ea22d43ed855affb2fee762a49415fbc19df76de9fef0ab5c30235b799084d6ac677abbc279e896fd553f693ca88e4e4b2b3287d8c07954dada29a890ca864099cf235a6793b2b4ba22f53119d399bb2116f78166d9e60250647fd481b68bc73e8f73a52b3c874f58587f0a20970ab492aefb902e16b89022477a6839641448b8e1f81b35669797a01efc2f51daded17dc5d81f59905d8aa2aebaf097d84796ee185c90b7fc68b6900f49e20ecf953d1e56d65478d5efc624c52b2a3135652f4334432f8c8c8359e15e4064a4125d8fcdcef2f7d44509791b64eba57d097173f62f8ab04796268443bd720ab981da6e6970587f8649396140c9c471f941f19641dee17add467f95a702489c35b124208fd4125370b35ef9fd2453ccc6d3cdaebaff62c4c8d5a3985e1436f6f2d9a8bd0aba617611f32c53ce60501a292b916f06f7e25ff167cbddbbba5c18949280d60d596684386d1ff97bc129b66f6ba87ecaa3af29ceab12f0eb85d655568aef60f24dd682637d31fdc76d577b0f99817b5703a3c9441f63bd239878677bfa31f9172ebe2e0f96a265efd4b45c57ea39b6335ef6eb35b4c2ed2907884b36bfd7f34efa3ba137032d460c09f04e2a58b46bb8e574ae81e387b082f2a83712656a07ea4c0e1c8878b24b34897c24d6c23e0f5ca075d1407dd74cf0baf4cdbb3c26bcee2d3d6df01641af82c88620c53cbe9b18aedef86a699700441967776a2ac7eb6e0847bbb8073e6239ffefbaeb216de09c542450ac717a0e8977fc4d5cd128659e2503ae4db9d8349f9440ad03ae6841827f42feb60b3fe04eff26bb97779b2a10f42d9f36caa0650457a73f96f15f1f793a9d5309926cd2f76324ce4b84666a1cc2119928be576e210ee04fe6db619bc86c0898fc4c142f5306d693239de8cca78a8a7b8abe733e984c410832023acbc83a8925c2c24b5d87e406ce30f1a55acc2ae05cc41cb71351a9db0902c1871682c29f66ddbe52859e8b1410e6340d4619b375a2c53a74aaf7fc5be19b27ad23e9e26843832010536a31b9cdfeb493bcd435c0ce629d087afaaaab8ba602d215d54bbdf46a59ccd1becbab95f05a7adcf2ef0356ce5a2fbbc66f4498adcf5a0b20b238d4473c6120c17a6394cc48b13aaf8e4cf896b6ea9572751d7a56cd441e9428d64b45743d1cf1129ef92fdd1dd2b1dbffc947ef6c80aa137020fd890ddd08f16f0ae6b56048684cf4dcf0bb11eef38c8e0d07688c6af64b30eba21932206a7e86d96ecb56b5825705d3298f986b5629e31a8c289fe38fa32100bfb40deec489ea7ce3559b2ff8f465d59bb2d948242fbec192e2bbc61eb19b7539d96f70fe7c53ae07d60ca39828ff3294f1217a63594503e40ebc1af3f60623aa67b06449bd7dbac128f797427064d6dccd20c451a71177da258600271e8d10b7386bc71aca20f583248b318282f5e14b7ef6210f11ecf5f8979fd8dbae1ad5eea4c632c1669e853a560ab2ae6ea756fe17d744582ecec14dfa8795a93d9e39560a570ddb245f8c766e02da4f6742d8b67d8a334cd196c7618623c0e578326336ee79358090d46932dff0b199118bdb4ac5747ce64fac271124179a475706dffe5e9bad4318dc3b7e817615e1f3988cbcca7ed0466e2cd39247fff549c304088291d01beb99279925cc09eee3b65fb8785ade1de3f129204784bb9f87a033fbc7fad15282c183c854ffb4b32a427fe7f99f438c3210167b6c5e452eb27978e50df58de9e66cf2414ff93e0f20ca8a29c1933457eed4390878356790e4837896d81798e9ffdbcdd33925820de42decbe015d9337f2fa27e4123b37dcdb5e8cf7a2d29479e3af78c9b44b1d3e64efbf0009fbeae0e6370863bfae0002af0950437eab3bc027c07151e15d4df1c7620b9dede9c72c429bf3c2297ee8fd85faf3e9da8892607e0ac600202e58e28c900d22beb0cb6b2584e6a2c4629bb621ddaa38aaa5d1952e1e23f4637244d914abebd328af984a3b8f1072f16916e88afe6def5a01e912f91db97248d064f108e7bc34e69f6382f6ea626f89914cb40254d65c428537e60f52fb0fd5a7cc23ec7b7d24b7d8e9c5de11ce8a30e069abff5a2d21002cc0ad0bb8e98547c314c885b84ca175a661e313c9867e6aeeddcdb341ca49ddcf82f8e1d9501c5d14645f8449591449b25fbd19bd9c60b5f5eca1be80a2269771cd92b446a82fbb1fdfd005da9021e8c44cf8d229b25dd8706510346b136967ba5f339d64f1c98cb745427213df2d109f708d6838384b77675d75105473c2d558b1e1f7629177e6b4b06b7f7adc3e67d1a9a2716affbe97c0073490a665fbc684e38dd1c30921f9cf154925c834a95082ea29c3fcdf70eeeb08ee16b3e442de7fbd736f9b1b87e0f4446650cdd6236ce53435e38fe41af86c9149693a4af32360d5e412ca54954e7943e5c68d2f2122b7011d36bc7a0d33ed42147bf25a7b8252852cddbb4c4d0ba6f54b9e97e6eaeb7efc061b378c7ccd47b95d8b8ac1ce3345c14c7c3a63ab4a73ddc08412fa43a3bced65ea0af997a119b3ec00b845200e1a04e27f9c86f0606aa916e43e679cc6dbfd00a2cbc2158e004d91497dc09e1776ae3364c46a0256168086dabf94d5fd9c114e07d66c6afef34729c6ebaab844a9886f68360c7271fa7542a3fc1374206890a3dc1e47a3b31e918bc90c727f11fb4a8d52ea33b409b5fe6b2450a66ff6b064c9c4da26c8cff9d1c453760cb2548b4311ea354ec1ce3cddcf512150d22ca5acff0e635d4506c9f1c96043b6b1acff45b33faa900548514e1dd9775c08a3eecbfa68f96d18f8e93065c370c5dac6f34c303b5ab0dd8078c656bf67c6832b1a9dc1bcee2d3eb6228f804a0c8741ebd590f623d5aad54d3138c14448bea76d97c8b837dfaaec3d9728e0145a6f3dc8daa3fcb8e619cf3f6e3d9f677ddcfcf9f8e0e3f34e27b6d1ca15a870125f67c8868908b88b5009d9a2c8d249951f3544785ac1fdea43d4f133e433c8a50872a47f95f22758f3ca7e6353cc7220fff36ba367a22d0496c2685d9b34c34623aae5eefa45e9854d02c292ee9665592e5b435ef31cb605470b246fc533d737b90e2956e4022eb6a3b380143c44d733a31c51c518ab4a2281c5282cb2ed24c5e4252bdd87a362a0db44fab63470443c811d8256a1b71d3f6828c54f85dfc33e72228d877b9dbe721a67e70d32552df81a165cb01d102d1bcb9ec98967dd0aa4a9a402e88e0d5dd7760e32fa88df4e212ff326200a748508efa341de7ba2fb8f3be107437cda838b74f866807dee6d437b91f4caf8d9b832f34dbd8182b892c2f95f4f7f25be9e3f9b335cc715b43f57fc4be6c58ca54045081e5192ff535c0a64537a06c4d7fc60958d48cef46845c3e8ac2f91e47ffd21ef94e432505384b8410e0e6f85e63eb3f5f72c11737f722ae3e986e3ee9d10ab9bdc020f23371425f745d1f19257e121079e21a4f5a0f36b0db6aa3ba5ebd99a20a2a6c73e023081ebe7c6da3580e15795f2bf9d6e55ea3739058ebb8063c2a9448e628b41fd7db6bb9319cde4f3a151f372ddc4bbaa2f69ae69d3f2503f77e53be960b9d185cb39ab6ea19fc207457bdc9adba659b9ff5a77d549afe79c71bb1d7cd723c4e92204d3dcf26cd34a1e150d38f490fb55195897decfd33de5d4f1a36de196e5405f331d428541fa3434691074c583d8421f59452479ec40e1accc7e5155eb4760c0c798e82076bbb07aea1a56508a53439b1bb2d2eb42befcb6a64dd32470ae08c2b500b186d28e9c6516f02e0321d2b7d060b43a07ee537835656ac6c142b9e392d292ab6f0feca72861b5747ecae26dcd345b3cbd2bb38f4224f5f8d206d8bd46fbdeb135402ecd44cd659e06f994b1233074568a2e7d63857819fd505bd1319c0de21ff389016ae910ab06205122a757ab12fff10ce99af9e95d18e1a2f892e2e977d7c0b7f47ff61b98bbfe9cfea9b86e56fd34b94b0d2ac74104c68d937d7ee480a2b2d1534a3d4cff17320c940825a42255329423f18a863dd3887a6fbe938c7b24654b71fc57ee588b7a14ec133979497af2a251274f0008d9fe2d61e2e7c8fd480c07fa9eb923dab04cdecb9681f0babf092bea", 0xda0}, {&(0x7f0000001280)="aa948f56e61adb364206e4f5f2ff790e931b6e1a765dad8c18867fa58d13eb440889e7382158721e0c411bba48d0077ec0e1fc34689c612d1c7581f3d2ffe896372a89f3fece301254047fa1f0c020f3b315b88eebe4f0226b221bfdc8861c842f58279d23c2f06111e53a16c4cacd37b8c3ff8101dabdbf71b3a3134c9e3f3dfce9b1aeb5d2", 0x86, 0x5}], 0x4801, 0x0)

09:23:12 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  361.021993][ T2520] blk_update_request: I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  361.033056][T10655] EXT4-fs (loop6): unable to read superblock
[  361.052176][   T27] audit: type=1804 audit(1582276993.154:177): pid=10657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/100/file0/bus" dev="loop2" ino=61 res=1
09:23:13 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)

09:23:13 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xffffff77)

09:23:13 executing program 3:
perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0)
open(0x0, 0x0, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}}, {{}, 0x0, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4802, 0x0)

09:23:13 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  361.352014][T10661] cgroup: fork rejected by pids controller in /syz1
[  361.423510][T10667] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  361.493636][T10667] EXT4-fs (loop3): group descriptors corrupted!
09:23:13 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, 0x0, 0x0)

09:23:13 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:13 executing program 3:
perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0)
open(0x0, 0x0, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}}, {{}, 0x0, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4802, 0x0)

09:23:13 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r9 = dup(0xffffffffffffffff)
write$cgroup_int(r9, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:13 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, 0x0, 0x0)

[  361.842407][ T8979] attempt to access beyond end of device
[  361.877632][ T8979] loop2: rw=1, want=78, limit=63
[  361.900459][ T8979] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  361.926224][ T8979] attempt to access beyond end of device
[  361.963403][ T8979] loop2: rw=1, want=79, limit=63
[  362.015658][ T8979] Buffer I/O error on dev loop2, logical block 78, lost async page write
[  362.052562][ T8979] attempt to access beyond end of device
[  362.084582][ T8979] loop2: rw=1, want=80, limit=63
[  362.116101][ T8979] Buffer I/O error on dev loop2, logical block 79, lost async page write
[  362.152586][T10900] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
09:23:14 executing program 1:
socket$inet6(0xa, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300))
sched_setattr(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_type(r0, 0x0, 0x0)

[  362.166098][ T8979] attempt to access beyond end of device
[  362.172297][T10900] EXT4-fs (loop3): group descriptors corrupted!
[  362.183355][ T8979] loop2: rw=1, want=81, limit=63
[  362.207195][ T8979] Buffer I/O error on dev loop2, logical block 80, lost async page write
[  362.225752][ T8979] attempt to access beyond end of device
[  362.276745][ T8979] loop2: rw=1, want=130, limit=63
[  362.302076][ T8979] Buffer I/O error on dev loop2, logical block 129, lost async page write
09:23:14 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000003e80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x10}], 0x10}}], 0x1, 0x0)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5)
sendmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000440)="c4", 0x1}], 0x1}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[{0x18, 0x84, 0x0, "ed"}], 0x18}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="5000000031003806000000000000000000000000100001000c00000008000300000000002c000100100000000900010076000008000300000000000c0000000800030000000000"], 0x50}}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x20000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  362.351701][ T8979] attempt to access beyond end of device
[  362.380734][ T8979] loop2: rw=1, want=131, limit=63
[  362.402680][ T8979] Buffer I/O error on dev loop2, logical block 130, lost async page write
[  362.422400][ T8979] attempt to access beyond end of device
[  362.432647][ T8979] loop2: rw=1, want=132, limit=63
[  362.438048][ T8979] Buffer I/O error on dev loop2, logical block 131, lost async page write
[  362.446969][ T8979] attempt to access beyond end of device
[  362.457767][ T8979] loop2: rw=1, want=133, limit=63
[  362.463380][ T8979] Buffer I/O error on dev loop2, logical block 132, lost async page write
[  362.502375][ T8979] attempt to access beyond end of device
[  362.531332][ T8979] loop2: rw=1, want=142, limit=63
[  362.548420][ T8979] Buffer I/O error on dev loop2, logical block 141, lost async page write
[  362.604334][ T8979] attempt to access beyond end of device
[  362.629990][ T8979] loop2: rw=1, want=143, limit=63
[  362.642836][ T8979] Buffer I/O error on dev loop2, logical block 142, lost async page write
09:23:14 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)

09:23:14 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:14 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9000000012001fff000000002000000000000000", @ANYRES32=0x0, @ANYBLOB="ed01060000000000680012800b000100697036746e6c000058000280080008002c00000004001300060012000001000014000200fe8000000000000000000000000000aa0800080001000000080014002000000014000300ff02000000000000000000000000000108000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="56d5a3faf4ceefd48b8e1a2b6db4fb5e8c27a1c4d7075dc9e6d30db21dbb84e16579d36010d794832fa89c39d6005cc41be50b53ce821aeea7bd857b44793dca6f22a997ba1681c7bbbcfdfbf013a9599c9287b40cb05ae9f6a0e9e012a6996ccb8296061b8e37048e174dcf28a350d61ce725cb104f59fb5334d4db8ac410773100"/142], 0x90}}, 0x0)

[  362.656297][ T8979] attempt to access beyond end of device
[  362.664884][ T8979] loop2: rw=1, want=144, limit=63
[  362.670840][ T8979] attempt to access beyond end of device
[  362.676775][ T8979] loop2: rw=1, want=145, limit=63
[  362.690460][ T8979] attempt to access beyond end of device
09:23:14 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r9 = dup(0xffffffffffffffff)
write$cgroup_int(r9, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[  362.707803][ T8979] loop2: rw=1, want=2793, limit=63
09:23:14 executing program 1:
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x20c800, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000300)={@ipv4={[], [], @rand_addr=0x7135af3f}, 0x8001, 0x0, 0xff, 0x0, 0x2a, 0x20}, &(0x7f0000000340)=0x20)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0)
r5 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0xa00000000000000, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x201, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000e00], 0x0, 0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000766c616e300000000000000000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000000000b8080000b808000030090000616d6f6e670000000000000000000000000000000000000000000000000000002008000000000000140400000c000000000000000aaaaaa900000000000000000000000000000000000000000000000000000000000000000800"/513]}, 0x279)

09:23:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000003e80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x10}], 0x10}}], 0x1, 0x0)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5)
sendmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000440)="c4", 0x1}], 0x1}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[{0x18, 0x84, 0x0, "ed"}], 0x18}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="5000000031003806000000000000000000000000100001000c00000008000300000000002c000100100000000900010076000008000300000000000c0000000800030000000000"], 0x50}}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x20000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  363.109930][   T27] kauditd_printk_skb: 1 callbacks suppressed
[  363.109950][   T27] audit: type=1804 audit(1582276995.214:179): pid=11249 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/101/file0/bus" dev="loop2" ino=62 res=1
[  363.186040][   T27] audit: type=1804 audit(1582276995.264:180): pid=11250 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/101/file0/bus" dev="loop2" ino=62 res=1
09:23:15 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffc}]})
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
utimensat(r0, 0x0, 0x0, 0x0)

09:23:15 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x1})
fcntl$lock(r0, 0x24, &(0x7f0000000080))

[  363.562924][   T27] audit: type=1326 audit(1582276995.664:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=11357 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
[  363.785781][ T8979] attempt to access beyond end of device
[  363.791917][ T8979] loop2: rw=1, want=78, limit=63
[  363.796985][ T8979] attempt to access beyond end of device
[  363.806816][ T8979] loop2: rw=1, want=79, limit=63
[  363.812521][ T8979] attempt to access beyond end of device
[  363.827890][ T8979] loop2: rw=1, want=80, limit=63
[  363.835455][ T8979] attempt to access beyond end of device
[  363.852264][ T8979] loop2: rw=1, want=81, limit=63
[  363.860788][ T8979] attempt to access beyond end of device
[  363.866797][ T8979] loop2: rw=1, want=130, limit=63
[  363.872375][ T8979] attempt to access beyond end of device
[  363.878521][ T8979] loop2: rw=1, want=131, limit=63
[  363.883860][ T8979] attempt to access beyond end of device
[  363.889878][ T8979] loop2: rw=1, want=132, limit=63
[  363.895244][ T8979] attempt to access beyond end of device
[  363.901640][ T8979] loop2: rw=1, want=133, limit=63
[  363.907108][ T8979] attempt to access beyond end of device
[  363.917855][ T8979] loop2: rw=1, want=142, limit=63
[  363.923058][ T8979] attempt to access beyond end of device
[  363.930511][ T8979] loop2: rw=1, want=143, limit=63
[  363.935928][ T8979] attempt to access beyond end of device
[  363.941993][ T8979] loop2: rw=1, want=144, limit=63
[  363.947415][ T8979] attempt to access beyond end of device
[  363.953734][ T8979] loop2: rw=1, want=145, limit=63
[  363.963237][ T8979] attempt to access beyond end of device
[  363.972338][ T8979] loop2: rw=1, want=2257, limit=63
[  363.980025][ T8979] attempt to access beyond end of device
09:23:16 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)

09:23:16 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
r9 = dup(0xffffffffffffffff)
write$cgroup_int(r9, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:16 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000300))

09:23:16 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  363.985940][ T8979] loop2: rw=1, want=2319, limit=63
09:23:16 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000300))

[  364.266195][   T27] audit: type=1804 audit(1582276996.364:182): pid=11386 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/102/file0/bus" dev="loop2" ino=63 res=1
[  364.321672][   T27] audit: type=1326 audit(1582276996.414:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=11357 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45f28a code=0xffff0000
09:23:16 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:16 executing program 3:
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='mountstats\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r0, r1, 0x0, 0x80000008000000b)

09:23:16 executing program 1:
clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
readv(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0xd0, 0x0, 0xd0, 0x0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@ip={@local, @multicast1, 0x0, 0xffffffff, 'veth1_to_team\x00', 'veth1_to_bond\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @dev, 0x0, 0x0, [0x0, 0x0, 0x24]}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x280)

[  364.450559][   T27] audit: type=1804 audit(1582276996.424:184): pid=11390 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/102/file0/bus" dev="loop2" ino=63 res=1
[  364.702017][T11498] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead
[  364.752630][T11498] x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
09:23:16 executing program 3:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10)
poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0)

09:23:17 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:17 executing program 3:
r0 = socket$inet6(0xa, 0x80003, 0x67)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000006440)={0x0, 0x0, &(0x7f0000006400)={&(0x7f0000006240)={0x2c, r2, 0x205, 0x0, 0x0, {0x6}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}]}, 0x2c}}, 0x0)

[  365.100047][  T346] attempt to access beyond end of device
[  365.105925][  T346] loop2: rw=1, want=78, limit=63
[  365.149239][  T346] attempt to access beyond end of device
[  365.154918][  T346] loop2: rw=1, want=79, limit=63
[  365.273704][  T346] attempt to access beyond end of device
[  365.309871][  T346] loop2: rw=1, want=80, limit=63
[  365.314857][  T346] attempt to access beyond end of device
[  365.388764][  T346] loop2: rw=1, want=81, limit=63
[  365.393773][  T346] attempt to access beyond end of device
[  365.433117][T11370] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  365.451855][  T346] loop2: rw=1, want=130, limit=63
[  365.456917][  T346] attempt to access beyond end of device
[  365.462807][T11370] CPU: 1 PID: 11370 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  365.471476][T11370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  365.481574][T11370] Call Trace:
[  365.484924][T11370]  dump_stack+0x11d/0x181
[  365.489330][T11370]  dump_header+0xaa/0x39c
[  365.493757][T11370]  oom_kill_process.cold+0x10/0x15
[  365.498912][T11370]  out_of_memory+0x231/0xa60
[  365.504796][T11370]  mem_cgroup_out_of_memory+0x128/0x150
[  365.506662][  T346] loop2: rw=1, want=131, limit=63
[  365.510355][T11370]  try_charge+0xb6c/0xbf0
[  365.510452][T11370]  mem_cgroup_try_charge+0xd2/0x260
[  365.515447][  T346] attempt to access beyond end of device
[  365.519855][T11370]  mem_cgroup_try_charge_delay+0x3a/0x80
[  365.519931][T11370]  __handle_mm_fault+0x197f/0x2e00
[  365.525814][  T346] loop2: rw=1, want=132, limit=63
[  365.530708][T11370]  ? apic_timer_interrupt+0xa/0x20
[  365.530746][T11370]  handle_mm_fault+0x21b/0x530
[  365.530852][T11370]  __get_user_pages+0x485/0x1130
[  365.536460][  T346] attempt to access beyond end of device
[  365.541605][T11370]  populate_vma_page_range+0xe6/0x100
[  365.541634][T11370]  __mm_populate+0x168/0x2a0
[  365.546669][  T346] loop2: rw=1, want=133, limit=63
[  365.551798][T11370]  __x64_sys_mremap+0x5df/0x750
[  365.551843][T11370]  do_syscall_64+0xcc/0x3a0
[  365.556652][  T346] attempt to access beyond end of device
[  365.561539][T11370]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  365.561551][T11370] RIP: 0033:0x45c449
[  365.561657][T11370] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  365.567234][  T346] loop2: rw=1, want=142, limit=63
[  365.572541][T11370] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  365.572558][T11370] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  365.572567][T11370] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  365.572577][T11370] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  365.572608][T11370] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  365.577188][  T346] attempt to access beyond end of device
[  365.582312][T11370] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  365.590854][T11370] memory: usage 307200kB, limit 307200kB, failcnt 81
[  365.598716][  T346] loop2: rw=1, want=143, limit=63
[  365.603825][T11370] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  365.607391][  T346] attempt to access beyond end of device
[  365.630739][T11370] Memory cgroup stats for /syz4:
[  365.633488][T11370] anon 310214656
[  365.633488][T11370] file 114688
[  365.633488][T11370] kernel_stack 331776
[  365.633488][T11370] slab 659456
[  365.633488][T11370] sock 0
[  365.633488][T11370] shmem 0
[  365.633488][T11370] file_mapped 0
[  365.633488][T11370] file_dirty 0
[  365.633488][T11370] file_writeback 0
[  365.633488][T11370] anon_thp 268435456
[  365.633488][T11370] inactive_anon 256339968
[  365.633488][T11370] active_anon 8187904
[  365.633488][T11370] inactive_file 0
[  365.633488][T11370] active_file 0
[  365.633488][T11370] unevictable 45817856
[  365.633488][T11370] slab_reclaimable 135168
[  365.633488][T11370] slab_unreclaimable 524288
[  365.633488][T11370] pgfault 28281
[  365.633488][T11370] pgmajfault 0
[  365.633488][T11370] workingset_refault 0
[  365.633488][T11370] workingset_activate 0
[  365.633488][T11370] workingset_nodereclaim 0
[  365.633488][T11370] pgrefill 0
[  365.633488][T11370] pgscan 0
[  365.633488][T11370] pgsteal 0
[  365.633488][T11370] pgactivate 0
[  365.640774][  T346] loop2: rw=1, want=144, limit=63
[  365.640802][  T346] attempt to access beyond end of device
[  365.640814][  T346] loop2: rw=1, want=145, limit=63
[  365.644975][  T346] attempt to access beyond end of device
[  365.652480][T11370] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11366,uid=0
[  365.656973][  T346] loop2: rw=1, want=2217, limit=63
[  365.665860][T11370] Memory cgroup out of memory: Killed process 11366 (syz-executor.4) total-vm:74828kB, anon-rss:12952kB, file-rss:55528kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  365.675604][  T346] attempt to access beyond end of device
[  365.874381][  T346] loop2: rw=1, want=2693, limit=63
09:23:18 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)

09:23:18 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:18 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
dup(0xffffffffffffffff)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x80)
lseek(0xffffffffffffffff, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:18 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x2400a480, &(0x7f0000000280)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "f80000005d00c883"}, 0x28)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
sendto$inet6(r0, &(0x7f00000005c0), 0xe0ffffff, 0x0, 0x0, 0xd8)

09:23:18 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  366.458161][    C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
09:23:18 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x80)
lseek(0xffffffffffffffff, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  366.609530][T11632] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  366.621374][T11632] CPU: 1 PID: 11632 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  366.630073][T11632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  366.640213][T11632] Call Trace:
[  366.643509][T11632]  dump_stack+0x11d/0x181
[  366.647911][T11632]  dump_header+0xaa/0x39c
[  366.652253][T11632]  oom_kill_process.cold+0x10/0x15
[  366.657453][T11632]  out_of_memory+0x231/0xa60
[  366.662058][T11632]  mem_cgroup_out_of_memory+0x128/0x150
[  366.667648][T11632]  try_charge+0xb6c/0xbf0
[  366.672191][T11632]  mem_cgroup_try_charge+0xd2/0x260
[  366.677459][T11632]  mem_cgroup_try_charge_delay+0x3a/0x80
[  366.683108][T11632]  __handle_mm_fault+0x197f/0x2e00
[  366.688246][T11632]  handle_mm_fault+0x21b/0x530
[  366.693026][T11632]  __get_user_pages+0x485/0x1130
[  366.697981][T11632]  populate_vma_page_range+0xe6/0x100
[  366.703411][T11632]  __mm_populate+0x168/0x2a0
[  366.708013][T11632]  __x64_sys_mlockall+0x2e3/0x320
[  366.713056][T11632]  do_syscall_64+0xcc/0x3a0
[  366.717619][T11632]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  366.723502][T11632] RIP: 0033:0x45c449
[  366.727405][T11632] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  366.747009][T11632] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  366.755430][T11632] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  366.763430][T11632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  366.771403][T11632] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  366.779377][T11632] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  366.787350][T11632] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  366.800441][T11632] memory: usage 307200kB, limit 307200kB, failcnt 105
[  366.807272][T11632] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  366.815364][T11632] Memory cgroup stats for /syz4:
[  366.815556][T11632] anon 310280192
[  366.815556][T11632] file 114688
[  366.815556][T11632] kernel_stack 368640
[  366.815556][T11632] slab 659456
[  366.815556][T11632] sock 0
[  366.815556][T11632] shmem 0
[  366.815556][T11632] file_mapped 0
[  366.815556][T11632] file_dirty 0
[  366.815556][T11632] file_writeback 0
[  366.815556][T11632] anon_thp 270532608
[  366.815556][T11632] inactive_anon 262483968
09:23:19 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:19 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  366.815556][T11632] active_anon 8187904
[  366.815556][T11632] inactive_file 0
[  366.815556][T11632] active_file 0
[  366.815556][T11632] unevictable 39845888
[  366.815556][T11632] slab_reclaimable 135168
[  366.815556][T11632] slab_unreclaimable 524288
[  366.815556][T11632] pgfault 28941
[  366.815556][T11632] pgmajfault 0
[  366.815556][T11632] workingset_refault 0
[  366.815556][T11632] workingset_activate 0
[  366.815556][T11632] workingset_nodereclaim 0
[  366.815556][T11632] pgrefill 0
[  366.815556][T11632] pgscan 0
[  366.815556][T11632] pgsteal 0
[  366.815556][T11632] pgactivate 0
[  366.912337][T11632] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9919,uid=0
[  366.928380][T11632] Memory cgroup out of memory: Killed process 9919 (syz-executor.4) total-vm:74960kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000
[  366.966775][  T696] oom_reaper: reaped process 9919 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
09:23:19 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:19 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:19 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(0xffffffffffffffff, 0x80)
lseek(0xffffffffffffffff, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:19 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:19 executing program 3:
r0 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
listen(r0, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
connect$unix(r1, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x0)

09:23:19 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:19 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
socket(0x1000000010, 0x400000400080803, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:19 executing program 0:
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:20 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:20 executing program 3:
pipe2(0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0xfe16)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0)
close(0xffffffffffffffff)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@broadcast, @in=@broadcast}}, {{@in=@remote}}}, 0x0)
setuid(0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
close(r0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000740)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
ioctl$TIOCGDEV(r0, 0x80045432, 0x0)

09:23:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  368.046854][T11700] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  368.112998][T11700] CPU: 0 PID: 11700 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  368.122039][T11700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  368.132217][T11700] Call Trace:
[  368.135526][T11700]  dump_stack+0x11d/0x181
[  368.139929][T11700]  dump_header+0xaa/0x39c
[  368.144423][T11700]  oom_kill_process.cold+0x10/0x15
[  368.149548][T11700]  out_of_memory+0x231/0xa60
[  368.154211][T11700]  mem_cgroup_out_of_memory+0x128/0x150
[  368.159794][T11700]  try_charge+0xb6c/0xbf0
[  368.164179][T11700]  mem_cgroup_try_charge+0xd2/0x260
[  368.169410][T11700]  mem_cgroup_try_charge_delay+0x3a/0x80
[  368.175063][T11700]  __handle_mm_fault+0x197f/0x2e00
[  368.180263][T11700]  handle_mm_fault+0x21b/0x530
[  368.185040][T11700]  __get_user_pages+0x485/0x1130
[  368.190111][T11700]  populate_vma_page_range+0xe6/0x100
[  368.195523][T11700]  __mm_populate+0x168/0x2a0
[  368.200171][T11700]  __x64_sys_mlockall+0x2e3/0x320
[  368.205236][T11700]  do_syscall_64+0xcc/0x3a0
[  368.209752][T11700]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  368.215656][T11700] RIP: 0033:0x45c449
[  368.219567][T11700] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  368.239231][T11700] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  368.247755][T11700] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  368.255868][T11700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
09:23:20 executing program 0:
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:20 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:20 executing program 3:
pipe2(0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0xfe16)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0)
close(0xffffffffffffffff)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@broadcast, @in=@broadcast}}, {{@in=@remote}}}, 0x0)
setuid(0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
close(r0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000740)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
ioctl$TIOCGDEV(r0, 0x80045432, 0x0)

[  368.263836][T11700] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  368.271825][T11700] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  368.279811][T11700] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  368.326822][   T27] audit: type=1804 audit(1582277000.424:185): pid=11712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/106/bus" dev="sda1" ino=16659 res=1
09:23:20 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  368.424592][   T27] audit: type=1804 audit(1582277000.464:186): pid=11712 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/106/bus" dev="sda1" ino=16659 res=1
09:23:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:20 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  368.513900][T11700] memory: usage 307200kB, limit 307200kB, failcnt 162
[  368.522117][T11700] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  368.534585][T11700] Memory cgroup stats for /syz4:
[  368.534899][T11700] anon 310337536
[  368.534899][T11700] file 114688
[  368.534899][T11700] kernel_stack 331776
[  368.534899][T11700] slab 659456
[  368.534899][T11700] sock 0
[  368.534899][T11700] shmem 0
[  368.534899][T11700] file_mapped 0
[  368.534899][T11700] file_dirty 0
[  368.534899][T11700] file_writeback 0
[  368.534899][T11700] anon_thp 274726912
[  368.534899][T11700] inactive_anon 261513216
[  368.534899][T11700] active_anon 6971392
[  368.534899][T11700] inactive_file 0
[  368.534899][T11700] active_file 0
[  368.534899][T11700] unevictable 42078208
[  368.534899][T11700] slab_reclaimable 135168
[  368.534899][T11700] slab_unreclaimable 524288
[  368.534899][T11700] pgfault 31119
[  368.534899][T11700] pgmajfault 0
[  368.534899][T11700] workingset_refault 0
[  368.534899][T11700] workingset_activate 0
[  368.534899][T11700] workingset_nodereclaim 0
[  368.534899][T11700] pgrefill 0
[  368.534899][T11700] pgscan 0
[  368.534899][T11700] pgsteal 0
[  368.534899][T11700] pgactivate 0
[  368.658589][T11700] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11678,uid=0
[  368.687384][T11700] Memory cgroup out of memory: Killed process 11678 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  368.725397][   T27] audit: type=1804 audit(1582277000.824:187): pid=11730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/107/bus" dev="sda1" ino=16643 res=1
[  368.753616][   T27] audit: type=1804 audit(1582277000.854:188): pid=11730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/107/bus" dev="sda1" ino=16643 res=1
[  369.155666][T11700] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  369.165886][T11700] CPU: 1 PID: 11700 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  369.174705][T11700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  369.184743][T11700] Call Trace:
[  369.188023][T11700]  dump_stack+0x11d/0x181
[  369.192498][T11700]  dump_header+0xaa/0x39c
[  369.196859][T11700]  oom_kill_process.cold+0x10/0x15
[  369.201968][T11700]  out_of_memory+0x231/0xa60
[  369.206897][T11700]  mem_cgroup_out_of_memory+0x128/0x150
[  369.212445][T11700]  try_charge+0xb6c/0xbf0
[  369.216787][T11700]  mem_cgroup_try_charge+0xd2/0x260
[  369.222056][T11700]  mem_cgroup_try_charge_delay+0x3a/0x80
[  369.227834][T11700]  __handle_mm_fault+0x197f/0x2e00
[  369.234382][T11700]  handle_mm_fault+0x21b/0x530
[  369.239220][T11700]  __get_user_pages+0x485/0x1130
[  369.244370][T11700]  populate_vma_page_range+0xe6/0x100
[  369.249742][T11700]  __mm_populate+0x168/0x2a0
[  369.254360][T11700]  __x64_sys_mremap+0x5df/0x750
[  369.259210][T11700]  do_syscall_64+0xcc/0x3a0
[  369.263846][T11700]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  369.269737][T11700] RIP: 0033:0x45c449
[  369.273622][T11700] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  369.293215][T11700] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  369.301666][T11700] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  369.309651][T11700] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  369.317658][T11700] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  369.325632][T11700] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  369.333669][T11700] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  369.342643][T11700] memory: usage 307200kB, limit 307200kB, failcnt 220
[  369.349494][T11700] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  369.356339][T11700] Memory cgroup stats for /syz4:
[  369.356446][T11700] anon 310300672
[  369.356446][T11700] file 114688
[  369.356446][T11700] kernel_stack 368640
[  369.356446][T11700] slab 794624
[  369.356446][T11700] sock 0
[  369.356446][T11700] shmem 0
[  369.356446][T11700] file_mapped 0
[  369.356446][T11700] file_dirty 0
[  369.356446][T11700] file_writeback 0
[  369.356446][T11700] anon_thp 272629760
[  369.356446][T11700] inactive_anon 255373312
[  369.356446][T11700] active_anon 6971392
[  369.356446][T11700] inactive_file 0
[  369.356446][T11700] active_file 0
[  369.356446][T11700] unevictable 48050176
[  369.356446][T11700] slab_reclaimable 135168
[  369.356446][T11700] slab_unreclaimable 659456
[  369.356446][T11700] pgfault 32538
[  369.356446][T11700] pgmajfault 0
[  369.356446][T11700] workingset_refault 0
[  369.356446][T11700] workingset_activate 0
[  369.356446][T11700] workingset_nodereclaim 0
[  369.356446][T11700] pgrefill 0
[  369.356446][T11700] pgscan 0
[  369.356446][T11700] pgsteal 0
[  369.356446][T11700] pgactivate 0
[  369.453606][T11700] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11693,uid=0
[  369.469340][T11700] Memory cgroup out of memory: Killed process 11700 (syz-executor.4) total-vm:74828kB, anon-rss:12972kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  369.487289][  T696] oom_reaper: reaped process 11700 (syz-executor.4), now anon-rss:13068kB, file-rss:56420kB, shmem-rss:0kB
09:23:21 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:21 executing program 0:
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:21 executing program 3:

09:23:21 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
socket(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:21 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  369.702613][   T27] audit: type=1804 audit(1582277001.804:189): pid=11748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/108/bus" dev="sda1" ino=16897 res=1
[  369.812142][T11758] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  369.834019][T11758] CPU: 1 PID: 11758 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  369.842805][T11758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  369.852980][T11758] Call Trace:
[  369.856362][T11758]  dump_stack+0x11d/0x181
[  369.860716][T11758]  dump_header+0xaa/0x39c
[  369.865060][T11758]  oom_kill_process.cold+0x10/0x15
[  369.869079][   T27] audit: type=1804 audit(1582277001.804:190): pid=11748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/108/bus" dev="sda1" ino=16897 res=1
[  369.870267][T11758]  out_of_memory+0x231/0xa60
[  369.899060][T11758]  mem_cgroup_out_of_memory+0x128/0x150
[  369.904666][T11758]  try_charge+0xb6c/0xbf0
09:23:22 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  369.909039][T11758]  mem_cgroup_try_charge+0xd2/0x260
[  369.914372][T11758]  mem_cgroup_try_charge_delay+0x3a/0x80
[  369.920055][T11758]  __handle_mm_fault+0x197f/0x2e00
[  369.925208][T11758]  handle_mm_fault+0x21b/0x530
[  369.930007][T11758]  __get_user_pages+0x485/0x1130
[  369.934993][T11758]  populate_vma_page_range+0xe6/0x100
[  369.940388][T11758]  __mm_populate+0x168/0x2a0
[  369.945000][T11758]  __x64_sys_mlockall+0x2e3/0x320
[  369.950262][T11758]  do_syscall_64+0xcc/0x3a0
[  369.954773][T11758]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  369.960669][T11758] RIP: 0033:0x45c449
[  369.964752][T11758] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  369.984468][T11758] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  369.992883][T11758] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  370.000860][T11758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
09:23:22 executing program 3:

[  370.008869][T11758] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  370.017050][T11758] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  370.025080][T11758] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  370.042956][T11758] memory: usage 307200kB, limit 307200kB, failcnt 260
[  370.057853][T11758] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  370.070243][   T27] audit: type=1804 audit(1582277002.174:191): pid=11767 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/109/bus" dev="sda1" ino=16754 res=1
[  370.080737][T11758] Memory cgroup stats for /syz4:
[  370.080965][T11758] anon 310415360
[  370.080965][T11758] file 114688
[  370.080965][T11758] kernel_stack 368640
[  370.080965][T11758] slab 794624
09:23:22 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  370.080965][T11758] sock 0
[  370.080965][T11758] shmem 0
[  370.080965][T11758] file_mapped 0
[  370.080965][T11758] file_dirty 0
[  370.080965][T11758] file_writeback 0
[  370.080965][T11758] anon_thp 274726912
[  370.080965][T11758] inactive_anon 261410816
[  370.080965][T11758] active_anon 6971392
[  370.080965][T11758] inactive_file 0
[  370.080965][T11758] active_file 0
[  370.080965][T11758] unevictable 42176512
[  370.080965][T11758] slab_reclaimable 135168
[  370.080965][T11758] slab_unreclaimable 659456
[  370.080965][T11758] pgfault 33231
[  370.080965][T11758] pgmajfault 0
[  370.080965][T11758] workingset_refault 0
[  370.080965][T11758] workingset_activate 0
[  370.080965][T11758] workingset_nodereclaim 0
[  370.080965][T11758] pgrefill 0
[  370.080965][T11758] pgscan 0
[  370.080965][T11758] pgsteal 0
[  370.080965][T11758] pgactivate 0
[  370.203479][T11758] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11740,uid=0
09:23:22 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:22 executing program 3:

[  370.267825][   T27] audit: type=1804 audit(1582277002.294:192): pid=11810 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/109/bus" dev="sda1" ino=16754 res=1
[  370.304144][T11758] Memory cgroup out of memory: Killed process 11740 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  370.329831][  T696] oom_reaper: reaped process 11740 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[  370.760145][T11758] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  370.770501][T11758] CPU: 0 PID: 11758 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  370.779176][T11758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  370.789375][T11758] Call Trace:
[  370.792692][T11758]  dump_stack+0x11d/0x181
[  370.797009][T11758]  dump_header+0xaa/0x39c
[  370.801328][T11758]  oom_kill_process.cold+0x10/0x15
[  370.806517][T11758]  out_of_memory+0x231/0xa60
[  370.811099][T11758]  mem_cgroup_out_of_memory+0x128/0x150
[  370.816634][T11758]  try_charge+0xb6c/0xbf0
[  370.820960][T11758]  mem_cgroup_try_charge+0xd2/0x260
[  370.826147][T11758]  mem_cgroup_try_charge_delay+0x3a/0x80
[  370.831812][T11758]  __handle_mm_fault+0x197f/0x2e00
[  370.837000][T11758]  handle_mm_fault+0x21b/0x530
[  370.841797][T11758]  __get_user_pages+0x485/0x1130
[  370.846876][T11758]  populate_vma_page_range+0xe6/0x100
[  370.852314][T11758]  __mm_populate+0x168/0x2a0
[  370.856894][T11758]  __x64_sys_mremap+0x5df/0x750
[  370.861736][T11758]  do_syscall_64+0xcc/0x3a0
[  370.866237][T11758]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  370.872111][T11758] RIP: 0033:0x45c449
[  370.876039][T11758] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  370.895744][T11758] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  370.904212][T11758] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  370.912228][T11758] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  370.920307][T11758] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  370.928484][T11758] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  370.936539][T11758] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  370.945764][T11758] memory: usage 307200kB, limit 307200kB, failcnt 309
[  370.952551][T11758] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  370.959448][T11758] Memory cgroup stats for /syz4:
[  370.959708][T11758] anon 310300672
[  370.959708][T11758] file 114688
[  370.959708][T11758] kernel_stack 331776
[  370.959708][T11758] slab 794624
[  370.959708][T11758] sock 0
[  370.959708][T11758] shmem 0
[  370.959708][T11758] file_mapped 0
[  370.959708][T11758] file_dirty 0
[  370.959708][T11758] file_writeback 0
[  370.959708][T11758] anon_thp 272629760
[  370.959708][T11758] inactive_anon 255303680
[  370.959708][T11758] active_anon 6971392
[  370.959708][T11758] inactive_file 0
[  370.959708][T11758] active_file 0
[  370.959708][T11758] unevictable 48050176
[  370.959708][T11758] slab_reclaimable 135168
[  370.959708][T11758] slab_unreclaimable 659456
[  370.959708][T11758] pgfault 34683
[  370.959708][T11758] pgmajfault 0
[  370.959708][T11758] workingset_refault 0
[  370.959708][T11758] workingset_activate 0
[  370.959708][T11758] workingset_nodereclaim 0
[  370.959708][T11758] pgrefill 0
[  370.959708][T11758] pgscan 0
[  370.959708][T11758] pgsteal 0
[  370.959708][T11758] pgactivate 0
[  371.056530][T11758] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11757,uid=0
[  371.072302][T11758] Memory cgroup out of memory: Killed process 11758 (syz-executor.4) total-vm:74828kB, anon-rss:12972kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  371.090482][  T696] oom_reaper: reaped process 11758 (syz-executor.4), now anon-rss:13056kB, file-rss:56420kB, shmem-rss:0kB
09:23:23 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:23 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:23 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:23 executing program 3:

09:23:23 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:23 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
socket$inet6(0xa, 0x80003, 0x6b)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:23 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:23 executing program 3:

09:23:23 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
socket$inet6(0xa, 0x80003, 0x6b)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  371.477536][   T27] audit: type=1804 audit(1582277003.574:193): pid=11839 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/110/bus" dev="sda1" ino=16916 res=1
09:23:23 executing program 3:

09:23:23 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
socket$inet6(0xa, 0x80003, 0x6b)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  371.663401][   T27] audit: type=1804 audit(1582277003.614:194): pid=11839 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/110/bus" dev="sda1" ino=16916 res=1
[  371.681977][T11847] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  371.702550][T11847] CPU: 1 PID: 11847 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  371.711328][T11847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  371.721400][T11847] Call Trace:
[  371.724715][T11847]  dump_stack+0x11d/0x181
[  371.729079][T11847]  dump_header+0xaa/0x39c
[  371.733417][T11847]  oom_kill_process.cold+0x10/0x15
[  371.738551][T11847]  out_of_memory+0x231/0xa60
[  371.743237][T11847]  mem_cgroup_out_of_memory+0x128/0x150
[  371.748843][T11847]  try_charge+0xb6c/0xbf0
[  371.753217][T11847]  mem_cgroup_try_charge+0xd2/0x260
[  371.758442][T11847]  mem_cgroup_try_charge_delay+0x3a/0x80
[  371.764165][T11847]  __handle_mm_fault+0x197f/0x2e00
[  371.769353][T11847]  handle_mm_fault+0x21b/0x530
[  371.774183][T11847]  __get_user_pages+0x485/0x1130
[  371.779150][T11847]  populate_vma_page_range+0xe6/0x100
[  371.784551][T11847]  __mm_populate+0x168/0x2a0
[  371.789154][T11847]  __x64_sys_mlockall+0x2e3/0x320
[  371.794195][T11847]  do_syscall_64+0xcc/0x3a0
[  371.798815][T11847]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  371.804713][T11847] RIP: 0033:0x45c449
[  371.808654][T11847] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  371.828265][T11847] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  371.836689][T11847] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  371.845225][T11847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  371.853202][T11847] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  371.861194][T11847] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  371.869174][T11847] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  371.893085][T11847] memory: usage 307200kB, limit 307200kB, failcnt 318
[  371.900012][T11847] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  371.907079][T11847] Memory cgroup stats for /syz4:
[  371.907219][T11847] anon 310415360
[  371.907219][T11847] file 114688
[  371.907219][T11847] kernel_stack 331776
[  371.907219][T11847] slab 794624
[  371.907219][T11847] sock 0
[  371.907219][T11847] shmem 0
[  371.907219][T11847] file_mapped 0
[  371.907219][T11847] file_dirty 0
[  371.907219][T11847] file_writeback 0
[  371.907219][T11847] anon_thp 274726912
[  371.907219][T11847] inactive_anon 261382144
[  371.907219][T11847] active_anon 6971392
[  371.907219][T11847] inactive_file 0
[  371.907219][T11847] active_file 0
[  371.907219][T11847] unevictable 42303488
[  371.907219][T11847] slab_reclaimable 135168
[  371.907219][T11847] slab_unreclaimable 659456
[  371.907219][T11847] pgfault 35343
[  371.907219][T11847] pgmajfault 0
[  371.907219][T11847] workingset_refault 0
[  371.907219][T11847] workingset_activate 0
[  371.907219][T11847] workingset_nodereclaim 0
[  371.907219][T11847] pgrefill 0
[  371.907219][T11847] pgscan 0
[  371.907219][T11847] pgsteal 0
[  371.907219][T11847] pgactivate 0
[  372.004012][T11847] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11827,uid=0
[  372.035062][T11847] Memory cgroup out of memory: Killed process 11827 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  372.343877][T11847] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  372.354139][T11847] CPU: 1 PID: 11847 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  372.362850][T11847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  372.373033][T11847] Call Trace:
[  372.376351][T11847]  dump_stack+0x11d/0x181
[  372.380677][T11847]  dump_header+0xaa/0x39c
[  372.385130][T11847]  oom_kill_process.cold+0x10/0x15
[  372.390239][T11847]  out_of_memory+0x231/0xa60
[  372.394855][T11847]  mem_cgroup_out_of_memory+0x128/0x150
[  372.400469][T11847]  try_charge+0xb6c/0xbf0
[  372.404906][T11847]  mem_cgroup_try_charge+0xd2/0x260
[  372.410107][T11847]  mem_cgroup_try_charge_delay+0x3a/0x80
[  372.415777][T11847]  __handle_mm_fault+0x197f/0x2e00
[  372.420968][T11847]  handle_mm_fault+0x21b/0x530
[  372.425732][T11847]  __get_user_pages+0x485/0x1130
[  372.430669][T11847]  populate_vma_page_range+0xe6/0x100
[  372.436069][T11847]  __mm_populate+0x168/0x2a0
[  372.440671][T11847]  __x64_sys_mremap+0x5df/0x750
[  372.445528][T11847]  do_syscall_64+0xcc/0x3a0
[  372.450026][T11847]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  372.455979][T11847] RIP: 0033:0x45c449
[  372.459868][T11847] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  372.479463][T11847] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  372.487867][T11847] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  372.495853][T11847] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  372.503854][T11847] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  372.511819][T11847] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  372.519794][T11847] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  372.528572][T11847] memory: usage 307200kB, limit 307200kB, failcnt 375
[  372.535343][T11847] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  372.542302][T11847] Memory cgroup stats for /syz4:
[  372.542528][T11847] anon 310321152
[  372.542528][T11847] file 114688
[  372.542528][T11847] kernel_stack 368640
[  372.542528][T11847] slab 794624
[  372.542528][T11847] sock 0
[  372.542528][T11847] shmem 0
[  372.542528][T11847] file_mapped 0
[  372.542528][T11847] file_dirty 0
[  372.542528][T11847] file_writeback 0
[  372.542528][T11847] anon_thp 272629760
[  372.542528][T11847] inactive_anon 255356928
[  372.542528][T11847] active_anon 6971392
[  372.542528][T11847] inactive_file 0
[  372.542528][T11847] active_file 0
[  372.542528][T11847] unevictable 48050176
[  372.542528][T11847] slab_reclaimable 135168
[  372.542528][T11847] slab_unreclaimable 659456
[  372.542528][T11847] pgfault 36795
[  372.542528][T11847] pgmajfault 0
[  372.542528][T11847] workingset_refault 0
[  372.542528][T11847] workingset_activate 0
[  372.542528][T11847] workingset_nodereclaim 0
[  372.542528][T11847] pgrefill 0
[  372.542528][T11847] pgscan 0
[  372.542528][T11847] pgsteal 0
[  372.542528][T11847] pgactivate 0
[  372.639166][T11847] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11844,uid=0
[  372.654751][T11847] Memory cgroup out of memory: Killed process 11847 (syz-executor.4) total-vm:74828kB, anon-rss:12972kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  372.672632][  T696] oom_reaper: reaped process 11847 (syz-executor.4), now anon-rss:13044kB, file-rss:56420kB, shmem-rss:0kB
09:23:24 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:24 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:24 executing program 3:

09:23:24 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:24 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:25 executing program 3:

09:23:25 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  372.981349][T11882] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  372.991704][T11882] CPU: 1 PID: 11882 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  373.000386][T11882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  373.010453][T11882] Call Trace:
[  373.013840][T11882]  dump_stack+0x11d/0x181
[  373.018196][T11882]  dump_header+0xaa/0x39c
[  373.022611][T11882]  oom_kill_process.cold+0x10/0x15
[  373.027768][T11882]  out_of_memory+0x231/0xa60
[  373.032389][T11882]  mem_cgroup_out_of_memory+0x128/0x150
[  373.037968][T11882]  try_charge+0xb6c/0xbf0
[  373.043180][T11882]  mem_cgroup_try_charge+0xd2/0x260
[  373.048488][T11882]  mem_cgroup_try_charge_delay+0x3a/0x80
[  373.054220][T11882]  __handle_mm_fault+0x197f/0x2e00
[  373.059564][T11882]  handle_mm_fault+0x21b/0x530
[  373.064410][T11882]  __get_user_pages+0x485/0x1130
[  373.069411][T11882]  populate_vma_page_range+0xe6/0x100
[  373.074849][T11882]  __mm_populate+0x168/0x2a0
[  373.079488][T11882]  __x64_sys_mlockall+0x2e3/0x320
[  373.084537][T11882]  do_syscall_64+0xcc/0x3a0
[  373.089073][T11882]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  373.095078][T11882] RIP: 0033:0x45c449
[  373.098991][T11882] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  373.118726][T11882] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
09:23:25 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:25 executing program 3:

[  373.127147][T11882] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  373.135141][T11882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  373.143129][T11882] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  373.151111][T11882] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  373.159088][T11882] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  373.175393][T11882] memory: usage 307200kB, limit 307200kB, failcnt 397
[  373.182461][T11882] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  373.194372][T11882] Memory cgroup stats for /syz4:
[  373.194547][T11882] anon 310415360
[  373.194547][T11882] file 114688
[  373.194547][T11882] kernel_stack 331776
[  373.194547][T11882] slab 794624
[  373.194547][T11882] sock 0
[  373.194547][T11882] shmem 0
[  373.194547][T11882] file_mapped 0
[  373.194547][T11882] file_dirty 0
[  373.194547][T11882] file_writeback 0
[  373.194547][T11882] anon_thp 274726912
[  373.194547][T11882] inactive_anon 261373952
[  373.194547][T11882] active_anon 6971392
[  373.194547][T11882] inactive_file 0
[  373.194547][T11882] active_file 0
[  373.194547][T11882] unevictable 42172416
[  373.194547][T11882] slab_reclaimable 135168
[  373.194547][T11882] slab_unreclaimable 659456
[  373.194547][T11882] pgfault 37488
[  373.194547][T11882] pgmajfault 0
[  373.194547][T11882] workingset_refault 0
[  373.194547][T11882] workingset_activate 0
[  373.194547][T11882] workingset_nodereclaim 0
[  373.194547][T11882] pgrefill 0
09:23:25 executing program 3:

09:23:25 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  373.194547][T11882] pgscan 0
[  373.194547][T11882] pgsteal 0
[  373.194547][T11882] pgactivate 0
[  373.293420][T11882] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11871,uid=0
[  373.309463][T11882] Memory cgroup out of memory: Killed process 11871 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  373.658456][T11882] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  373.689788][T11882] CPU: 0 PID: 11882 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  373.698505][T11882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  373.708703][T11882] Call Trace:
[  373.712008][T11882]  dump_stack+0x11d/0x181
[  373.716473][T11882]  dump_header+0xaa/0x39c
[  373.721099][T11882]  oom_kill_process.cold+0x10/0x15
[  373.726264][T11882]  out_of_memory+0x231/0xa60
[  373.730882][T11882]  mem_cgroup_out_of_memory+0x128/0x150
[  373.736439][T11882]  try_charge+0xb6c/0xbf0
[  373.740805][T11882]  mem_cgroup_try_charge+0xd2/0x260
[  373.746010][T11882]  mem_cgroup_try_charge_delay+0x3a/0x80
[  373.751643][T11882]  __handle_mm_fault+0x197f/0x2e00
[  373.756921][T11882]  handle_mm_fault+0x21b/0x530
[  373.761743][T11882]  __get_user_pages+0x485/0x1130
[  373.766688][T11882]  populate_vma_page_range+0xe6/0x100
[  373.772092][T11882]  __mm_populate+0x168/0x2a0
[  373.776680][T11882]  __x64_sys_mremap+0x5df/0x750
[  373.781611][T11882]  do_syscall_64+0xcc/0x3a0
[  373.786128][T11882]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  373.792171][T11882] RIP: 0033:0x45c449
[  373.796057][T11882] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  373.815654][T11882] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  373.824218][T11882] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  373.832804][T11882] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  373.840867][T11882] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  373.848865][T11882] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  373.856842][T11882] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  373.866581][T11882] memory: usage 307128kB, limit 307200kB, failcnt 445
[  373.873629][T11882] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  373.880943][T11882] Memory cgroup stats for /syz4:
[  373.881168][T11882] anon 310165504
[  373.881168][T11882] file 114688
[  373.881168][T11882] kernel_stack 368640
[  373.881168][T11882] slab 794624
[  373.881168][T11882] sock 0
[  373.881168][T11882] shmem 0
[  373.881168][T11882] file_mapped 0
[  373.881168][T11882] file_dirty 0
[  373.881168][T11882] file_writeback 0
[  373.881168][T11882] anon_thp 272629760
[  373.881168][T11882] inactive_anon 255352832
[  373.881168][T11882] active_anon 6971392
[  373.881168][T11882] inactive_file 0
[  373.881168][T11882] active_file 0
[  373.881168][T11882] unevictable 48050176
[  373.881168][T11882] slab_reclaimable 135168
[  373.881168][T11882] slab_unreclaimable 659456
[  373.881168][T11882] pgfault 38907
[  373.881168][T11882] pgmajfault 0
[  373.881168][T11882] workingset_refault 0
[  373.881168][T11882] workingset_activate 0
[  373.881168][T11882] workingset_nodereclaim 0
[  373.881168][T11882] pgrefill 0
[  373.881168][T11882] pgscan 0
[  373.881168][T11882] pgsteal 0
[  373.881168][T11882] pgactivate 0
[  373.979159][T11882] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11879,uid=0
[  373.994715][T11882] Memory cgroup out of memory: Killed process 11882 (syz-executor.4) total-vm:74828kB, anon-rss:12972kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  374.012975][  T696] oom_reaper: reaped process 11882 (syz-executor.4), now anon-rss:12968kB, file-rss:56420kB, shmem-rss:0kB
09:23:26 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:26 executing program 3:

09:23:26 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:26 executing program 2:
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:26 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:26 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x2)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:26 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:26 executing program 3:

[  374.298196][   T27] kauditd_printk_skb: 2 callbacks suppressed
[  374.298217][   T27] audit: type=1804 audit(1582277006.404:197): pid=11925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/112/bus" dev="sda1" ino=16932 res=1
[  374.375473][   T27] audit: type=1804 audit(1582277006.444:198): pid=11925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/112/bus" dev="sda1" ino=16932 res=1
[  374.453349][T11928] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  374.464138][T11928] CPU: 0 PID: 11928 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  374.472838][T11928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  374.482945][T11928] Call Trace:
[  374.486244][T11928]  dump_stack+0x11d/0x181
[  374.490604][T11928]  dump_header+0xaa/0x39c
[  374.494981][T11928]  oom_kill_process.cold+0x10/0x15
[  374.500275][T11928]  out_of_memory+0x231/0xa60
[  374.504891][T11928]  mem_cgroup_out_of_memory+0x128/0x150
[  374.510474][T11928]  try_charge+0xb6c/0xbf0
[  374.514834][T11928]  mem_cgroup_try_charge+0xd2/0x260
[  374.520045][T11928]  mem_cgroup_try_charge_delay+0x3a/0x80
[  374.525730][T11928]  __handle_mm_fault+0x197f/0x2e00
[  374.530884][T11928]  handle_mm_fault+0x21b/0x530
[  374.535706][T11928]  __get_user_pages+0x485/0x1130
[  374.540686][T11928]  populate_vma_page_range+0xe6/0x100
[  374.546272][T11928]  __mm_populate+0x168/0x2a0
[  374.551065][T11928]  __x64_sys_mlockall+0x2e3/0x320
[  374.556135][T11928]  do_syscall_64+0xcc/0x3a0
[  374.560736][T11928]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  374.566645][T11928] RIP: 0033:0x45c449
[  374.570559][T11928] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  374.590256][T11928] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  374.598821][T11928] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  374.606791][T11928] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  374.615294][T11928] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  374.623266][T11928] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  374.631245][T11928] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  374.642042][T11928] memory: usage 307200kB, limit 307200kB, failcnt 455
[  374.648880][T11928] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  374.655726][T11928] Memory cgroup stats for /syz4:
[  374.655879][T11928] anon 310427648
[  374.655879][T11928] file 114688
[  374.655879][T11928] kernel_stack 368640
[  374.655879][T11928] slab 794624
[  374.655879][T11928] sock 0
[  374.655879][T11928] shmem 0
[  374.655879][T11928] file_mapped 0
[  374.655879][T11928] file_dirty 0
[  374.655879][T11928] file_writeback 0
[  374.655879][T11928] anon_thp 274726912
[  374.655879][T11928] inactive_anon 261435392
[  374.655879][T11928] active_anon 6971392
09:23:26 executing program 3:

[  374.655879][T11928] inactive_file 0
[  374.655879][T11928] active_file 0
[  374.655879][T11928] unevictable 42303488
[  374.655879][T11928] slab_reclaimable 135168
[  374.655879][T11928] slab_unreclaimable 659456
[  374.655879][T11928] pgfault 39600
[  374.655879][T11928] pgmajfault 0
[  374.655879][T11928] workingset_refault 0
[  374.655879][T11928] workingset_activate 0
[  374.655879][T11928] workingset_nodereclaim 0
[  374.655879][T11928] pgrefill 0
[  374.655879][T11928] pgscan 0
[  374.655879][T11928] pgsteal 0
[  374.655879][T11928] pgactivate 0
09:23:26 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r1 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  374.792088][T11928] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11902,uid=0
[  374.811283][T11928] Memory cgroup out of memory: Killed process 11902 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
09:23:27 executing program 2:
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:27 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  374.880275][  T696] oom_reaper: reaped process 11902 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[  375.125356][   T27] audit: type=1804 audit(1582277007.224:199): pid=12044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/113/bus" dev="sda1" ino=16609 res=1
[  375.188685][   T27] audit: type=1804 audit(1582277007.254:200): pid=12044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/113/bus" dev="sda1" ino=16609 res=1
[  375.345053][T11928] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  375.355294][T11928] CPU: 0 PID: 11928 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  375.364115][T11928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  375.374409][T11928] Call Trace:
[  375.377709][T11928]  dump_stack+0x11d/0x181
[  375.382108][T11928]  dump_header+0xaa/0x39c
[  375.386519][T11928]  oom_kill_process.cold+0x10/0x15
[  375.391681][T11928]  out_of_memory+0x231/0xa60
[  375.396425][T11928]  mem_cgroup_out_of_memory+0x128/0x150
[  375.402098][T11928]  try_charge+0xb6c/0xbf0
[  375.406446][T11928]  mem_cgroup_try_charge+0xd2/0x260
[  375.411661][T11928]  mem_cgroup_try_charge_delay+0x3a/0x80
[  375.417360][T11928]  __handle_mm_fault+0x197f/0x2e00
[  375.422610][T11928]  handle_mm_fault+0x21b/0x530
[  375.427405][T11928]  __get_user_pages+0x485/0x1130
[  375.432367][T11928]  populate_vma_page_range+0xe6/0x100
[  375.437788][T11928]  __mm_populate+0x168/0x2a0
[  375.442389][T11928]  __x64_sys_mremap+0x5df/0x750
[  375.447248][T11928]  do_syscall_64+0xcc/0x3a0
[  375.451925][T11928]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  375.457806][T11928] RIP: 0033:0x45c449
[  375.461768][T11928] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  375.481651][T11928] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  375.490223][T11928] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  375.498199][T11928] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  375.506245][T11928] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  375.514326][T11928] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  375.522290][T11928] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  375.531666][T11928] memory: usage 307200kB, limit 307200kB, failcnt 516
[  375.538490][T11928] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  375.545465][T11928] Memory cgroup stats for /syz4:
[  375.545597][T11928] anon 310317056
[  375.545597][T11928] file 114688
[  375.545597][T11928] kernel_stack 368640
[  375.545597][T11928] slab 794624
[  375.545597][T11928] sock 0
[  375.545597][T11928] shmem 0
[  375.545597][T11928] file_mapped 0
[  375.545597][T11928] file_dirty 0
[  375.545597][T11928] file_writeback 0
[  375.545597][T11928] anon_thp 272629760
[  375.545597][T11928] inactive_anon 255434752
[  375.545597][T11928] active_anon 6971392
[  375.545597][T11928] inactive_file 0
[  375.545597][T11928] active_file 0
[  375.545597][T11928] unevictable 48050176
[  375.545597][T11928] slab_reclaimable 135168
[  375.545597][T11928] slab_unreclaimable 659456
[  375.545597][T11928] pgfault 41052
[  375.545597][T11928] pgmajfault 0
[  375.545597][T11928] workingset_refault 0
[  375.545597][T11928] workingset_activate 0
[  375.545597][T11928] workingset_nodereclaim 0
[  375.545597][T11928] pgrefill 0
[  375.545597][T11928] pgscan 0
[  375.545597][T11928] pgsteal 0
[  375.545597][T11928] pgactivate 0
[  375.643577][T11928] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11926,uid=0
[  375.659263][T11928] Memory cgroup out of memory: Killed process 11926 (syz-executor.4) total-vm:74828kB, anon-rss:12952kB, file-rss:55528kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  375.677257][  T696] oom_reaper: reaped process 11926 (syz-executor.4), now anon-rss:13044kB, file-rss:56420kB, shmem-rss:0kB
09:23:27 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:27 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r1 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:27 executing program 3:

09:23:27 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:27 executing program 2:
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:27 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:28 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r1 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  375.894795][   T27] audit: type=1804 audit(1582277007.994:201): pid=12056 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/114/bus" dev="sda1" ino=16769 res=1
09:23:28 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:28 executing program 3:

[  375.987789][   T27] audit: type=1804 audit(1582277007.994:202): pid=12056 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/114/bus" dev="sda1" ino=16769 res=1
09:23:28 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  376.147603][T12063] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  376.158792][T12063] CPU: 0 PID: 12063 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  376.167664][T12063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  376.177895][T12063] Call Trace:
[  376.181200][T12063]  dump_stack+0x11d/0x181
[  376.185567][T12063]  dump_header+0xaa/0x39c
[  376.189962][T12063]  oom_kill_process.cold+0x10/0x15
[  376.195114][T12063]  out_of_memory+0x231/0xa60
[  376.199796][T12063]  mem_cgroup_out_of_memory+0x128/0x150
[  376.205418][T12063]  try_charge+0xb6c/0xbf0
[  376.209791][T12063]  mem_cgroup_try_charge+0xd2/0x260
[  376.215013][T12063]  mem_cgroup_try_charge_delay+0x3a/0x80
[  376.220668][T12063]  __handle_mm_fault+0x197f/0x2e00
[  376.223046][   T27] audit: type=1804 audit(1582277008.324:203): pid=12073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/115/file0/bus" dev="sda1" ino=16564 res=1
[  376.225828][T12063]  handle_mm_fault+0x21b/0x530
[  376.255771][T12063]  __get_user_pages+0x485/0x1130
[  376.260736][T12063]  populate_vma_page_range+0xe6/0x100
[  376.266571][T12063]  __mm_populate+0x168/0x2a0
[  376.271187][T12063]  __x64_sys_mlockall+0x2e3/0x320
[  376.276232][T12063]  do_syscall_64+0xcc/0x3a0
[  376.280840][T12063]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  376.286749][T12063] RIP: 0033:0x45c449
[  376.290808][T12063] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  376.310421][T12063] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  376.318843][T12063] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  376.326826][T12063] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  376.334804][T12063] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
09:23:28 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:28 executing program 3:

[  376.342777][T12063] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  376.350761][T12063] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  376.386984][T12063] memory: usage 307192kB, limit 307200kB, failcnt 540
[  376.403041][T12063] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  376.415406][   T27] audit: type=1804 audit(1582277008.474:204): pid=12073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/115/file0/bus" dev="sda1" ino=16564 res=1
[  376.434394][T12063] Memory cgroup stats for /syz4:
[  376.434552][T12063] anon 310415360
[  376.434552][T12063] file 114688
[  376.434552][T12063] kernel_stack 368640
[  376.434552][T12063] slab 794624
[  376.434552][T12063] sock 0
[  376.434552][T12063] shmem 0
[  376.434552][T12063] file_mapped 0
[  376.434552][T12063] file_dirty 0
[  376.434552][T12063] file_writeback 0
[  376.434552][T12063] anon_thp 274726912
[  376.434552][T12063] inactive_anon 261451776
[  376.434552][T12063] active_anon 6971392
[  376.434552][T12063] inactive_file 0
[  376.434552][T12063] active_file 0
[  376.434552][T12063] unevictable 42082304
[  376.434552][T12063] slab_reclaimable 135168
[  376.434552][T12063] slab_unreclaimable 659456
[  376.434552][T12063] pgfault 41712
[  376.434552][T12063] pgmajfault 0
[  376.434552][T12063] workingset_refault 0
[  376.434552][T12063] workingset_activate 0
[  376.434552][T12063] workingset_nodereclaim 0
[  376.434552][T12063] pgrefill 0
[  376.434552][T12063] pgscan 0
[  376.434552][T12063] pgsteal 0
[  376.434552][T12063] pgactivate 0
[  376.555967][T12063] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12046,uid=0
[  376.590398][T12063] Memory cgroup out of memory: Killed process 12046 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  376.837482][T12063] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  376.848081][T12063] CPU: 1 PID: 12063 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  376.856758][T12063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  376.867099][T12063] Call Trace:
[  376.870431][T12063]  dump_stack+0x11d/0x181
[  376.874876][T12063]  dump_header+0xaa/0x39c
[  376.879257][T12063]  oom_kill_process.cold+0x10/0x15
[  376.884365][T12063]  out_of_memory+0x231/0xa60
[  376.889117][T12063]  mem_cgroup_out_of_memory+0x128/0x150
[  376.894848][T12063]  try_charge+0xb6c/0xbf0
[  376.899208][T12063]  mem_cgroup_try_charge+0xd2/0x260
[  376.904418][T12063]  mem_cgroup_try_charge_delay+0x3a/0x80
[  376.910073][T12063]  __handle_mm_fault+0x197f/0x2e00
[  376.915365][T12063]  handle_mm_fault+0x21b/0x530
[  376.920308][T12063]  __get_user_pages+0x485/0x1130
[  376.925254][T12063]  populate_vma_page_range+0xe6/0x100
[  376.930729][T12063]  __mm_populate+0x168/0x2a0
[  376.935344][T12063]  __x64_sys_mremap+0x5df/0x750
[  376.940204][T12063]  do_syscall_64+0xcc/0x3a0
[  376.944784][T12063]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  376.950778][T12063] RIP: 0033:0x45c449
[  376.954661][T12063] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  376.975395][T12063] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  376.983971][T12063] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  376.992076][T12063] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  377.000040][T12063] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  377.008027][T12063] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  377.016549][T12063] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  377.025118][T12063] memory: usage 307200kB, limit 307200kB, failcnt 613
[  377.032478][T12063] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  377.039806][T12063] Memory cgroup stats for /syz4:
[  377.039987][T12063] anon 310321152
[  377.039987][T12063] file 114688
[  377.039987][T12063] kernel_stack 368640
[  377.039987][T12063] slab 794624
[  377.039987][T12063] sock 0
[  377.039987][T12063] shmem 0
[  377.039987][T12063] file_mapped 0
[  377.039987][T12063] file_dirty 0
[  377.039987][T12063] file_writeback 0
[  377.039987][T12063] anon_thp 272629760
[  377.039987][T12063] inactive_anon 255352832
[  377.039987][T12063] active_anon 6971392
[  377.039987][T12063] inactive_file 0
[  377.039987][T12063] active_file 0
[  377.039987][T12063] unevictable 48050176
[  377.039987][T12063] slab_reclaimable 135168
[  377.039987][T12063] slab_unreclaimable 659456
[  377.039987][T12063] pgfault 43164
[  377.039987][T12063] pgmajfault 0
[  377.039987][T12063] workingset_refault 0
[  377.039987][T12063] workingset_activate 0
[  377.039987][T12063] workingset_nodereclaim 0
[  377.039987][T12063] pgrefill 0
[  377.039987][T12063] pgscan 0
[  377.039987][T12063] pgsteal 0
[  377.039987][T12063] pgactivate 0
[  377.141609][T12063] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12059,uid=0
[  377.157268][T12063] Memory cgroup out of memory: Killed process 12059 (syz-executor.4) total-vm:74828kB, anon-rss:12952kB, file-rss:55528kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  377.175205][  T696] oom_reaper: reaped process 12059 (syz-executor.4), now anon-rss:12964kB, file-rss:56420kB, shmem-rss:0kB
09:23:29 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:29 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:29 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:29 executing program 3:

09:23:29 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:29 executing program 3:

09:23:29 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x48}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)=@in={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080), 0xc, 0x0}, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0xffffffe9, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000002f000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  377.540482][   T27] audit: type=1804 audit(1582277009.644:205): pid=12114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/116/file0/bus" dev="sda1" ino=16520 res=1
[  377.620610][T12100] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  377.632448][   T27] audit: type=1804 audit(1582277009.674:206): pid=12114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/116/file0/bus" dev="sda1" ino=16520 res=1
09:23:29 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  377.711796][T12100] CPU: 0 PID: 12100 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  377.720694][T12100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  377.730891][T12100] Call Trace:
[  377.734279][T12100]  dump_stack+0x11d/0x181
[  377.738641][T12100]  dump_header+0xaa/0x39c
[  377.742994][T12100]  oom_kill_process.cold+0x10/0x15
[  377.748318][T12100]  out_of_memory+0x231/0xa60
[  377.752941][T12100]  mem_cgroup_out_of_memory+0x128/0x150
[  377.758803][T12100]  try_charge+0xb6c/0xbf0
[  377.763250][T12100]  mem_cgroup_try_charge+0xd2/0x260
[  377.768521][T12100]  mem_cgroup_try_charge_delay+0x3a/0x80
[  377.774189][T12100]  __handle_mm_fault+0x197f/0x2e00
[  377.779409][T12100]  handle_mm_fault+0x21b/0x530
[  377.784199][T12100]  __get_user_pages+0x485/0x1130
[  377.789175][T12100]  populate_vma_page_range+0xe6/0x100
[  377.794572][T12100]  __mm_populate+0x168/0x2a0
[  377.799179][T12100]  __x64_sys_mlockall+0x2e3/0x320
[  377.804228][T12100]  do_syscall_64+0xcc/0x3a0
[  377.808798][T12100]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  377.814738][T12100] RIP: 0033:0x45c449
[  377.818648][T12100] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  377.839562][T12100] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  377.848642][T12100] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
09:23:29 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  377.856623][T12100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  377.864639][T12100] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  377.872625][T12100] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  377.880611][T12100] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  377.898167][T12100] memory: usage 307200kB, limit 307200kB, failcnt 662
[  377.905903][T12100] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
09:23:30 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  377.913531][T12100] Memory cgroup stats for /syz4:
[  377.932992][T12100] anon 310345728
[  377.932992][T12100] file 114688
[  377.932992][T12100] kernel_stack 368640
[  377.932992][T12100] slab 794624
[  377.932992][T12100] sock 0
[  377.932992][T12100] shmem 0
[  377.932992][T12100] file_mapped 0
[  377.932992][T12100] file_dirty 0
[  377.932992][T12100] file_writeback 0
[  377.932992][T12100] anon_thp 274726912
[  377.932992][T12100] inactive_anon 261386240
[  377.932992][T12100] active_anon 6971392
[  377.932992][T12100] inactive_file 0
[  377.932992][T12100] active_file 0
[  377.932992][T12100] unevictable 42127360
[  377.932992][T12100] slab_reclaimable 135168
[  377.932992][T12100] slab_unreclaimable 659456
[  377.932992][T12100] pgfault 43824
[  377.932992][T12100] pgmajfault 0
[  377.932992][T12100] workingset_refault 0
[  377.932992][T12100] workingset_activate 0
[  377.932992][T12100] workingset_nodereclaim 0
[  377.932992][T12100] pgrefill 0
[  377.932992][T12100] pgscan 0
[  377.932992][T12100] pgsteal 0
[  377.932992][T12100] pgactivate 0
09:23:30 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  378.052957][T12100] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12092,uid=0
[  378.068544][T12100] Memory cgroup out of memory: Killed process 12092 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  378.110919][  T696] oom_reaper: reaped process 12092 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB
[  378.589976][T12100] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  378.600335][T12100] CPU: 1 PID: 12100 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  378.609044][T12100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  378.620063][T12100] Call Trace:
[  378.623420][T12100]  dump_stack+0x11d/0x181
[  378.627861][T12100]  dump_header+0xaa/0x39c
[  378.632464][T12100]  oom_kill_process.cold+0x10/0x15
[  378.637582][T12100]  out_of_memory+0x231/0xa60
[  378.642284][T12100]  mem_cgroup_out_of_memory+0x128/0x150
[  378.647836][T12100]  try_charge+0xb6c/0xbf0
[  378.652397][T12100]  mem_cgroup_try_charge+0xd2/0x260
[  378.657701][T12100]  mem_cgroup_try_charge_delay+0x3a/0x80
[  378.663468][T12100]  __handle_mm_fault+0x197f/0x2e00
[  378.668588][T12100]  handle_mm_fault+0x21b/0x530
[  378.673567][T12100]  __get_user_pages+0x485/0x1130
[  378.678691][T12100]  populate_vma_page_range+0xe6/0x100
[  378.684072][T12100]  __mm_populate+0x168/0x2a0
[  378.688656][T12100]  __x64_sys_mremap+0x5df/0x750
[  378.693556][T12100]  do_syscall_64+0xcc/0x3a0
[  378.698238][T12100]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  378.704118][T12100] RIP: 0033:0x45c449
[  378.708080][T12100] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  378.727677][T12100] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  378.736249][T12100] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  378.744251][T12100] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  378.752537][T12100] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  378.761024][T12100] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  378.769335][T12100] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  378.777940][T12100] memory: usage 307200kB, limit 307200kB, failcnt 707
[  378.784698][T12100] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  378.791695][T12100] Memory cgroup stats for /syz4:
[  378.791873][T12100] anon 310292480
[  378.791873][T12100] file 114688
[  378.791873][T12100] kernel_stack 331776
[  378.791873][T12100] slab 794624
[  378.791873][T12100] sock 0
[  378.791873][T12100] shmem 0
[  378.791873][T12100] file_mapped 0
[  378.791873][T12100] file_dirty 0
[  378.791873][T12100] file_writeback 0
[  378.791873][T12100] anon_thp 272629760
[  378.791873][T12100] inactive_anon 255430656
[  378.791873][T12100] active_anon 6971392
[  378.791873][T12100] inactive_file 0
[  378.791873][T12100] active_file 0
[  378.791873][T12100] unevictable 48050176
[  378.791873][T12100] slab_reclaimable 135168
[  378.791873][T12100] slab_unreclaimable 659456
[  378.791873][T12100] pgfault 45309
[  378.791873][T12100] pgmajfault 0
[  378.791873][T12100] workingset_refault 0
[  378.791873][T12100] workingset_activate 0
[  378.791873][T12100] workingset_nodereclaim 0
[  378.791873][T12100] pgrefill 0
[  378.791873][T12100] pgscan 0
[  378.791873][T12100] pgsteal 0
[  378.791873][T12100] pgactivate 0
[  378.888979][T12100] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12098,uid=0
[  378.905528][T12100] Memory cgroup out of memory: Killed process 12100 (syz-executor.4) total-vm:74828kB, anon-rss:12972kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  378.923717][  T696] oom_reaper: reaped process 12100 (syz-executor.4), now anon-rss:13068kB, file-rss:56420kB, shmem-rss:0kB
09:23:31 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:31 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:31 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000140)={0x4, 0x8, 0xfa00, {r2}}, 0x10)

09:23:31 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:31 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r1 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:31 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:31 executing program 3:
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f00000006c0)=0x2000000000000001, 0x4)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='veth1_to_team\x00', 0x10)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000140)=0x140000916, 0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x2, &(0x7f0000000200)=0x7fff, 0x4)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000001280)="8cf8454bc55d37f38007350757404a406e0e63c0d9176ef6a0d6f45d9e9f972f823ab0f94ce9607aa28715542fe852b454a1a5da5d5968ad4265a6e5eac2dccca677e3d63a991502021ff2aea5180b990e13e8c9cc10ceb88f317967838ee1d67f072c1c81a7c29d3332574146b7e2447c06c45bbc479884562d32f377f00205c5141b35fafe3abcffe9d948a5287ae3a39b1f0cafad4b9420d89c8d4a1510a0b858e31801fe3550477cbab283cb268ecdfaee0579ea2693e6864364887549111fc4c2da971c6e871d364e33161b41c03cb72af0469981a80d2de910e8e22447c214afe5382fd8fb83c4ddd19fbc391c9104138efff442449a2a213bc131dc40bf612c9763cc181b940438c6f8bcf2c16d066f55bee0d3ad993097b8c9e7086c7cc12e65e080dc6128eb08efe42888fefb1eec6d608916af22003b2b3adbba0fcdfdffc83b1bf87d5a4ce5e89c861459ac5e28fb728ebc26482810d1beffbad06253b07d766210b2a00b4f5dbd51fef55aa7a86ca0a1ad99d83958712b489de7ffc3139072062c73009986ec250b85634b912407fd3074a22a4a9d459a84a40888f509c040424d64a4cc9b5701bb69de4d84b26802b779d1d7193f5121b3eed97166d0fcae78ea68d9c3333466e43d1a92f39389677bc3ca847e514a4eebd2f0369a5557a54c11174e5375a3600e43fee08705896580f6c9a69265a3c37e868e94fd3f92a13e1d6604d500bd7b01ab4dc70c25a791f943edb2afc022e054720c316d6fe63c88e45afb56387af66708bc1f9fba7bdb174e22df35d205313596c7ccd9b2c6013af8c8699f806cc3c4264d42bf4294fa30207013edc606bdde1da052f1aaee58a9823d2d7e2f6811093f29dec6138995e559b1889569eefc558180300aa0f455011c5020ed8d885a7dfdf288a59d71e9dab46fd9a77f71ae02d72cdb2f675ea0133277c11df9425ea51db31b70bed5d00ffbdd951d341fe6e292e8e579a13310c455ad032f5b850903f86ae036c28d4447fd41960bb7ab2469ea022eae298d88a138c3b35ec7f673c8cf768c56a60405f1e032f0eae1bfb870affb57c3a006879bd03d456044e86ee90d53898202b97cc8d204ec473a8933c412cb1189e6bcc30080602300e2d63e2114aec45b5db680be30f187e466205d1aaecbd1cf84f3aab312d2e6bc0671c26b5228cbe067b2ba447e93f28adb419d9f04e5ae6e57a560124cb5754cbca3c3b0a08aa6c14769cf2b571b6ec437f8501a76bcea0c2bf40a7147829d91854e1784547c9e1d77017e6bb13e505c18c763148dcaef876ed98ce2580fbbbe8f1bf7c25c848b042ad9ed5d397b9fd2efb84219767f06cbed3538e1c19be8e57af271e4d8ec908de642d5be5d2de75ca086cea6eaf82df4c6349471bbfddb1cf7dcb6aacd369453b527befd43630e51a4617a18d0576b9516e647525584ff8b42e27b224efc80092ca2be016ca85785b2659b5cc37eba5a7fb1326731abc7207ca16e70dfa5bfa5134d3887ca05df754b31c211124b4819b2030292d57e45fc87c62fa0198f52d658ea73a07cb8644b5fc9f049f9e6250a7209f0d8aa8268f247574349eccbf1d416e99fa3fffe65356f9cf835bcd1f816a883f2b3855272a63f2d6058d7955ba587060b589426b76f96b683ad4c205651e3793b76341aded1c9db8c8a62cf8a321b680aad536bfc81c54cfa1463ae7535f282836f9a67facf3a01c1814254451a55821a91934a3052d47747f26508f630823b43f10f7e1b74e4fb03cb98739dcb65af0f48e094a45a8ea6df8dd7a865fbb2563bf07405810893020798cbecc82a6be7f5422feba133ab28c40d0b3476213d3d6714af6fd7b20abb6894c6a4b47ce7c4f92fa8c8b77ecba00a58730d53e8339cef714a7e63a66cbef991879ea2ef1eb7f4e3c4c56926bc4037de9c7153f3dde08543dec219a934cdb3fd9d826928c4ef8476f2826844220849513ed2c3dc97caa37c7b4314b56004d3e7dca17a1c5614fe55d891d9e9200423ff480caebe0de4802d55cc284123a50d37d8c69c480e24a9", 0x5b5}], 0x1, 0x0)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0xf087}, 0x14)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

09:23:31 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r1 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  379.374928][T12274] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  379.431533][T12274] CPU: 0 PID: 12274 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  379.440941][T12274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  379.451008][T12274] Call Trace:
[  379.454425][T12274]  dump_stack+0x11d/0x181
[  379.458822][T12274]  dump_header+0xaa/0x39c
[  379.463178][T12274]  oom_kill_process.cold+0x10/0x15
[  379.468418][T12274]  out_of_memory+0x231/0xa60
[  379.473180][T12274]  mem_cgroup_out_of_memory+0x128/0x150
09:23:31 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r1 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  379.478782][T12274]  try_charge+0xb6c/0xbf0
[  379.483155][T12274]  mem_cgroup_try_charge+0xd2/0x260
[  379.488480][T12274]  mem_cgroup_try_charge_delay+0x3a/0x80
[  379.494142][T12274]  __handle_mm_fault+0x197f/0x2e00
[  379.499339][T12274]  handle_mm_fault+0x21b/0x530
[  379.504134][T12274]  __get_user_pages+0x485/0x1130
[  379.509133][T12274]  populate_vma_page_range+0xe6/0x100
[  379.514837][T12274]  __mm_populate+0x168/0x2a0
[  379.519600][T12274]  __x64_sys_mlockall+0x2e3/0x320
[  379.524649][T12274]  do_syscall_64+0xcc/0x3a0
[  379.529285][T12274]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  379.535352][T12274] RIP: 0033:0x45c449
[  379.539290][T12274] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  379.559037][T12274] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  379.567652][T12274] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
09:23:31 executing program 3:
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x1600bd61, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="08418330e91000105ab071")
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x410000, 0x8, 0x210000, 0x8}, 0x1c)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080), 0x10)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4)

[  379.575723][T12274] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  379.583804][T12274] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  379.591820][T12274] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  379.599891][T12274] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  379.625008][T12274] memory: usage 307200kB, limit 307200kB, failcnt 763
[  379.640328][T12274] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  379.641039][   T27] kauditd_printk_skb: 2 callbacks suppressed
[  379.641059][   T27] audit: type=1804 audit(1582277011.744:209): pid=12293 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/119/bus" dev="sda1" ino=16952 res=1
[  379.650334][T12274] Memory cgroup stats for /syz4:
[  379.650580][T12274] anon 310370304
[  379.650580][T12274] file 114688
[  379.650580][T12274] kernel_stack 331776
[  379.650580][T12274] slab 794624
[  379.650580][T12274] sock 0
[  379.650580][T12274] shmem 0
[  379.650580][T12274] file_mapped 0
[  379.650580][T12274] file_dirty 0
[  379.650580][T12274] file_writeback 0
[  379.650580][T12274] anon_thp 274726912
[  379.650580][T12274] inactive_anon 261472256
[  379.650580][T12274] active_anon 6836224
[  379.650580][T12274] inactive_file 0
[  379.650580][T12274] active_file 0
[  379.650580][T12274] unevictable 42303488
[  379.650580][T12274] slab_reclaimable 135168
[  379.650580][T12274] slab_unreclaimable 659456
[  379.650580][T12274] pgfault 45969
[  379.650580][T12274] pgmajfault 0
[  379.650580][T12274] workingset_refault 0
[  379.650580][T12274] workingset_activate 0
[  379.650580][T12274] workingset_nodereclaim 0
[  379.650580][T12274] pgrefill 0
[  379.650580][T12274] pgscan 0
[  379.650580][T12274] pgsteal 0
[  379.650580][T12274] pgactivate 0
[  379.705185][   T27] audit: type=1804 audit(1582277011.754:210): pid=12293 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/119/bus" dev="sda1" ino=16952 res=1
[  379.923293][T12274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12250,uid=0
[  379.939155][T12274] Memory cgroup out of memory: Killed process 12250 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  379.985797][  T696] oom_reaper: reaped process 12250 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[  380.367083][T12274] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  380.377463][T12274] CPU: 1 PID: 12274 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  380.386538][T12274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  380.396599][T12274] Call Trace:
[  380.399950][T12274]  dump_stack+0x11d/0x181
[  380.404330][T12274]  dump_header+0xaa/0x39c
[  380.408685][T12274]  oom_kill_process.cold+0x10/0x15
[  380.413929][T12274]  out_of_memory+0x231/0xa60
[  380.418545][T12274]  mem_cgroup_out_of_memory+0x128/0x150
[  380.424234][T12274]  try_charge+0xb6c/0xbf0
[  380.428658][T12274]  mem_cgroup_try_charge+0xd2/0x260
[  380.433889][T12274]  mem_cgroup_try_charge_delay+0x3a/0x80
[  380.439548][T12274]  __handle_mm_fault+0x197f/0x2e00
[  380.444713][T12274]  handle_mm_fault+0x21b/0x530
[  380.449617][T12274]  __get_user_pages+0x485/0x1130
[  380.454661][T12274]  ? __tsan_unaligned_write8+0x37/0x110
[  380.460332][T12274]  populate_vma_page_range+0xe6/0x100
[  380.465717][T12274]  __mm_populate+0x168/0x2a0
[  380.470329][T12274]  __x64_sys_mremap+0x5df/0x750
[  380.475213][T12274]  do_syscall_64+0xcc/0x3a0
[  380.479730][T12274]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  380.485731][T12274] RIP: 0033:0x45c449
[  380.489729][T12274] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  380.509463][T12274] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  380.517976][T12274] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  380.526013][T12274] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  380.533982][T12274] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  380.541944][T12274] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  380.549941][T12274] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  380.559277][T12274] memory: usage 307200kB, limit 307200kB, failcnt 801
[  380.566063][T12274] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  380.572961][T12274] Memory cgroup stats for /syz4:
[  380.573085][T12274] anon 310292480
[  380.573085][T12274] file 114688
[  380.573085][T12274] kernel_stack 331776
[  380.573085][T12274] slab 794624
[  380.573085][T12274] sock 0
[  380.573085][T12274] shmem 0
[  380.573085][T12274] file_mapped 0
[  380.573085][T12274] file_dirty 0
[  380.573085][T12274] file_writeback 0
[  380.573085][T12274] anon_thp 272629760
[  380.573085][T12274] inactive_anon 255369216
[  380.573085][T12274] active_anon 6836224
[  380.573085][T12274] inactive_file 0
[  380.573085][T12274] active_file 0
[  380.573085][T12274] unevictable 48050176
[  380.573085][T12274] slab_reclaimable 135168
[  380.573085][T12274] slab_unreclaimable 659456
[  380.573085][T12274] pgfault 47421
[  380.573085][T12274] pgmajfault 0
[  380.573085][T12274] workingset_refault 0
[  380.573085][T12274] workingset_activate 0
[  380.573085][T12274] workingset_nodereclaim 0
[  380.573085][T12274] pgrefill 0
[  380.573085][T12274] pgscan 0
[  380.573085][T12274] pgsteal 0
[  380.573085][T12274] pgactivate 0
[  380.670242][T12274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12268,uid=0
[  380.685841][T12274] Memory cgroup out of memory: Killed process 12274 (syz-executor.4) total-vm:74828kB, anon-rss:12972kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:188kB oom_score_adj:1000
[  380.705119][  T696] oom_reaper: reaped process 12274 (syz-executor.4), now anon-rss:13064kB, file-rss:56420kB, shmem-rss:0kB
09:23:32 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:32 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:32 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:32 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:32 executing program 3:
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x1600bd61, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="08418330e91000105ab071")
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x410000, 0x8, 0x210000, 0x8}, 0x1c)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080), 0x10)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4)

09:23:33 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  380.990848][   T27] audit: type=1804 audit(1582277013.094:211): pid=12313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/120/bus" dev="sda1" ino=16972 res=1
[  381.069155][   T27] audit: type=1804 audit(1582277013.134:212): pid=12313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/120/bus" dev="sda1" ino=16972 res=1
[  381.113491][T12325] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  381.139448][T12325] CPU: 0 PID: 12325 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  381.148369][T12325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  381.158427][T12325] Call Trace:
[  381.161803][T12325]  dump_stack+0x11d/0x181
[  381.166324][T12325]  dump_header+0xaa/0x39c
[  381.170678][T12325]  oom_kill_process.cold+0x10/0x15
[  381.175882][T12325]  out_of_memory+0x231/0xa60
[  381.180495][T12325]  mem_cgroup_out_of_memory+0x128/0x150
[  381.186056][T12325]  try_charge+0xb6c/0xbf0
[  381.190421][T12325]  mem_cgroup_try_charge+0xd2/0x260
[  381.195740][T12325]  mem_cgroup_try_charge_delay+0x3a/0x80
[  381.201394][T12325]  __handle_mm_fault+0x197f/0x2e00
[  381.206570][T12325]  handle_mm_fault+0x21b/0x530
09:23:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:33 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  381.211373][T12325]  __get_user_pages+0x485/0x1130
[  381.216342][T12325]  populate_vma_page_range+0xe6/0x100
[  381.221741][T12325]  __mm_populate+0x168/0x2a0
[  381.226354][T12325]  __x64_sys_mlockall+0x2e3/0x320
[  381.231398][T12325]  do_syscall_64+0xcc/0x3a0
[  381.235915][T12325]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  381.241803][T12325] RIP: 0033:0x45c449
[  381.245727][T12325] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  381.265343][T12325] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  381.273896][T12325] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  381.281870][T12325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  381.289845][T12325] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  381.297946][T12340] FAT-fs (loop2): bogus number of reserved sectors
[  381.298275][T12325] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  381.307592][T12340] FAT-fs (loop2): Can't find a valid FAT filesystem
[  381.312744][T12325] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  381.345484][T12325] memory: usage 307196kB, limit 307200kB, failcnt 822
[  381.353003][T12325] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  381.369929][T12325] Memory cgroup stats for /syz4:
[  381.370164][T12325] anon 310427648
[  381.370164][T12325] file 114688
[  381.370164][T12325] kernel_stack 294912
[  381.370164][T12325] slab 794624
[  381.370164][T12325] sock 0
[  381.370164][T12325] shmem 0
[  381.370164][T12325] file_mapped 0
[  381.370164][T12325] file_dirty 0
[  381.370164][T12325] file_writeback 0
[  381.370164][T12325] anon_thp 274726912
[  381.370164][T12325] inactive_anon 261406720
[  381.370164][T12325] active_anon 6836224
[  381.370164][T12325] inactive_file 0
[  381.370164][T12325] active_file 0
[  381.370164][T12325] unevictable 42303488
[  381.370164][T12325] slab_reclaimable 135168
[  381.370164][T12325] slab_unreclaimable 659456
[  381.370164][T12325] pgfault 48081
[  381.370164][T12325] pgmajfault 0
[  381.370164][T12325] workingset_refault 0
[  381.370164][T12325] workingset_activate 0
[  381.370164][T12325] workingset_nodereclaim 0
[  381.370164][T12325] pgrefill 0
[  381.370164][T12325] pgscan 0
[  381.370164][T12325] pgsteal 0
[  381.370164][T12325] pgactivate 0
[  381.414652][   T27] audit: type=1804 audit(1582277013.474:213): pid=12345 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/121/file0/bus" dev="sda1" ino=16973 res=1
[  381.467781][T12325] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12307,uid=0
[  381.507775][T12325] Memory cgroup out of memory: Killed process 12307 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  381.534093][  T696] oom_reaper: reaped process 12307 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
09:23:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:33 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:33 executing program 3:
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x1600bd61, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="08418330e91000105ab071")
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x410000, 0x8, 0x210000, 0x8}, 0x1c)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080), 0x10)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4)

[  381.719313][   T27] audit: type=1804 audit(1582277013.664:214): pid=12346 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/121/file0/bus" dev="sda1" ino=16973 res=1
[  381.860389][T12353] FAT-fs (loop2): bogus number of reserved sectors
[  381.877835][T12353] FAT-fs (loop2): Can't find a valid FAT filesystem
[  381.974270][   T27] audit: type=1804 audit(1582277014.074:215): pid=12353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/122/file0/bus" dev="sda1" ino=16974 res=1
[  382.010761][   T27] audit: type=1804 audit(1582277014.074:216): pid=12353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/122/file0/bus" dev="sda1" ino=16974 res=1
[  382.315055][T12325] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  382.325402][T12325] CPU: 1 PID: 12325 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  382.334070][T12325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  382.344230][T12325] Call Trace:
[  382.347560][T12325]  dump_stack+0x11d/0x181
[  382.351909][T12325]  dump_header+0xaa/0x39c
[  382.356239][T12325]  oom_kill_process.cold+0x10/0x15
[  382.361376][T12325]  out_of_memory+0x231/0xa60
[  382.365982][T12325]  mem_cgroup_out_of_memory+0x128/0x150
[  382.371534][T12325]  try_charge+0xb6c/0xbf0
[  382.376074][T12325]  mem_cgroup_try_charge+0xd2/0x260
[  382.381444][T12325]  mem_cgroup_try_charge_delay+0x3a/0x80
[  382.387069][T12325]  __handle_mm_fault+0x197f/0x2e00
[  382.392367][T12325]  handle_mm_fault+0x21b/0x530
[  382.397136][T12325]  __get_user_pages+0x485/0x1130
[  382.402121][T12325]  populate_vma_page_range+0xe6/0x100
[  382.407495][T12325]  __mm_populate+0x168/0x2a0
[  382.412171][T12325]  __x64_sys_mremap+0x5df/0x750
[  382.417134][T12325]  do_syscall_64+0xcc/0x3a0
[  382.421737][T12325]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  382.427689][T12325] RIP: 0033:0x45c449
[  382.431587][T12325] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  382.451196][T12325] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  382.459661][T12325] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  382.467624][T12325] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  382.475774][T12325] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  382.483909][T12325] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  382.491872][T12325] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  382.500708][T12325] memory: usage 307152kB, limit 307200kB, failcnt 857
[  382.507477][T12325] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  382.514462][T12325] Memory cgroup stats for /syz4:
[  382.514663][T12325] anon 310300672
[  382.514663][T12325] file 114688
[  382.514663][T12325] kernel_stack 294912
[  382.514663][T12325] slab 794624
[  382.514663][T12325] sock 0
[  382.514663][T12325] shmem 0
[  382.514663][T12325] file_mapped 0
[  382.514663][T12325] file_dirty 0
[  382.514663][T12325] file_writeback 0
[  382.514663][T12325] anon_thp 272629760
[  382.514663][T12325] inactive_anon 255287296
[  382.514663][T12325] active_anon 6836224
[  382.514663][T12325] inactive_file 0
[  382.514663][T12325] active_file 0
[  382.514663][T12325] unevictable 48123904
[  382.514663][T12325] slab_reclaimable 135168
[  382.514663][T12325] slab_unreclaimable 659456
[  382.514663][T12325] pgfault 49566
[  382.514663][T12325] pgmajfault 0
[  382.514663][T12325] workingset_refault 0
[  382.514663][T12325] workingset_activate 0
[  382.514663][T12325] workingset_nodereclaim 0
[  382.514663][T12325] pgrefill 0
[  382.514663][T12325] pgscan 0
[  382.514663][T12325] pgsteal 0
[  382.514663][T12325] pgactivate 0
[  382.611429][T12325] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12324,uid=0
[  382.626970][T12325] Memory cgroup out of memory: Killed process 12325 (syz-executor.4) total-vm:74960kB, anon-rss:12980kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  382.645096][  T696] oom_reaper: reaped process 12325 (syz-executor.4), now anon-rss:13024kB, file-rss:56420kB, shmem-rss:0kB
09:23:34 executing program 4:
mlockall(0x1)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:34 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
sched_setattr(0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:34 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:34 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="08418330e91000105ab071")
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x10, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x3e}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

[  382.857819][T12374] FAT-fs (loop2): bogus number of reserved sectors
[  382.880771][T12374] FAT-fs (loop2): Can't find a valid FAT filesystem
[  382.930440][T12379] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  382.941234][T12379] CPU: 1 PID: 12379 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  382.950330][T12379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  382.960995][T12379] Call Trace:
[  382.964290][T12379]  dump_stack+0x11d/0x181
[  382.968755][T12379]  dump_header+0xaa/0x39c
[  382.973108][T12379]  oom_kill_process.cold+0x10/0x15
[  382.978225][T12379]  out_of_memory+0x231/0xa60
[  382.982882][T12379]  mem_cgroup_out_of_memory+0x128/0x150
[  382.988451][T12379]  try_charge+0xb6c/0xbf0
[  382.992883][T12379]  mem_cgroup_try_charge+0xd2/0x260
[  382.998103][T12379]  mem_cgroup_try_charge_delay+0x3a/0x80
[  383.003749][T12379]  __handle_mm_fault+0x197f/0x2e00
[  383.008952][T12379]  handle_mm_fault+0x21b/0x530
[  383.013730][T12379]  __get_user_pages+0x485/0x1130
[  383.018686][T12379]  populate_vma_page_range+0xe6/0x100
[  383.024060][T12379]  __mm_populate+0x168/0x2a0
[  383.028701][T12379]  __x64_sys_mlockall+0x2e3/0x320
[  383.033735][T12379]  do_syscall_64+0xcc/0x3a0
[  383.038297][T12379]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  383.044184][T12379] RIP: 0033:0x45c449
[  383.048083][T12379] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  383.068160][T12379] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  383.076595][T12379] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  383.084563][T12379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  383.092670][T12379] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  383.100751][T12379] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  383.108772][T12379] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
09:23:35 executing program 3:
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c)

[  383.124510][   T27] audit: type=1804 audit(1582277015.224:217): pid=12388 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/123/file0/bus" dev="sda1" ino=16981 res=1
[  383.161530][T12379] memory: usage 307200kB, limit 307200kB, failcnt 876
[  383.167811][   T27] audit: type=1804 audit(1582277015.264:218): pid=12374 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/123/file0/bus" dev="sda1" ino=16981 res=1
[  383.203551][T12379] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  383.227269][T12379] Memory cgroup stats for /syz4:
[  383.228298][T12379] anon 310370304
[  383.228298][T12379] file 114688
[  383.228298][T12379] kernel_stack 331776
[  383.228298][T12379] slab 794624
[  383.228298][T12379] sock 0
[  383.228298][T12379] shmem 0
[  383.228298][T12379] file_mapped 0
[  383.228298][T12379] file_dirty 0
[  383.228298][T12379] file_writeback 0
[  383.228298][T12379] anon_thp 274726912
[  383.228298][T12379] inactive_anon 261304320
[  383.228298][T12379] active_anon 6836224
[  383.228298][T12379] inactive_file 0
[  383.228298][T12379] active_file 0
[  383.228298][T12379] unevictable 42172416
[  383.228298][T12379] slab_reclaimable 135168
[  383.228298][T12379] slab_unreclaimable 659456
[  383.228298][T12379] pgfault 50226
[  383.228298][T12379] pgmajfault 0
[  383.228298][T12379] workingset_refault 0
[  383.228298][T12379] workingset_activate 0
[  383.228298][T12379] workingset_nodereclaim 0
[  383.228298][T12379] pgrefill 0
[  383.228298][T12379] pgscan 0
[  383.228298][T12379] pgsteal 0
[  383.228298][T12379] pgactivate 0
09:23:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x48}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)=@in={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0}, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0xffffffe9, 0x2, 0x0, 0x0, 0x6, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000002f000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  383.342655][T12379] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12360,uid=0
[  383.359373][T12379] Memory cgroup out of memory: Killed process 12360 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
09:23:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:35 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  383.573942][T12399] FAT-fs (loop2): bogus number of reserved sectors
[  383.683832][T12399] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:35 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:35 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:36 executing program 3:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/uinput\x00', 0x2, 0x0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)={0x1})
write$uinput_user_dev(r0, &(0x7f0000000ac0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0xc761]}, 0x45c)

09:23:36 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:36 executing program 4:
mlockall(0x1)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:36 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:36 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1039}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4)
bind$bt_rfcomm(0xffffffffffffffff, &(0x7f00000003c0)={0x1f, @fixed={[], 0x11}}, 0xa)
sendto$inet(r0, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b)

[  384.277915][T12484] FAT-fs (loop2): bogus number of reserved sectors
[  384.324589][T12484] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:36 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:36 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  384.730041][T12702] FAT-fs (loop2): bogus number of reserved sectors
[  384.743381][T12702] FAT-fs (loop2): Can't find a valid FAT filesystem
[  384.843094][   T27] kauditd_printk_skb: 4 callbacks suppressed
[  384.843115][   T27] audit: type=1804 audit(1582277016.944:223): pid=12702 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/126/file0/bus" dev="sda1" ino=16980 res=1
09:23:37 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:37 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:37 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  385.046178][   T27] audit: type=1804 audit(1582277016.954:224): pid=12702 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/126/file0/bus" dev="sda1" ino=16980 res=1
09:23:37 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1039}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4)
bind$bt_rfcomm(0xffffffffffffffff, &(0x7f00000003c0)={0x1f, @fixed={[], 0x11}}, 0xa)
sendto$inet(r0, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b)

[  385.179176][T12716] FAT-fs (loop2): bogus number of reserved sectors
[  385.190199][T12716] FAT-fs (loop2): Can't find a valid FAT filesystem
[  385.297010][   T27] audit: type=1804 audit(1582277017.394:225): pid=12724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/127/file0/bus" dev="sda1" ino=16897 res=1
[  385.372268][   T27] audit: type=1804 audit(1582277017.424:226): pid=12724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/127/file0/bus" dev="sda1" ino=16897 res=1
09:23:37 executing program 4:
mlockall(0x1)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:37 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  385.725769][T12737] FAT-fs (loop2): bogus number of reserved sectors
[  385.737847][T12737] FAT-fs (loop2): Can't find a valid FAT filesystem
[  385.844620][   T27] audit: type=1804 audit(1582277017.944:227): pid=12742 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/128/file0/bus" dev="sda1" ino=16979 res=1
[  385.962254][   T27] audit: type=1804 audit(1582277017.944:228): pid=12742 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/128/file0/bus" dev="sda1" ino=16979 res=1
09:23:38 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:38 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:38 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000140), 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:38 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x2c, 0xb, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}}, 0x0)

[  386.264459][T12756] FAT-fs (loop2): bogus number of reserved sectors
[  386.279097][T12756] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:38 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  386.426803][   T27] audit: type=1804 audit(1582277018.524:229): pid=12756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/129/file0/bus" dev="sda1" ino=16954 res=1
09:23:38 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:38 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)}, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$batadv(0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x0, 0x0, 0x0)
r1 = socket(0x0, 0x800000003, 0x0)
getsockname$packet(r1, 0x0, &(0x7f0000000280))
bind$packet(0xffffffffffffffff, 0x0, 0x0)

09:23:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  386.544880][   T27] audit: type=1804 audit(1582277018.534:230): pid=12756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/129/file0/bus" dev="sda1" ino=16954 res=1
[  386.762870][T12923] FAT-fs (loop2): bogus number of reserved sectors
[  386.783965][T12923] FAT-fs (loop2): Can't find a valid FAT filesystem
[  386.852423][   T27] audit: type=1804 audit(1582277018.954:231): pid=12982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/130/file0/bus" dev="sda1" ino=16979 res=1
[  386.925314][   T27] audit: type=1804 audit(1582277018.984:232): pid=12982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/130/file0/bus" dev="sda1" ino=16979 res=1
09:23:39 executing program 4:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:39 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:39 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:39 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  387.110589][T12988] FAT-fs (loop2): bogus number of reserved sectors
[  387.129782][T12988] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:39 executing program 4:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:39 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:39 executing program 4:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:39 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)}, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$batadv(0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x0, 0x0, 0x0)
r1 = socket(0x0, 0x800000003, 0x0)
getsockname$packet(r1, 0x0, &(0x7f0000000280))
bind$packet(0xffffffffffffffff, 0x0, 0x0)

[  387.544734][T13019] FAT-fs (loop2): bogus number of reserved sectors
[  387.551455][T13019] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:39 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:39 executing program 4:
mlockall(0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

[  387.884601][T13038] FAT-fs (loop2): bogus number of reserved sectors
[  387.891450][T13038] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:40 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, 0x0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:40 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$setpipe(r6, 0x407, 0x0)
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:40 executing program 4:
mlockall(0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:40 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, 0x0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  388.291223][T13161] FAT-fs (loop2): bogus number of reserved sectors
[  388.325560][T13161] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:40 executing program 4:
mlockall(0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:40 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:40 executing program 3:
r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0)
r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x1000f3)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000001840)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f)

09:23:40 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

[  388.722561][T13183] FAT-fs (loop2): bogus number of reserved sectors
[  388.755512][T13183] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:41 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:41 executing program 3:
r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0)
r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x1000f3)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000001840)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f)

09:23:41 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
write(r5, &(0x7f0000000340), 0x41395527)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r6, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[  389.071082][T13195] FAT-fs (loop2): bogus number of reserved sectors
[  389.160403][T13195] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:41 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, 0x0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:41 executing program 3:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000140)={0x0, 0xc040000, &(0x7f0000000500)={&(0x7f0000000180)={0x1c, r0, 0x711, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)
socket(0x0, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)

09:23:41 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  389.588024][T13217] FAT-fs (loop2): bogus number of reserved sectors
[  389.641785][T13217] FAT-fs (loop2): Can't find a valid FAT filesystem
[  389.690242][T13185] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  389.703687][T13185] CPU: 0 PID: 13185 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  389.712402][T13185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  389.722550][T13185] Call Trace:
[  389.725855][T13185]  dump_stack+0x11d/0x181
[  389.730214][T13185]  dump_header+0xaa/0x39c
[  389.734547][T13185]  oom_kill_process.cold+0x10/0x15
[  389.739791][T13185]  out_of_memory+0x231/0xa60
[  389.744438][T13185]  mem_cgroup_out_of_memory+0x128/0x150
[  389.749987][T13185]  try_charge+0xb6c/0xbf0
[  389.754319][T13185]  mem_cgroup_try_charge+0xd2/0x260
[  389.759626][T13185]  mem_cgroup_try_charge_delay+0x3a/0x80
[  389.765408][T13185]  __handle_mm_fault+0x197f/0x2e00
[  389.770646][T13185]  handle_mm_fault+0x21b/0x530
[  389.775420][T13185]  __get_user_pages+0x485/0x1130
[  389.780408][T13185]  populate_vma_page_range+0xe6/0x100
[  389.785855][T13185]  __mm_populate+0x168/0x2a0
[  389.790433][T13185]  __x64_sys_mremap+0x5df/0x750
[  389.795276][T13185]  do_syscall_64+0xcc/0x3a0
[  389.799769][T13185]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  389.805744][T13185] RIP: 0033:0x45c449
[  389.809635][T13185] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  389.829365][T13185] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  389.837779][T13185] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  389.846447][T13185] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  389.854423][T13185] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  389.862401][T13185] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  389.870364][T13185] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  389.880695][T13185] memory: usage 307200kB, limit 307200kB, failcnt 891
[  389.888019][T13185] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  389.895704][T13185] Memory cgroup stats for /syz4:
[  389.897419][T13185] anon 309362688
[  389.897419][T13185] file 114688
[  389.897419][T13185] kernel_stack 405504
[  389.897419][T13185] slab 794624
[  389.897419][T13185] sock 0
[  389.897419][T13185] shmem 0
[  389.897419][T13185] file_mapped 0
[  389.897419][T13185] file_dirty 0
[  389.897419][T13185] file_writeback 0
[  389.897419][T13185] anon_thp 274726912
[  389.897419][T13185] inactive_anon 255307776
[  389.897419][T13185] active_anon 7434240
[  389.897419][T13185] inactive_file 0
[  389.897419][T13185] active_file 0
[  389.897419][T13185] unevictable 46563328
[  389.897419][T13185] slab_reclaimable 135168
[  389.897419][T13185] slab_unreclaimable 659456
[  389.897419][T13185] pgfault 55704
[  389.897419][T13185] pgmajfault 0
[  389.897419][T13185] workingset_refault 0
[  389.897419][T13185] workingset_activate 0
[  389.897419][T13185] workingset_nodereclaim 0
[  389.897419][T13185] pgrefill 0
[  389.897419][T13185] pgscan 0
[  389.897419][T13185] pgsteal 0
09:23:42 executing program 3:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000140)={0x0, 0xc040000, &(0x7f0000000500)={&(0x7f0000000180)={0x1c, r0, 0x711, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)
socket(0x0, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)

[  389.897419][T13185] pgactivate 0
[  390.006624][T13185] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13180,uid=0
09:23:42 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  390.082107][T13185] Memory cgroup out of memory: Killed process 13180 (syz-executor.4) total-vm:74828kB, anon-rss:11368kB, file-rss:55528kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  390.149373][  T696] oom_reaper: reaped process 13180 (syz-executor.4), now anon-rss:11380kB, file-rss:56420kB, shmem-rss:0kB
[  390.307829][T13246] FAT-fs (loop2): bogus number of reserved sectors
[  390.323620][T13246] FAT-fs (loop2): Can't find a valid FAT filesystem
[  390.400762][   T27] kauditd_printk_skb: 14 callbacks suppressed
[  390.400796][   T27] audit: type=1804 audit(1582277022.504:247): pid=13246 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/138/file0/bus" dev="sda1" ino=16557 res=1
[  390.517914][   T27] audit: type=1804 audit(1582277022.534:248): pid=13246 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/138/file0/bus" dev="sda1" ino=16557 res=1
09:23:43 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:43 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r6, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:43 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup3(r1, r0, 0x0)
getsockopt$sock_timeval(r2, 0x1, 0x2e, 0x0, &(0x7f0000000240))

09:23:43 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:43 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080), 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:43 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
shutdown(r0, 0x1)

[  391.163163][T13265] FAT-fs (loop2): invalid media value (0x00)
[  391.176020][T13265] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:43 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, 0x0)
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  391.303405][   T27] audit: type=1804 audit(1582277023.404:249): pid=13265 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/139/file0/bus" dev="sda1" ino=16754 res=1
09:23:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  391.355823][T13270] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  391.381576][   T27] audit: type=1804 audit(1582277023.414:250): pid=13265 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/139/file0/bus" dev="sda1" ino=16754 res=1
09:23:43 executing program 3:
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

09:23:43 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, 0x0)
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  391.406542][T13270] CPU: 0 PID: 13270 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  391.415226][T13270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  391.425282][T13270] Call Trace:
[  391.428593][T13270]  dump_stack+0x11d/0x181
[  391.433063][T13270]  dump_header+0xaa/0x39c
[  391.437417][T13270]  oom_kill_process.cold+0x10/0x15
[  391.442584][T13270]  out_of_memory+0x231/0xa60
[  391.447315][T13270]  mem_cgroup_out_of_memory+0x128/0x150
[  391.452881][T13270]  try_charge+0xb6c/0xbf0
[  391.457244][T13270]  mem_cgroup_try_charge+0xd2/0x260
[  391.462463][T13270]  mem_cgroup_try_charge_delay+0x3a/0x80
[  391.468196][T13270]  __handle_mm_fault+0x197f/0x2e00
[  391.473345][T13270]  handle_mm_fault+0x21b/0x530
[  391.478204][T13270]  __get_user_pages+0x485/0x1130
[  391.483182][T13270]  populate_vma_page_range+0xe6/0x100
[  391.488601][T13270]  __mm_populate+0x168/0x2a0
[  391.493208][T13270]  __x64_sys_mlockall+0x2e3/0x320
[  391.498255][T13270]  do_syscall_64+0xcc/0x3a0
[  391.502773][T13270]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  391.508669][T13270] RIP: 0033:0x45c449
[  391.512573][T13270] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  391.522655][T13281] FAT-fs (loop2): invalid media value (0x00)
[  391.532497][T13270] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  391.532520][T13270] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  391.532530][T13270] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  391.532540][T13270] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  391.532549][T13270] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  391.532559][T13270] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  391.597976][T13281] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:43 executing program 3:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0)
pipe(0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
rmdir(0x0)

[  391.646463][T13270] memory: usage 307200kB, limit 307200kB, failcnt 920
[  391.656175][   T27] audit: type=1804 audit(1582277023.754:251): pid=13289 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/140/file0/bus" dev="sda1" ino=17008 res=1
[  391.667939][T13270] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  391.688788][T13270] Memory cgroup stats for /syz4:
[  391.689003][T13270] anon 309481472
[  391.689003][T13270] file 114688
[  391.689003][T13270] kernel_stack 405504
[  391.689003][T13270] slab 794624
[  391.689003][T13270] sock 0
[  391.689003][T13270] shmem 0
[  391.689003][T13270] file_mapped 0
[  391.689003][T13270] file_dirty 0
[  391.689003][T13270] file_writeback 0
[  391.689003][T13270] anon_thp 274726912
[  391.689003][T13270] inactive_anon 261267456
[  391.689003][T13270] active_anon 7434240
[  391.689003][T13270] inactive_file 0
[  391.689003][T13270] active_file 0
[  391.689003][T13270] unevictable 40574976
[  391.689003][T13270] slab_reclaimable 135168
[  391.689003][T13270] slab_unreclaimable 659456
[  391.689003][T13270] pgfault 56529
[  391.689003][T13270] pgmajfault 0
[  391.689003][T13270] workingset_refault 0
[  391.689003][T13270] workingset_activate 0
[  391.689003][T13270] workingset_nodereclaim 0
[  391.689003][T13270] pgrefill 0
[  391.689003][T13270] pgscan 0
[  391.689003][T13270] pgsteal 0
[  391.689003][T13270] pgactivate 0
[  391.719432][   T27] audit: type=1804 audit(1582277023.794:252): pid=13289 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/140/file0/bus" dev="sda1" ino=17008 res=1
[  391.785232][T13270] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13199,uid=0
[  391.826792][T13270] Memory cgroup out of memory: Killed process 13199 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  392.259780][T13270] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  392.270482][T13270] CPU: 1 PID: 13270 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  392.279675][T13270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  392.289887][T13270] Call Trace:
[  392.293189][T13270]  dump_stack+0x11d/0x181
[  392.297519][T13270]  dump_header+0xaa/0x39c
[  392.301926][T13270]  oom_kill_process.cold+0x10/0x15
[  392.307125][T13270]  out_of_memory+0x231/0xa60
[  392.311864][T13270]  mem_cgroup_out_of_memory+0x128/0x150
[  392.317439][T13270]  try_charge+0xb6c/0xbf0
[  392.323272][T13270]  mem_cgroup_try_charge+0xd2/0x260
[  392.328500][T13270]  mem_cgroup_try_charge_delay+0x3a/0x80
[  392.334258][T13270]  __handle_mm_fault+0x197f/0x2e00
[  392.339450][T13270]  handle_mm_fault+0x21b/0x530
[  392.344279][T13270]  __get_user_pages+0x485/0x1130
[  392.349237][T13270]  populate_vma_page_range+0xe6/0x100
[  392.354636][T13270]  __mm_populate+0x168/0x2a0
[  392.359237][T13270]  __x64_sys_mremap+0x5df/0x750
[  392.364117][T13270]  do_syscall_64+0xcc/0x3a0
[  392.368642][T13270]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  392.374585][T13270] RIP: 0033:0x45c449
[  392.378522][T13270] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  392.398244][T13270] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  392.406670][T13270] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  392.414648][T13270] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  392.422734][T13270] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  392.430731][T13270] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  392.438749][T13270] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  392.447641][T13270] memory: usage 307200kB, limit 307200kB, failcnt 955
[  392.455752][T13270] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  392.462628][T13270] Memory cgroup stats for /syz4:
[  392.462776][T13270] anon 309223424
[  392.462776][T13270] file 114688
[  392.462776][T13270] kernel_stack 442368
[  392.462776][T13270] slab 794624
[  392.462776][T13270] sock 0
[  392.462776][T13270] shmem 0
[  392.462776][T13270] file_mapped 0
[  392.462776][T13270] file_dirty 0
[  392.462776][T13270] file_writeback 0
[  392.462776][T13270] anon_thp 272629760
[  392.462776][T13270] inactive_anon 256090112
[  392.462776][T13270] active_anon 7434240
[  392.462776][T13270] inactive_file 0
[  392.462776][T13270] active_file 0
[  392.462776][T13270] unevictable 45600768
[  392.462776][T13270] slab_reclaimable 135168
[  392.462776][T13270] slab_unreclaimable 659456
[  392.462776][T13270] pgfault 57783
[  392.462776][T13270] pgmajfault 0
[  392.462776][T13270] workingset_refault 0
[  392.462776][T13270] workingset_activate 0
[  392.462776][T13270] workingset_nodereclaim 0
[  392.462776][T13270] pgrefill 0
[  392.462776][T13270] pgscan 0
[  392.462776][T13270] pgsteal 0
[  392.462776][T13270] pgactivate 0
[  392.559922][T13270] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13267,uid=0
[  392.575535][T13270] Memory cgroup out of memory: Killed process 13267 (syz-executor.4) total-vm:74828kB, anon-rss:12688kB, file-rss:55528kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  392.593531][  T696] oom_reaper: reaped process 13267 (syz-executor.4), now anon-rss:12800kB, file-rss:56420kB, shmem-rss:0kB
09:23:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:44 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, 0x0)
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:44 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200))
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:44 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080), 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:44 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:44 executing program 3:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0)
pipe(0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
rmdir(0x0)

[  392.784585][T13308] FAT-fs (loop2): invalid media value (0x00)
[  392.797595][T13308] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:44 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:45 executing program 3:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0)
pipe(0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
rmdir(0x0)

[  392.913526][T13315] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  392.934442][   T27] audit: type=1804 audit(1582277025.034:253): pid=13318 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/141/file0/bus" dev="sda1" ino=17013 res=1
[  392.973040][T13315] CPU: 1 PID: 13315 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  392.981749][T13315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  392.991948][T13315] Call Trace:
[  392.995257][T13315]  dump_stack+0x11d/0x181
[  393.000824][T13315]  dump_header+0xaa/0x39c
[  393.005297][T13315]  oom_kill_process.cold+0x10/0x15
[  393.010686][T13315]  out_of_memory+0x231/0xa60
[  393.015304][T13315]  mem_cgroup_out_of_memory+0x128/0x150
[  393.020895][T13315]  try_charge+0xb6c/0xbf0
[  393.025278][T13315]  mem_cgroup_try_charge+0xd2/0x260
[  393.030965][T13315]  mem_cgroup_try_charge_delay+0x3a/0x80
[  393.036630][T13315]  __handle_mm_fault+0x197f/0x2e00
[  393.042120][T13315]  handle_mm_fault+0x21b/0x530
[  393.046913][T13315]  __get_user_pages+0x485/0x1130
[  393.052119][T13315]  populate_vma_page_range+0xe6/0x100
[  393.057618][T13315]  __mm_populate+0x168/0x2a0
[  393.062309][T13315]  __x64_sys_mlockall+0x2e3/0x320
[  393.067357][T13315]  do_syscall_64+0xcc/0x3a0
[  393.071903][T13315]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  393.077915][T13315] RIP: 0033:0x45c449
[  393.081828][T13315] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  393.101647][T13315] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  393.110246][T13315] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
09:23:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  393.118226][T13315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  393.126350][T13315] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  393.138273][T13315] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  393.146252][T13315] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
09:23:45 executing program 3:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0)
pipe(0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
rmdir(0x0)

[  393.166571][T13315] memory: usage 307200kB, limit 307200kB, failcnt 978
[  393.186835][T13315] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  393.201697][T13315] Memory cgroup stats for /syz4:
[  393.201890][T13315] anon 309276672
[  393.201890][T13315] file 114688
[  393.201890][T13315] kernel_stack 442368
[  393.201890][T13315] slab 794624
[  393.201890][T13315] sock 0
[  393.201890][T13315] shmem 0
[  393.201890][T13315] file_mapped 0
[  393.201890][T13315] file_dirty 0
[  393.201890][T13315] file_writeback 0
[  393.201890][T13315] anon_thp 272629760
[  393.201890][T13315] inactive_anon 263413760
[  393.201890][T13315] active_anon 7434240
[  393.201890][T13315] inactive_file 0
[  393.201890][T13315] active_file 0
[  393.201890][T13315] unevictable 38375424
[  393.201890][T13315] slab_reclaimable 135168
[  393.201890][T13315] slab_unreclaimable 659456
[  393.201890][T13315] pgfault 58575
[  393.201890][T13315] pgmajfault 0
[  393.201890][T13315] workingset_refault 0
[  393.201890][T13315] workingset_activate 0
[  393.201890][T13315] workingset_nodereclaim 0
[  393.201890][T13315] pgrefill 0
[  393.201890][T13315] pgscan 0
[  393.201890][T13315] pgsteal 0
[  393.201890][T13315] pgactivate 0
[  393.209991][   T27] audit: type=1804 audit(1582277025.034:254): pid=13318 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/141/file0/bus" dev="sda1" ino=17013 res=1
[  393.340176][T13315] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13300,uid=0
[  393.355980][T13315] Memory cgroup out of memory: Killed process 13300 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  393.380551][  T696] oom_reaper: reaped process 13300 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[  393.394190][T13328] FAT-fs (loop2): invalid media value (0x00)
[  393.404777][T13328] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:45 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

09:23:45 executing program 3:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0)
pipe(0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
rmdir(0x0)

09:23:45 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000040))

09:23:45 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080), 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:45 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  393.802797][   T27] audit: type=1804 audit(1582277025.484:255): pid=13329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/142/bus" dev="sda1" ino=16881 res=1
[  393.879051][T13449] FAT-fs (loop2): invalid media value (0x00)
[  393.905679][T13449] FAT-fs (loop2): Can't find a valid FAT filesystem
[  393.912810][   T27] audit: type=1804 audit(1582277025.524:256): pid=13329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/142/bus" dev="sda1" ino=16881 res=1
09:23:46 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{0x0}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:46 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}})
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r2 = dup(0xffffffffffffffff)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
ioctl$RNDGETENTCNT(r2, 0x80045200, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
write$tun(r0, &(0x7f0000000200)={@void, @val, @mpls={[], @ipv6=@gre_packet={0x0, 0x6, '\x00', 0x44, 0x2f, 0x0, @rand_addr="54326d5498a42373620e6eb5d9a5785a", @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {}, {0x689, 0x88be, 0x1}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0xfffb}}}}}}}}, 0x76)
recvmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f00000002c0))
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)

09:23:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:46 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:46 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0xfde5, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}, 0xfdef)

[  394.440114][T13473] FAT-fs (loop2): invalid media value (0x00)
[  394.446184][T13473] FAT-fs (loop2): Can't find a valid FAT filesystem
[  394.479408][T13470] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  394.489745][T13470] CPU: 1 PID: 13470 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  394.498427][T13470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  394.508591][T13470] Call Trace:
[  394.511902][T13470]  dump_stack+0x11d/0x181
[  394.516285][T13470]  dump_header+0xaa/0x39c
[  394.520777][T13470]  oom_kill_process.cold+0x10/0x15
[  394.526031][T13470]  out_of_memory+0x231/0xa60
[  394.530667][T13470]  mem_cgroup_out_of_memory+0x128/0x150
[  394.536228][T13470]  try_charge+0xb6c/0xbf0
09:23:46 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{0x0}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  394.540723][T13470]  mem_cgroup_try_charge+0xd2/0x260
[  394.546009][T13470]  mem_cgroup_try_charge_delay+0x3a/0x80
[  394.551662][T13470]  __handle_mm_fault+0x197f/0x2e00
[  394.556867][T13470]  handle_mm_fault+0x21b/0x530
[  394.561711][T13470]  __get_user_pages+0x485/0x1130
[  394.566780][T13470]  populate_vma_page_range+0xe6/0x100
[  394.572244][T13470]  __mm_populate+0x168/0x2a0
[  394.576862][T13470]  __x64_sys_mlockall+0x2e3/0x320
[  394.581885][T13470]  do_syscall_64+0xcc/0x3a0
[  394.586486][T13470]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  394.592365][T13470] RIP: 0033:0x45c449
[  394.596251][T13470] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  394.616018][T13470] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  394.624464][T13470] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  394.632501][T13470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  394.640474][T13470] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  394.648535][T13470] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  394.656504][T13470] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  394.665439][T13470] memory: usage 307200kB, limit 307200kB, failcnt 1012
[  394.672393][T13470] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  394.679413][T13470] Memory cgroup stats for /syz4:
[  394.679647][T13470] anon 309403648
[  394.679647][T13470] file 114688
[  394.679647][T13470] kernel_stack 442368
[  394.679647][T13470] slab 794624
[  394.679647][T13470] sock 0
[  394.679647][T13470] shmem 0
[  394.679647][T13470] file_mapped 0
[  394.679647][T13470] file_dirty 0
[  394.679647][T13470] file_writeback 0
[  394.679647][T13470] anon_thp 272629760
[  394.679647][T13470] inactive_anon 263536640
[  394.679647][T13470] active_anon 7434240
[  394.679647][T13470] inactive_file 0
[  394.679647][T13470] active_file 0
[  394.679647][T13470] unevictable 38486016
[  394.679647][T13470] slab_reclaimable 135168
[  394.679647][T13470] slab_unreclaimable 659456
[  394.679647][T13470] pgfault 60654
[  394.679647][T13470] pgmajfault 0
[  394.679647][T13470] workingset_refault 0
[  394.679647][T13470] workingset_activate 0
[  394.679647][T13470] workingset_nodereclaim 0
[  394.679647][T13470] pgrefill 0
[  394.679647][T13470] pgscan 0
[  394.679647][T13470] pgsteal 0
[  394.679647][T13470] pgactivate 0
[  394.781711][T13470] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13458,uid=0
09:23:46 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:47 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, 0x0, 0x0)

[  394.872933][T13470] Memory cgroup out of memory: Killed process 13458 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
09:23:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:47 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{0x0}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  394.938355][  T696] oom_reaper: reaped process 13458 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
09:23:47 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}})
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r2 = dup(0xffffffffffffffff)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
ioctl$RNDGETENTCNT(r2, 0x80045200, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
write$tun(r0, &(0x7f0000000200)={@void, @val, @mpls={[], @ipv6=@gre_packet={0x0, 0x6, '\x00', 0x44, 0x2f, 0x0, @rand_addr="54326d5498a42373620e6eb5d9a5785a", @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {}, {0x689, 0x88be, 0x1}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0xfffb}}}}}}}}, 0x76)
recvmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f00000002c0))
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)

[  395.067537][T13517] FAT-fs (loop2): invalid media value (0x00)
[  395.074957][T13517] FAT-fs (loop2): Can't find a valid FAT filesystem
09:23:47 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:47 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, 0x0, 0x0)

[  395.507473][T13539] FAT-fs (loop2): invalid media value (0x00)
[  395.537801][T13539] FAT-fs (loop2): Can't find a valid FAT filesystem
[  395.648452][   T27] kauditd_printk_skb: 6 callbacks suppressed
[  395.648524][   T27] audit: type=1804 audit(1582277027.754:263): pid=13539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/146/file0/bus" dev="sda1" ino=17020 res=1
09:23:47 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00')
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x41, 0x0)
sendfile(r1, r0, 0x0, 0x1c01)

[  395.696945][   T27] audit: type=1804 audit(1582277027.764:264): pid=13539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/146/file0/bus" dev="sda1" ino=17020 res=1
09:23:48 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:48 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:48 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
getpid()
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:48 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}})
write$tun(r0, 0x0, 0x0)

[  396.136165][T13558] FAT-fs (loop2): invalid media value (0x00)
[  396.168087][T13558] FAT-fs (loop2): Can't find a valid FAT filesystem
[  396.192085][T13564] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  396.202542][T13564] CPU: 1 PID: 13564 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  396.211216][T13564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  396.221310][T13564] Call Trace:
[  396.224642][T13564]  dump_stack+0x11d/0x181
[  396.229092][T13564]  dump_header+0xaa/0x39c
[  396.233408][T13564]  oom_kill_process.cold+0x10/0x15
[  396.238512][T13564]  out_of_memory+0x231/0xa60
[  396.243142][T13564]  mem_cgroup_out_of_memory+0x128/0x150
[  396.248687][T13564]  try_charge+0xb6c/0xbf0
[  396.251174][   T27] audit: type=1804 audit(1582277028.304:265): pid=13569 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/147/file0/bus" dev="sda1" ino=17032 res=1
[  396.253108][T13564]  mem_cgroup_try_charge+0xd2/0x260
[  396.253178][T13564]  mem_cgroup_try_charge_delay+0x3a/0x80
[  396.281930][   T27] audit: type=1804 audit(1582277028.304:266): pid=13569 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/147/file0/bus" dev="sda1" ino=17032 res=1
[  396.283533][T13564]  __handle_mm_fault+0x197f/0x2e00
[  396.283579][T13564]  handle_mm_fault+0x21b/0x530
[  396.324003][T13564]  __get_user_pages+0x485/0x1130
[  396.328981][T13564]  populate_vma_page_range+0xe6/0x100
[  396.334496][T13564]  __mm_populate+0x168/0x2a0
[  396.339140][T13564]  __x64_sys_mlockall+0x2e3/0x320
[  396.344167][T13564]  do_syscall_64+0xcc/0x3a0
[  396.348669][T13564]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  396.354717][T13564] RIP: 0033:0x45c449
[  396.358599][T13564] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  396.378327][T13564] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  396.386864][T13564] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  396.394835][T13564] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  396.402940][T13564] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  396.410899][T13564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  396.418859][T13564] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  396.434864][T13564] memory: usage 307200kB, limit 307200kB, failcnt 1064
[  396.451066][T13564] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  396.471451][T13564] Memory cgroup stats for /syz4:
[  396.471655][T13564] anon 309436416
[  396.471655][T13564] file 114688
[  396.471655][T13564] kernel_stack 442368
[  396.471655][T13564] slab 794624
[  396.471655][T13564] sock 0
[  396.471655][T13564] shmem 0
[  396.471655][T13564] file_mapped 0
[  396.471655][T13564] file_dirty 0
[  396.471655][T13564] file_writeback 0
[  396.471655][T13564] anon_thp 272629760
[  396.471655][T13564] inactive_anon 263458816
[  396.471655][T13564] active_anon 7434240
[  396.471655][T13564] inactive_file 0
[  396.471655][T13564] active_file 0
[  396.471655][T13564] unevictable 38621184
[  396.471655][T13564] slab_reclaimable 135168
[  396.471655][T13564] slab_unreclaimable 659456
[  396.471655][T13564] pgfault 62700
[  396.471655][T13564] pgmajfault 0
[  396.471655][T13564] workingset_refault 0
[  396.471655][T13564] workingset_activate 0
[  396.471655][T13564] workingset_nodereclaim 0
[  396.471655][T13564] pgrefill 0
[  396.471655][T13564] pgscan 0
[  396.471655][T13564] pgsteal 0
[  396.471655][T13564] pgactivate 0
[  396.568489][T13564] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13535,uid=0
[  396.584421][T13564] Memory cgroup out of memory: Killed process 13535 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
09:23:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:48 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0xa4001)
r1 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x400d62e, 0x0)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

09:23:48 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
getpid()
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:48 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup3(r1, r0, 0x0)
getsockopt$sock_timeval(r2, 0x1, 0x8, 0x0, &(0x7f0000000240))

[  396.891170][   T27] audit: type=1804 audit(1582277028.994:267): pid=13580 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/148/bus" dev="sda1" ino=17028 res=1
09:23:49 executing program 0:
syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000100)="020143a5ffffffffffffa5000800000000000000004000ffffffa9000000e100000088770072003a0700bfffffff000000000080", 0x34, 0x1c0}])

09:23:49 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  397.092793][   T27] audit: type=1804 audit(1582277029.034:268): pid=13580 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/148/bus" dev="sda1" ino=17028 res=1
[  397.324042][   T27] audit: type=1804 audit(1582277029.424:269): pid=13599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/149/bus" dev="sda1" ino=17019 res=1
[  397.357511][   T27] audit: type=1804 audit(1582277029.424:270): pid=13599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/149/bus" dev="sda1" ino=17019 res=1
09:23:49 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:49 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
getpid()
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:49 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0xbb7379f1feabf7e, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000380)={0x1, 0x1, &(0x7f0000001340)=""/4096, &(0x7f0000000180)=""/193, &(0x7f00000002c0)=""/153, 0x1000})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1039}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b)

09:23:49 executing program 0:
perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f00000000c0)=ANY=[])

09:23:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  397.634416][T13616] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  397.644748][T13616] CPU: 1 PID: 13616 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  397.652742][   T27] audit: type=1804 audit(1582277029.744:271): pid=13610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/150/bus" dev="sda1" ino=17036 res=1
[  397.653422][T13616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  397.653428][T13616] Call Trace:
[  397.653468][T13616]  dump_stack+0x11d/0x181
[  397.695716][T13616]  dump_header+0xaa/0x39c
[  397.700201][T13616]  oom_kill_process.cold+0x10/0x15
[  397.705340][T13616]  out_of_memory+0x231/0xa60
[  397.710044][T13616]  mem_cgroup_out_of_memory+0x128/0x150
[  397.715621][T13616]  try_charge+0xb6c/0xbf0
[  397.720041][T13616]  mem_cgroup_try_charge+0xd2/0x260
[  397.725265][T13616]  mem_cgroup_try_charge_delay+0x3a/0x80
[  397.730936][T13616]  __handle_mm_fault+0x197f/0x2e00
[  397.736145][T13616]  handle_mm_fault+0x21b/0x530
[  397.741052][T13616]  __get_user_pages+0x485/0x1130
[  397.746027][T13616]  populate_vma_page_range+0xe6/0x100
[  397.751449][T13616]  __mm_populate+0x168/0x2a0
[  397.756209][T13616]  __x64_sys_mlockall+0x2e3/0x320
[  397.758953][   T27] audit: type=1804 audit(1582277029.744:272): pid=13610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/150/bus" dev="sda1" ino=17036 res=1
[  397.761247][T13616]  do_syscall_64+0xcc/0x3a0
[  397.761272][T13616]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  397.761285][T13616] RIP: 0033:0x45c449
[  397.761373][T13616] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  397.761393][T13616] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  397.827590][T13616] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
09:23:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  397.835570][T13616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  397.843651][T13616] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  397.851634][T13616] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  397.859595][T13616] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  397.868107][T13616] memory: usage 307200kB, limit 307200kB, failcnt 1123
[  397.875177][T13616] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
09:23:50 executing program 0:
perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f00000000c0)=ANY=[])

[  397.882159][T13616] Memory cgroup stats for /syz4:
[  397.882325][T13616] anon 309415936
[  397.882325][T13616] file 114688
[  397.882325][T13616] kernel_stack 442368
[  397.882325][T13616] slab 794624
[  397.882325][T13616] sock 0
[  397.882325][T13616] shmem 0
[  397.882325][T13616] file_mapped 0
[  397.882325][T13616] file_dirty 0
[  397.882325][T13616] file_writeback 0
[  397.882325][T13616] anon_thp 272629760
[  397.882325][T13616] inactive_anon 263548928
[  397.882325][T13616] active_anon 7434240
[  397.882325][T13616] inactive_file 0
[  397.882325][T13616] active_file 0
09:23:50 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[  397.882325][T13616] unevictable 38584320
[  397.882325][T13616] slab_reclaimable 135168
[  397.882325][T13616] slab_unreclaimable 659456
[  397.882325][T13616] pgfault 64746
[  397.882325][T13616] pgmajfault 0
[  397.882325][T13616] workingset_refault 0
[  397.882325][T13616] workingset_activate 0
[  397.882325][T13616] workingset_nodereclaim 0
[  397.882325][T13616] pgrefill 0
[  397.882325][T13616] pgscan 0
[  397.882325][T13616] pgsteal 0
[  397.882325][T13616] pgactivate 0
09:23:50 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  397.979394][T13616] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13579,uid=0
[  398.007809][T13616] Memory cgroup out of memory: Killed process 13579 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  398.053559][  T696] oom_reaper: reaped process 13579 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
09:23:50 executing program 0:
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0), 0x4)

09:23:50 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca", 0x24}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  398.819132][T13616] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  398.829821][T13616] CPU: 0 PID: 13616 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  398.838632][T13616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  398.848693][T13616] Call Trace:
[  398.851996][T13616]  dump_stack+0x11d/0x181
[  398.856376][T13616]  dump_header+0xaa/0x39c
[  398.860726][T13616]  oom_kill_process.cold+0x10/0x15
[  398.865855][T13616]  out_of_memory+0x231/0xa60
[  398.870478][T13616]  mem_cgroup_out_of_memory+0x128/0x150
[  398.876062][T13616]  try_charge+0xb6c/0xbf0
[  398.880460][T13616]  mem_cgroup_try_charge+0xd2/0x260
[  398.885652][T13616]  mem_cgroup_try_charge_delay+0x3a/0x80
[  398.891346][T13616]  __handle_mm_fault+0x197f/0x2e00
[  398.896511][T13616]  handle_mm_fault+0x21b/0x530
[  398.901330][T13616]  __get_user_pages+0x485/0x1130
[  398.906327][T13616]  populate_vma_page_range+0xe6/0x100
[  398.911684][T13616]  __mm_populate+0x168/0x2a0
[  398.916421][T13616]  __x64_sys_mremap+0x5df/0x750
[  398.921307][T13616]  do_syscall_64+0xcc/0x3a0
[  398.925846][T13616]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  398.931763][T13616] RIP: 0033:0x45c449
[  398.935687][T13616] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  398.955332][T13616] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  398.963879][T13616] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  398.971912][T13616] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  398.979874][T13616] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  398.987836][T13616] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  398.996050][T13616] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  399.005713][T13616] memory: usage 307200kB, limit 307200kB, failcnt 1157
[  399.012897][T13616] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  399.020029][T13616] Memory cgroup stats for /syz4:
[  399.021278][T13616] anon 309268480
[  399.021278][T13616] file 114688
[  399.021278][T13616] kernel_stack 479232
[  399.021278][T13616] slab 794624
[  399.021278][T13616] sock 0
[  399.021278][T13616] shmem 0
[  399.021278][T13616] file_mapped 0
[  399.021278][T13616] file_dirty 0
[  399.021278][T13616] file_writeback 0
[  399.021278][T13616] anon_thp 272629760
[  399.021278][T13616] inactive_anon 256217088
[  399.021278][T13616] active_anon 7434240
[  399.021278][T13616] inactive_file 0
[  399.021278][T13616] active_file 0
[  399.021278][T13616] unevictable 45715456
[  399.021278][T13616] slab_reclaimable 135168
[  399.021278][T13616] slab_unreclaimable 659456
[  399.021278][T13616] pgfault 66000
[  399.021278][T13616] pgmajfault 0
[  399.021278][T13616] workingset_refault 0
[  399.021278][T13616] workingset_activate 0
[  399.021278][T13616] workingset_nodereclaim 0
[  399.021278][T13616] pgrefill 0
[  399.021278][T13616] pgscan 0
[  399.021278][T13616] pgsteal 0
[  399.021278][T13616] pgactivate 0
[  399.119105][T13616] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13613,uid=0
[  399.135528][T13616] Memory cgroup out of memory: Killed process 13613 (syz-executor.4) total-vm:74828kB, anon-rss:12708kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  399.156395][  T696] oom_reaper: reaped process 13613 (syz-executor.4), now anon-rss:12700kB, file-rss:56420kB, shmem-rss:0kB
09:23:51 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:51 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:51 executing program 0:
perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48151, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x3, 0x9)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x10)
recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f00000018c0)=[{&(0x7f0000000200)=""/77}, {&(0x7f00000002c0)=""/150, 0x297}, {&(0x7f0000000380)=""/118}, {&(0x7f0000000500)=""/235}, {&(0x7f0000000600)=""/159}, {&(0x7f00000006c0)=""/225, 0x4}, {&(0x7f00000007c0)=""/235}, {&(0x7f00000008c0)=""/4096}], 0x0, 0x0, 0xfffffffffffffe54}}], 0x5cd31d, 0x22, 0x0)

09:23:51 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0xbb7379f1feabf7e, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000380)={0x1, 0x1, &(0x7f0000001340)=""/4096, &(0x7f0000000180)=""/193, &(0x7f00000002c0)=""/153, 0x1000})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1039}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b)

09:23:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6900)
ftruncate(r0, 0x80)
lseek(r0, 0x101, 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r4, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r0, r4, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:51 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca", 0x24}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:51 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000540)=0x2000000000000074, 0x86a)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
ioctl$KDENABIO(0xffffffffffffffff, 0x4b36)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write(r0, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37)

09:23:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(0x0, 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:51 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x0, 0x2)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[  399.594926][T13763] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  399.605436][T13763] CPU: 1 PID: 13763 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  399.614168][T13763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  399.624225][T13763] Call Trace:
[  399.627627][T13763]  dump_stack+0x11d/0x181
[  399.632004][T13763]  dump_header+0xaa/0x39c
[  399.636361][T13763]  oom_kill_process.cold+0x10/0x15
[  399.641518][T13763]  out_of_memory+0x231/0xa60
[  399.646131][T13763]  mem_cgroup_out_of_memory+0x128/0x150
[  399.651787][T13763]  try_charge+0xb6c/0xbf0
[  399.656310][T13763]  mem_cgroup_try_charge+0xd2/0x260
[  399.661535][T13763]  mem_cgroup_try_charge_delay+0x3a/0x80
[  399.667239][T13763]  __handle_mm_fault+0x197f/0x2e00
[  399.672396][T13763]  handle_mm_fault+0x21b/0x530
[  399.677184][T13763]  __get_user_pages+0x485/0x1130
[  399.682205][T13763]  populate_vma_page_range+0xe6/0x100
[  399.687594][T13763]  __mm_populate+0x168/0x2a0
[  399.692285][T13763]  __x64_sys_mlockall+0x2e3/0x320
[  399.697326][T13763]  do_syscall_64+0xcc/0x3a0
[  399.701897][T13763]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  399.707795][T13763] RIP: 0033:0x45c449
[  399.711744][T13763] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  399.731464][T13763] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
09:23:51 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000540)=0x2000000000000074, 0x86a)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
ioctl$KDENABIO(0xffffffffffffffff, 0x4b36)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write(r0, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37)

09:23:51 executing program 3:
r0 = socket(0x11, 0x2, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a6f4d014", @ANYRES16=0x0, @ANYBLOB="000000000000000000000000000008000500ac1414aa080002000000000008000500ac1414aa0c000300000000000000000008000100", @ANYRES32=r1], 0x4}}, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0)

[  399.739966][T13763] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  399.748028][T13763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  399.756006][T13763] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  399.764095][T13763] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  399.772118][T13763] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  399.785413][T13763] memory: usage 307200kB, limit 307200kB, failcnt 1176
[  399.799088][T13763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  399.822478][T13763] Memory cgroup stats for /syz4:
[  399.822759][T13763] anon 309313536
[  399.822759][T13763] file 114688
[  399.822759][T13763] kernel_stack 442368
[  399.822759][T13763] slab 794624
[  399.822759][T13763] sock 0
[  399.822759][T13763] shmem 0
[  399.822759][T13763] file_mapped 0
[  399.822759][T13763] file_dirty 0
[  399.822759][T13763] file_writeback 0
[  399.822759][T13763] anon_thp 272629760
[  399.822759][T13763] inactive_anon 263507968
[  399.822759][T13763] active_anon 7434240
[  399.822759][T13763] inactive_file 0
[  399.822759][T13763] active_file 0
[  399.822759][T13763] unevictable 38600704
[  399.822759][T13763] slab_reclaimable 135168
[  399.822759][T13763] slab_unreclaimable 659456
[  399.822759][T13763] pgfault 66825
[  399.822759][T13763] pgmajfault 0
[  399.822759][T13763] workingset_refault 0
09:23:52 executing program 0:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/uinput\x00', 0x2, 0x0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)={0x1})
write$uinput_user_dev(r0, &(0x7f0000000ac0)={'syz0\x00', {}, 0x0, [], [0x0, 0x2]}, 0x45c)

[  399.822759][T13763] workingset_activate 0
[  399.822759][T13763] workingset_nodereclaim 0
[  399.822759][T13763] pgrefill 0
[  399.822759][T13763] pgscan 0
[  399.822759][T13763] pgsteal 0
[  399.822759][T13763] pgactivate 0
[  399.929280][T13763] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13734,uid=0
[  399.967179][T13763] Memory cgroup out of memory: Killed process 13734 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  399.995692][  T696] oom_reaper: reaped process 13734 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[  400.085649][T13781] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, and O_DIRECT support!
[  400.167799][T13781] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  400.177612][T13781] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  400.253115][T13781] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  400.305119][T13781] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=128, mo=e002c01c, mo2=0002]
[  400.313592][T13781] System zones: 0-7
[  400.318308][T13781] EXT4-fs (loop3): mounting with "discard" option, but the device does not support discard
[  400.328644][T13781] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  400.387110][T13763] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  400.397321][T13763] CPU: 0 PID: 13763 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  400.406057][T13763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  400.416111][T13763] Call Trace:
[  400.419454][T13763]  dump_stack+0x11d/0x181
[  400.423810][T13763]  dump_header+0xaa/0x39c
[  400.428163][T13763]  oom_kill_process.cold+0x10/0x15
[  400.433387][T13763]  out_of_memory+0x231/0xa60
[  400.438008][T13763]  mem_cgroup_out_of_memory+0x128/0x150
[  400.443583][T13763]  try_charge+0xb6c/0xbf0
[  400.447946][T13763]  mem_cgroup_try_charge+0xd2/0x260
[  400.453515][T13763]  mem_cgroup_try_charge_delay+0x3a/0x80
[  400.459173][T13763]  __handle_mm_fault+0x197f/0x2e00
[  400.464349][T13763]  handle_mm_fault+0x21b/0x530
[  400.469209][T13763]  __get_user_pages+0x485/0x1130
[  400.474155][T13763]  populate_vma_page_range+0xe6/0x100
[  400.479521][T13763]  __mm_populate+0x168/0x2a0
[  400.485926][T13763]  __x64_sys_mremap+0x5df/0x750
[  400.490787][T13763]  do_syscall_64+0xcc/0x3a0
[  400.495327][T13763]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  400.501386][T13763] RIP: 0033:0x45c449
[  400.505312][T13763] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  400.525028][T13763] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  400.533552][T13763] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  400.541743][T13763] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  400.549786][T13763] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  400.557760][T13763] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  400.567597][T13763] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  400.580574][T13763] memory: usage 307200kB, limit 307200kB, failcnt 1244
[  400.587808][T13763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  400.594656][T13763] Memory cgroup stats for /syz4:
[  400.594792][T13763] anon 309395456
[  400.594792][T13763] file 114688
[  400.594792][T13763] kernel_stack 442368
[  400.594792][T13763] slab 794624
[  400.594792][T13763] sock 0
[  400.594792][T13763] shmem 0
[  400.594792][T13763] file_mapped 0
[  400.594792][T13763] file_dirty 0
[  400.594792][T13763] file_writeback 0
[  400.594792][T13763] anon_thp 272629760
[  400.594792][T13763] inactive_anon 256278528
[  400.594792][T13763] active_anon 7434240
[  400.594792][T13763] inactive_file 0
[  400.594792][T13763] active_file 0
[  400.594792][T13763] unevictable 45621248
[  400.594792][T13763] slab_reclaimable 135168
[  400.594792][T13763] slab_unreclaimable 659456
[  400.594792][T13763] pgfault 68046
[  400.594792][T13763] pgmajfault 0
[  400.594792][T13763] workingset_refault 0
[  400.594792][T13763] workingset_activate 0
[  400.594792][T13763] workingset_nodereclaim 0
[  400.594792][T13763] pgrefill 0
[  400.594792][T13763] pgscan 0
[  400.594792][T13763] pgsteal 0
[  400.594792][T13763] pgactivate 0
[  400.692331][T13763] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13760,uid=0
[  400.708284][T13763] Memory cgroup out of memory: Killed process 13760 (syz-executor.4) total-vm:74828kB, anon-rss:12688kB, file-rss:55528kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  400.726654][  T696] oom_reaper: reaped process 13760 (syz-executor.4), now anon-rss:12680kB, file-rss:55520kB, shmem-rss:0kB
09:23:52 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:52 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(0x0, 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:52 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:52 executing program 0:
ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)}], 0x1}, 0x0)
sendmsg$alg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)

09:23:52 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca", 0x24}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:52 executing program 3:
r0 = socket(0x11, 0x2, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a6f4d014", @ANYRES16=0x0, @ANYBLOB="000000000000000000000000000008000500ac1414aa080002000000000008000500ac1414aa0c000300000000000000000008000100", @ANYRES32=r1], 0x4}}, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0)

09:23:53 executing program 0:
ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)}], 0x1}, 0x0)
sendmsg$alg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)

[  401.065558][T13805] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  401.094131][T13805] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  401.106419][T13805] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
09:23:53 executing program 0:
ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)}], 0x1}, 0x0)
sendmsg$alg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)

09:23:53 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:53 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(0x0, 0x0)
fcntl$setstatus(r1, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  401.160085][T13805] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=128, mo=e002c01c, mo2=0002]
[  401.187440][T13805] System zones: 0-7
[  401.204171][T13805] EXT4-fs (loop3): mounting with "discard" option, but the device does not support discard
[  401.223497][T13805] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  401.255228][T13818] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  401.278013][T13818] CPU: 1 PID: 13818 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  401.286721][T13818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  401.296791][T13818] Call Trace:
[  401.300187][T13818]  dump_stack+0x11d/0x181
[  401.304531][T13818]  dump_header+0xaa/0x39c
[  401.308914][T13818]  oom_kill_process.cold+0x10/0x15
[  401.314071][T13818]  out_of_memory+0x231/0xa60
[  401.318896][T13818]  mem_cgroup_out_of_memory+0x128/0x150
[  401.324507][T13818]  try_charge+0xb6c/0xbf0
[  401.328910][T13818]  mem_cgroup_try_charge+0xd2/0x260
[  401.334136][T13818]  mem_cgroup_try_charge_delay+0x3a/0x80
[  401.339801][T13818]  __handle_mm_fault+0x197f/0x2e00
[  401.344950][T13818]  handle_mm_fault+0x21b/0x530
[  401.349739][T13818]  __get_user_pages+0x485/0x1130
[  401.354709][T13818]  populate_vma_page_range+0xe6/0x100
[  401.360121][T13818]  __mm_populate+0x168/0x2a0
[  401.364747][T13818]  __x64_sys_mlockall+0x2e3/0x320
[  401.369794][T13818]  do_syscall_64+0xcc/0x3a0
[  401.374351][T13818]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  401.380357][T13818] RIP: 0033:0x45c449
[  401.384268][T13818] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
09:23:53 executing program 0:
pipe(&(0x7f0000000080))
perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200047ff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0)

[  401.403881][T13818] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  401.412303][T13818] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  401.420381][T13818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  401.428443][T13818] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  401.436426][T13818] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  401.444401][T13818] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  401.455628][T13818] memory: usage 307200kB, limit 307200kB, failcnt 1282
[  401.462800][T13818] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  401.471847][T13818] Memory cgroup stats for /syz4:
[  401.472040][T13818] anon 309391360
[  401.472040][T13818] file 114688
[  401.472040][T13818] kernel_stack 442368
[  401.472040][T13818] slab 794624
[  401.472040][T13818] sock 0
[  401.472040][T13818] shmem 0
[  401.472040][T13818] file_mapped 0
[  401.472040][T13818] file_dirty 0
[  401.472040][T13818] file_writeback 0
[  401.472040][T13818] anon_thp 272629760
[  401.472040][T13818] inactive_anon 263577600
[  401.472040][T13818] active_anon 7434240
[  401.472040][T13818] inactive_file 0
[  401.472040][T13818] active_file 0
[  401.472040][T13818] unevictable 38395904
[  401.472040][T13818] slab_reclaimable 135168
[  401.472040][T13818] slab_unreclaimable 659456
[  401.472040][T13818] pgfault 68871
[  401.472040][T13818] pgmajfault 0
[  401.472040][T13818] workingset_refault 0
[  401.472040][T13818] workingset_activate 0
[  401.472040][T13818] workingset_nodereclaim 0
09:23:53 executing program 0:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/uinput\x00', 0x2, 0x0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)={0x1})
write$uinput_user_dev(r0, &(0x7f0000000640)={'syz1\x00'}, 0x45c)
write$uinput_user_dev(r0, &(0x7f0000000ac0)={'syz0\x00', {}, 0x0, [], [0x0, 0x2]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)

[  401.472040][T13818] pgrefill 0
[  401.472040][T13818] pgscan 0
[  401.472040][T13818] pgsteal 0
[  401.472040][T13818] pgactivate 0
[  401.578969][T13818] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13794,uid=0
[  401.631911][T13818] Memory cgroup out of memory: Killed process 13794 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  401.688929][  T696] oom_reaper: reaped process 13794 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[  401.728959][T13840] input: syz0 as /devices/virtual/input/input9
[  401.804933][T13842] input: syz0 as /devices/virtual/input/input10
[  402.053949][T13818] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  402.064282][T13818] CPU: 1 PID: 13818 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  402.073022][T13818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  402.083145][T13818] Call Trace:
[  402.086462][T13818]  dump_stack+0x11d/0x181
[  402.090786][T13818]  dump_header+0xaa/0x39c
[  402.095127][T13818]  oom_kill_process.cold+0x10/0x15
[  402.100278][T13818]  out_of_memory+0x231/0xa60
[  402.104953][T13818]  mem_cgroup_out_of_memory+0x128/0x150
[  402.110591][T13818]  try_charge+0xb6c/0xbf0
[  402.114944][T13818]  mem_cgroup_try_charge+0xd2/0x260
[  402.120160][T13818]  mem_cgroup_try_charge_delay+0x3a/0x80
[  402.125791][T13818]  __handle_mm_fault+0x197f/0x2e00
[  402.130913][T13818]  handle_mm_fault+0x21b/0x530
[  402.135842][T13818]  __get_user_pages+0x485/0x1130
[  402.140783][T13818]  populate_vma_page_range+0xe6/0x100
[  402.146202][T13818]  __mm_populate+0x168/0x2a0
[  402.150787][T13818]  __x64_sys_mremap+0x5df/0x750
[  402.155718][T13818]  do_syscall_64+0xcc/0x3a0
[  402.160219][T13818]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  402.166142][T13818] RIP: 0033:0x45c449
[  402.170030][T13818] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  402.189740][T13818] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  402.198195][T13818] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  402.206149][T13818] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  402.214161][T13818] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  402.222135][T13818] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  402.230096][T13818] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  402.238717][T13818] memory: usage 307200kB, limit 307200kB, failcnt 1342
[  402.245568][T13818] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  402.252550][T13818] Memory cgroup stats for /syz4:
[  402.252675][T13818] anon 309260288
[  402.252675][T13818] file 114688
[  402.252675][T13818] kernel_stack 442368
[  402.252675][T13818] slab 794624
[  402.252675][T13818] sock 0
[  402.252675][T13818] shmem 0
[  402.252675][T13818] file_mapped 0
[  402.252675][T13818] file_dirty 0
[  402.252675][T13818] file_writeback 0
[  402.252675][T13818] anon_thp 272629760
[  402.252675][T13818] inactive_anon 256147456
[  402.252675][T13818] active_anon 7434240
[  402.252675][T13818] inactive_file 0
[  402.252675][T13818] active_file 0
[  402.252675][T13818] unevictable 45711360
[  402.252675][T13818] slab_reclaimable 135168
[  402.252675][T13818] slab_unreclaimable 659456
[  402.252675][T13818] pgfault 70125
[  402.252675][T13818] pgmajfault 0
[  402.252675][T13818] workingset_refault 0
[  402.252675][T13818] workingset_activate 0
[  402.252675][T13818] workingset_nodereclaim 0
[  402.252675][T13818] pgrefill 0
[  402.252675][T13818] pgscan 0
[  402.252675][T13818] pgsteal 0
[  402.252675][T13818] pgactivate 0
[  402.349416][T13818] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13815,uid=0
[  402.365072][T13818] Memory cgroup out of memory: Killed process 13815 (syz-executor.4) total-vm:74828kB, anon-rss:12688kB, file-rss:55528kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  402.383031][  T696] oom_reaper: reaped process 13815 (syz-executor.4), now anon-rss:12700kB, file-rss:56420kB, shmem-rss:0kB
09:23:54 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

09:23:54 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:54 executing program 3:
r0 = socket(0x11, 0x2, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a6f4d014", @ANYRES16=0x0, @ANYBLOB="000000000000000000000000000008000500ac1414aa080002000000000008000500ac1414aa0c000300000000000000000008000100", @ANYRES32=r1], 0x4}}, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0)

09:23:54 executing program 0:
personality(0x2200000)
syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010003b0e00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800e0001006970366772657461700000001400028006000e000200000008000100", @ANYRES32, @ANYBLOB="708c10a2ae805f7c8cc2f9e29dc2536065a900c9c0a6b0ce83f4bc687088bbcd2716a3c1c0aeeb790ebfffd8641c362807740a8f558125446852a1b0193709298a351c8e18b2371f1d19d79c2a7049d686e27d76e0"], 0x48}}, 0x0)

09:23:54 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff000000", 0x36}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:54 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:54 executing program 0:
personality(0x2200000)
syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010003b0e00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800e0001006970366772657461700000001400028006000e000200000008000100", @ANYRES32, @ANYBLOB="708c10a2ae805f7c8cc2f9e29dc2536065a900c9c0a6b0ce83f4bc687088bbcd2716a3c1c0aeeb790ebfffd8641c362807740a8f558125446852a1b0193709298a351c8e18b2371f1d19d79c2a7049d686e27d76e0"], 0x48}}, 0x0)

[  402.599093][T13856] batman_adv: Cannot find parent device
[  402.741864][T13863] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  402.755870][   T27] kauditd_printk_skb: 6 callbacks suppressed
[  402.755890][   T27] audit: type=1804 audit(1582277034.854:279): pid=13861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/157/file0/bus" dev="loop2" ino=64 res=1
[  402.790372][T13863] CPU: 1 PID: 13863 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  402.799389][T13863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  402.809523][T13863] Call Trace:
[  402.812833][T13863]  dump_stack+0x11d/0x181
[  402.817201][T13863]  dump_header+0xaa/0x39c
[  402.821556][T13863]  oom_kill_process.cold+0x10/0x15
[  402.826687][T13863]  out_of_memory+0x231/0xa60
[  402.831310][T13863]  mem_cgroup_out_of_memory+0x128/0x150
[  402.836889][T13863]  try_charge+0xb6c/0xbf0
[  402.841313][T13863]  mem_cgroup_try_charge+0xd2/0x260
[  402.846598][T13863]  mem_cgroup_try_charge_delay+0x3a/0x80
[  402.852253][T13863]  __handle_mm_fault+0x197f/0x2e00
[  402.857397][T13863]  handle_mm_fault+0x21b/0x530
[  402.862206][T13863]  __get_user_pages+0x485/0x1130
[  402.867176][T13863]  populate_vma_page_range+0xe6/0x100
[  402.872914][T13863]  __mm_populate+0x168/0x2a0
[  402.877512][T13863]  __x64_sys_mlockall+0x2e3/0x320
[  402.884412][T13863]  do_syscall_64+0xcc/0x3a0
[  402.888933][T13863]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  402.894822][T13863] RIP: 0033:0x45c449
[  402.898901][T13863] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  402.918528][T13863] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  402.926970][T13863] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  402.934952][T13863] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
09:23:55 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff000000", 0x36}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

[  402.942930][T13863] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  402.950907][T13863] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  402.958890][T13863] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
09:23:55 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
r3 = getpid()
sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:55 executing program 0:
syz_mount_image$xfs(&(0x7f00000001c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

[  403.002521][T13858] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  403.031412][   T27] audit: type=1804 audit(1582277035.074:280): pid=13972 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/157/file0/bus" dev="loop2" ino=64 res=1
[  403.057886][T13858] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  403.068195][T13858] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  403.089930][T13858] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=128, mo=e002c01c, mo2=0002]
[  403.103835][T13858] System zones: 0-7
[  403.113740][T13858] EXT4-fs (loop3): mounting with "discard" option, but the device does not support discard
09:23:55 executing program 0:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup3(r2, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000140)={0x4, 0x8}, 0x10)

[  403.157833][T13858] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  403.255769][T13863] memory: usage 307200kB, limit 307200kB, failcnt 1375
[  403.263986][T13863] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  403.275398][T13863] Memory cgroup stats for /syz4:
[  403.275628][T13863] anon 309272576
[  403.275628][T13863] file 114688
[  403.275628][T13863] kernel_stack 442368
[  403.275628][T13863] slab 794624
[  403.275628][T13863] sock 0
[  403.275628][T13863] shmem 0
[  403.275628][T13863] file_mapped 0
[  403.275628][T13863] file_dirty 0
[  403.275628][T13863] file_writeback 0
[  403.275628][T13863] anon_thp 272629760
[  403.275628][T13863] inactive_anon 263442432
[  403.275628][T13863] active_anon 7434240
[  403.275628][T13863] inactive_file 0
[  403.275628][T13863] active_file 0
[  403.275628][T13863] unevictable 38354944
[  403.275628][T13863] slab_reclaimable 135168
[  403.275628][T13863] slab_unreclaimable 659456
[  403.275628][T13863] pgfault 70917
[  403.275628][T13863] pgmajfault 0
[  403.275628][T13863] workingset_refault 0
[  403.275628][T13863] workingset_activate 0
[  403.275628][T13863] workingset_nodereclaim 0
[  403.275628][T13863] pgrefill 0
[  403.275628][T13863] pgscan 33
[  403.275628][T13863] pgsteal 0
[  403.275628][T13863] pgactivate 0
[  403.374267][T13863] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13849,uid=0
09:23:55 executing program 3:
r0 = socket(0x11, 0x2, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a6f4d014", @ANYRES16=0x0, @ANYBLOB="000000000000000000000000000008000500ac1414aa080002000000000008000500ac1414aa0c000300000000000000000008000100", @ANYRES32=r1], 0x4}}, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0)

[  403.389785][T13863] Memory cgroup out of memory: Killed process 13849 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
09:23:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  403.534355][  T986] attempt to access beyond end of device
[  403.542536][  T986] loop2: rw=1, want=78, limit=63
[  403.565435][  T986] buffer_io_error: 26 callbacks suppressed
[  403.565447][  T986] Buffer I/O error on dev loop2, logical block 77, lost async page write
[  403.584364][  T986] attempt to access beyond end of device
[  403.601119][  T986] loop2: rw=1, want=79, limit=63
[  403.606313][  T986] Buffer I/O error on dev loop2, logical block 78, lost async page write
[  403.616306][  T986] attempt to access beyond end of device
[  403.623484][  T986] loop2: rw=1, want=80, limit=63
[  403.630384][  T986] Buffer I/O error on dev loop2, logical block 79, lost async page write
[  403.639105][  T986] attempt to access beyond end of device
[  403.645042][  T986] loop2: rw=1, want=81, limit=63
[  403.650195][  T986] Buffer I/O error on dev loop2, logical block 80, lost async page write
[  403.658992][  T986] attempt to access beyond end of device
[  403.664976][  T986] loop2: rw=1, want=130, limit=63
[  403.670172][  T986] Buffer I/O error on dev loop2, logical block 129, lost async page write
[  403.688114][  T986] attempt to access beyond end of device
[  403.693837][  T986] loop2: rw=1, want=131, limit=63
[  403.699041][  T986] Buffer I/O error on dev loop2, logical block 130, lost async page write
[  403.709291][  T986] attempt to access beyond end of device
[  403.714999][  T986] loop2: rw=1, want=132, limit=63
[  403.720170][  T986] Buffer I/O error on dev loop2, logical block 131, lost async page write
[  403.733839][  T986] attempt to access beyond end of device
[  403.746186][  T986] loop2: rw=1, want=133, limit=63
[  403.755139][T13863] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  403.765707][  T986] Buffer I/O error on dev loop2, logical block 132, lost async page write
[  403.767759][T13994] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  403.774308][  T986] attempt to access beyond end of device
[  403.789887][T13863] CPU: 0 PID: 13863 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  403.798655][T13863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  403.808711][T13863] Call Trace:
[  403.812016][T13863]  dump_stack+0x11d/0x181
[  403.816392][T13863]  dump_header+0xaa/0x39c
[  403.816918][T13994] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  403.820790][T13863]  oom_kill_process.cold+0x10/0x15
[  403.820817][T13863]  out_of_memory+0x231/0xa60
[  403.820913][T13863]  mem_cgroup_out_of_memory+0x128/0x150
[  403.820957][T13863]  try_charge+0xb6c/0xbf0
[  403.834506][T13994] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  403.835920][T13863]  mem_cgroup_try_charge+0xd2/0x260
[  403.835952][T13863]  mem_cgroup_try_charge_delay+0x3a/0x80
[  403.835983][T13863]  __handle_mm_fault+0x197f/0x2e00
[  403.872259][T13994] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=128, mo=e002c01c, mo2=0002]
[  403.876336][T13863]  handle_mm_fault+0x21b/0x530
[  403.889223][T13863]  __get_user_pages+0x485/0x1130
[  403.894204][T13863]  populate_vma_page_range+0xe6/0x100
[  403.895342][T13994] System zones: 0-7
[  403.899600][T13863]  __mm_populate+0x168/0x2a0
[  403.899631][T13863]  __x64_sys_mremap+0x5df/0x750
[  403.899668][T13863]  do_syscall_64+0xcc/0x3a0
[  403.917387][T13863]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  403.919038][T13994] EXT4-fs (loop3): mounting with "discard" option, but the device does not support discard
[  403.923284][T13863] RIP: 0033:0x45c449
[  403.923308][T13863] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  403.923316][T13863] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  403.936589][T13994] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  403.937262][T13863] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  403.982371][T13863] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  403.990487][T13863] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  403.999855][T13863] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  404.007838][T13863] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  404.021992][  T986] loop2: rw=1, want=150, limit=63
[  404.027143][  T986] Buffer I/O error on dev loop2, logical block 149, lost async page write
[  404.035866][  T986] attempt to access beyond end of device
[  404.042799][  T986] loop2: rw=1, want=151, limit=63
[  404.047905][  T986] Buffer I/O error on dev loop2, logical block 150, lost async page write
[  404.056579][  T986] attempt to access beyond end of device
[  404.068919][  T986] loop2: rw=1, want=152, limit=63
[  404.073990][  T986] attempt to access beyond end of device
[  404.087756][  T986] loop2: rw=1, want=153, limit=63
[  404.101082][  T986] attempt to access beyond end of device
[  404.106748][  T986] loop2: rw=1, want=1930, limit=63
[  404.123535][T13863] memory: usage 307168kB, limit 307200kB, failcnt 1407
[  404.133240][T13863] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  404.140580][T13863] Memory cgroup stats for /syz4:
[  404.140842][T13863] anon 309284864
[  404.140842][T13863] file 114688
[  404.140842][T13863] kernel_stack 442368
[  404.140842][T13863] slab 794624
[  404.140842][T13863] sock 0
[  404.140842][T13863] shmem 0
[  404.140842][T13863] file_mapped 0
[  404.140842][T13863] file_dirty 0
[  404.140842][T13863] file_writeback 0
[  404.140842][T13863] anon_thp 272629760
[  404.140842][T13863] inactive_anon 256270336
[  404.140842][T13863] active_anon 7434240
[  404.140842][T13863] inactive_file 0
[  404.140842][T13863] active_file 0
[  404.140842][T13863] unevictable 45580288
[  404.140842][T13863] slab_reclaimable 135168
[  404.140842][T13863] slab_unreclaimable 659456
[  404.140842][T13863] pgfault 72171
[  404.140842][T13863] pgmajfault 0
[  404.140842][T13863] workingset_refault 0
[  404.140842][T13863] workingset_activate 0
[  404.140842][T13863] workingset_nodereclaim 0
[  404.140842][T13863] pgrefill 0
[  404.140842][T13863] pgscan 33
[  404.140842][T13863] pgsteal 0
[  404.140842][T13863] pgactivate 0
[  404.238088][T13863] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13860,uid=0
[  404.253776][T13863] Memory cgroup out of memory: Killed process 13863 (syz-executor.4) total-vm:74828kB, anon-rss:12708kB, file-rss:56428kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  404.271775][  T696] oom_reaper: reaped process 13863 (syz-executor.4), now anon-rss:12752kB, file-rss:56420kB, shmem-rss:0kB
[  404.397515][   T27] audit: type=1804 audit(1582277036.494:281): pid=14007 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/158/file0/bus" dev="loop2" ino=65 res=1
[  404.452863][   T27] audit: type=1804 audit(1582277036.554:282): pid=14012 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/158/file0/bus" dev="loop2" ino=65 res=1
09:23:56 executing program 4:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x400000, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000}, 0x0, 0x0, 0x0, 0x67faf42d5e4f3ace}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x102)
fcntl$setstatus(r0, 0x4, 0x2000)

09:23:56 executing program 0:

09:23:56 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
accept4$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x0, 0x0, @empty}, 0x0, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r2 = getpid()
sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

09:23:56 executing program 1:
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff000000", 0x36}], 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x20000, 0x1000}, 0x18)
r2 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000080)=0x2, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x3a8, 0x0, 0x0, 0x0, 0xffffff10, 0xa}}], 0x400000000000002, 0x0, 0x0)

09:23:56 executing program 3:
r0 = socket(0x11, 0x2, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a6f4d014", @ANYRES16=0x0, @ANYBLOB="000000000000000000000000000008000500ac1414aa080002000000000008000500ac1414aa0c000300000000000000000008000100", @ANYRES32=r1], 0x4}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0)

09:23:56 executing program 0:

09:23:56 executing program 0:

[  404.760142][T14020] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  404.796057][T14020] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
09:23:56 executing program 5:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000b40)=ANY=[], 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f08040403400900ff010000400001000073c68c69002300b6674c28838e4a8100000000009d0cc9ffaf8acaa1abab974c00010000f35910074a0000000dfe80000006000000000000e89ce6a200f90000bb40000000a59fb1b350f3bdd1545b0000006bcad0964e69f9efa5c7cea88b044343f72ad8a58202df5af7b06e0904000000000000006f0a65519254231b5ed89132d5419fdc7859226d9f81d6d209538f3afac20dd3a400a3d72afabf79b342189fe6c8cc17a61bb664e501cb6a98038fde00000000eae0247d92dfde8b0da6bb67c20340d76e98d336d8f16552b2844e2bdd477ab5e5f1067f85020060ba03f9e99e507397cfaea9fafabf016288de11ec3589e1a0f55778aa90b6360bc0a991a247841c84a86fda851f1349e170f56459fa25c4cef17ee95ec903d8b9ffdc21a18b2896f0fb278b49cd1ed02c58f8436b56901eef6b7ac3dd716ecf477803499b1ecf8fa96894ecc33af01cc2f5f0b090880fb9f28459615fe061ac0000"], 0x48)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r2 = getpid()
sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42})

[  404.824871][T14024] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  404.837993][T14020] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  404.894560][T14020] EXT4-fs error (device loop3): ext4_fill_super:4532: inode #2: comm syz-executor.3: iget: root inode unallocated
[  404.907385][T14024] CPU: 0 PID: 14024 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  404.916264][T14024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  404.926360][T14024] Call Trace:
[  404.929664][T14024]  dump_stack+0x11d/0x181
[  404.934015][T14024]  dump_header+0xaa/0x39c
[  404.938372][T14024]  oom_kill_process.cold+0x10/0x15
[  404.943764][T14024]  out_of_memory+0x231/0xa60
[  404.948379][T14024]  mem_cgroup_out_of_memory+0x128/0x150
[  404.953946][T14024]  try_charge+0xb6c/0xbf0
[  404.958425][T14024]  mem_cgroup_try_charge+0xd2/0x260
[  404.963660][T14024]  mem_cgroup_try_charge_delay+0x3a/0x80
[  404.969313][T14024]  __handle_mm_fault+0x197f/0x2e00
[  404.974465][T14024]  handle_mm_fault+0x21b/0x530
[  404.979256][T14024]  __get_user_pages+0x485/0x1130
[  404.984232][T14024]  populate_vma_page_range+0xe6/0x100
[  404.989626][T14024]  __mm_populate+0x168/0x2a0
[  404.994277][T14024]  __x64_sys_mlockall+0x2e3/0x320
[  404.999325][T14024]  do_syscall_64+0xcc/0x3a0
[  405.003850][T14024]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  405.009761][T14024] RIP: 0033:0x45c449
[  405.013674][T14024] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  405.033322][T14024] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
09:23:57 executing program 0:

09:23:57 executing program 0:

[  405.041893][T14024] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  405.049889][T14024] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  405.057942][T14024] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[  405.065925][T14024] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  405.073903][T14024] R13: 0000000000000736 R14: 00000000004c9b56 R15: 000000000076bf2c
[  405.085640][T14020] EXT4-fs (loop3): get root inode failed
[  405.086578][T14024] memory: usage 307200kB, limit 307200kB, failcnt 1443
[  405.096175][T14020] EXT4-fs (loop3): mount failed
[  405.098740][T14024] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  405.111308][T14024] Memory cgroup stats for /syz4:
[  405.111457][T14024] anon 309354496
[  405.111457][T14024] file 114688
[  405.111457][T14024] kernel_stack 442368
[  405.111457][T14024] slab 794624
[  405.111457][T14024] sock 0
[  405.111457][T14024] shmem 0
[  405.111457][T14024] file_mapped 0
[  405.111457][T14024] file_dirty 0
[  405.111457][T14024] file_writeback 0
[  405.111457][T14024] anon_thp 272629760
[  405.111457][T14024] inactive_anon 263413760
[  405.111457][T14024] active_anon 7434240
[  405.111457][T14024] inactive_file 0
[  405.111457][T14024] active_file 0
[  405.111457][T14024] unevictable 38420480
[  405.111457][T14024] slab_reclaimable 135168
[  405.111457][T14024] slab_unreclaimable 659456
[  405.111457][T14024] pgfault 72963
[  405.111457][T14024] pgmajfault 0
[  405.111457][T14024] workingset_refault 0
[  405.111457][T14024] workingset_activate 0
[  405.111457][T14024] workingset_nodereclaim 0
[  405.111457][T14024] pgrefill 0
[  405.111457][T14024] pgscan 33
[  405.111457][T14024] pgsteal 0
[  405.111457][T14024] pgactivate 0
[  405.209524][T14024] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13997,uid=0
[  405.225613][T14024] Memory cgroup out of memory: Killed process 13997 (syz-executor.4) total-vm:74836kB, anon-rss:18264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
09:23:57 executing program 0:

[  405.249664][  T696] oom_reaper: reaped process 13997 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
09:23:57 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6900)
ftruncate(r1, 0x80)
lseek(r1, 0x101, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x8400fffffffa)
open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0)
sendfile(r1, r5, 0x0, 0xffffffff)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000300)={0x0, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}}, 0x108)

[  405.424677][   T43] attempt to access beyond end of device
[  405.447849][   T43] loop2: rw=1, want=78, limit=63
[  405.458431][   T43] attempt to access beyond end of device
[  405.486127][   T43] loop2: rw=1, want=79, limit=63
[  405.496823][   T43] attempt to access beyond end of device
[  405.537764][   T43] loop2: rw=1, want=80, limit=63
[  405.542779][   T43] attempt to access beyond end of device
[  405.549662][   T43] loop2: rw=1, want=81, limit=63
[  405.554636][   T43] attempt to access beyond end of device
[  405.561434][   T43] loop2: rw=1, want=130, limit=63
[  405.566484][   T43] attempt to access beyond end of device
[  405.573018][   T43] loop2: rw=1, want=131, limit=63
[  405.578326][   T43] attempt to access beyond end of device
[  405.583963][   T43] loop2: rw=1, want=132, limit=63
[  405.589317][   T43] attempt to access beyond end of device
[  405.594980][   T43] loop2: rw=1, want=133, limit=63
[  405.599759][T14024] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  405.600493][   T43] attempt to access beyond end of device
[  405.612680][T14024] CPU: 1 PID: 14024 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0
[  405.616419][   T43] loop2: rw=1, want=142, limit=63
[  405.624579][T14024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  405.624585][T14024] Call Trace:
[  405.624669][T14024]  dump_stack+0x11d/0x181
[  405.624696][T14024]  dump_header+0xaa/0x39c
[  405.624722][T14024]  oom_kill_process.cold+0x10/0x15
[  405.624749][T14024]  out_of_memory+0x231/0xa60
[  405.630212][   T43] attempt to access beyond end of device
[  405.639836][T14024]  mem_cgroup_out_of_memory+0x128/0x150
[  405.639868][T14024]  try_charge+0xb6c/0xbf0
[  405.643789][   T43] loop2: rw=1, want=143, limit=63
[  405.647584][T14024]  mem_cgroup_try_charge+0xd2/0x260
[  405.652183][   T43] attempt to access beyond end of device
[  405.657041][T14024]  mem_cgroup_try_charge_delay+0x3a/0x80
[  405.657073][T14024]  __handle_mm_fault+0x197f/0x2e00
[  405.662119][   T43] loop2: rw=1, want=144, limit=63
[  405.667526][T14024]  handle_mm_fault+0x21b/0x530
[  405.673449][   T43] attempt to access beyond end of device
[  405.677323][T14024]  __get_user_pages+0x485/0x1130
[  405.682760][   T43] loop2: rw=1, want=145, limit=63
[  405.687567][T14024]  populate_vma_page_range+0xe6/0x100
[  405.697786][   T43] attempt to access beyond end of device
[  405.698864][T14024]  __mm_populate+0x168/0x2a0
[  405.703948][   T43] loop2: rw=1, want=2329, limit=63
[  405.709634][   T43] attempt to access beyond end of device
[  405.713974][T14024]  __x64_sys_mremap+0x5df/0x750
[  405.719521][   T43] loop2: rw=1, want=4296, limit=63
[  405.724485][T14024]  do_syscall_64+0xcc/0x3a0
[  405.724516][T14024]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  405.776272][T14024] RIP: 0033:0x45c449
[  405.780196][T14024] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  405.799827][T14024] RSP: 002b:00007fe39e030c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  405.808364][T14024] RAX: ffffffffffffffda RBX: 00007fe39e0316d4 RCX: 000000000045c449
[  405.816354][T14024] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000
[  405.824349][T14024] RBP: 000000000076bf20 R08: 0000000020130000 R09: 0000000000000000
[  405.832396][T14024] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000ffffffff
[  405.840473][T14024] R13: 000000000000075f R14: 00000000004c9d6c R15: 000000000076bf2c
[  405.854017][T14024] memory: usage 307080kB, limit 307200kB, failcnt 1456
[  405.860944][T14024] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  405.870706][T14024] Memory cgroup stats for /syz4:
[  405.870866][T14024] anon 309059584
[  405.870866][T14024] file 114688
[  405.870866][T14024] kernel_stack 442368
[  405.870866][T14024] slab 794624
[  405.870866][T14024] sock 0
[  405.870866][T14024] shmem 0
[  405.870866][T14024] file_mapped 0
[  405.870866][T14024] file_dirty 0
[  405.870866][T14024] file_writeback 0
[  405.870866][T14024] anon_thp 272629760
[  405.870866][T14024] inactive_anon 256278528
[  405.870866][T14024] active_anon 7434240
[  405.870866][T14024] inactive_file 0
[  405.870866][T14024] active_file 0
[  405.870866][T14024] unevictable 45445120
[  405.870866][T14024] slab_reclaimable 135168
[  405.870866][T14024] slab_unreclaimable 659456
[  405.870866][T14024] pgfault 74184
[  405.870866][T14024] pgmajfault 0
[  405.870866][T14024] workingset_refault 0
[  405.870866][T14024] workingset_activate 0
[  405.870866][T14024] workingset_nodereclaim 0
[  405.870866][T14024] pgrefill 0
[  405.870866][T14024] pgscan 33
[  405.870866][T14024] pgsteal 0
[  405.870866][T14024] pgactivate 0
[  405.970555][T14024] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=14022,uid=0
[  405.986337][T14024] Memory cgroup out of memory: Killed process 14022 (syz-executor.4) total-vm:74828kB, anon-rss:12424kB, file-rss:55528kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  406.006949][  T696] oom_reaper: reaped process 14022 (syz-executor.4), now anon-rss:12620kB, file-rss:56420kB, shmem-rss:0kB
[  406.060511][   T27] audit: type=1804 audit(1582277038.164:283): pid=14045 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/159/file0/bus" dev="loop2" ino=66 res=1
[  406.113954][T14048] ==================================================================
[  406.122098][T14048] BUG: KCSAN: data-race in generic_file_read_iter / generic_file_read_iter
[  406.130680][T14048] 
[  406.133028][T14048] write to 0xffff8880859f5ab0 of 8 bytes by task 14045 on cpu 1:
[  406.140759][T14048]  generic_file_read_iter+0xaf8/0x1440
[  406.146226][T14048]  generic_file_splice_read+0x35c/0x500
[  406.151777][T14048]  do_splice_to+0xf2/0x130
[  406.156211][T14048]  splice_direct_to_actor+0x1b6/0x540
[  406.161603][T14048]  do_splice_direct+0x161/0x1e0
[  406.166465][T14048]  do_sendfile+0x384/0x7f0
[  406.170891][T14048]  __x64_sys_sendfile64+0x12a/0x140
[  406.176102][T14048]  do_syscall_64+0xcc/0x3a0
[  406.180613][T14048]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  406.186494][T14048] 
[  406.188825][T14048] read to 0xffff8880859f5ab0 of 8 bytes by task 14048 on cpu 0:
[  406.196452][T14048]  generic_file_read_iter+0x360/0x1440
[  406.201910][T14048]  generic_file_splice_read+0x35c/0x500
[  406.208344][T14048]  do_splice_to+0xf2/0x130
[  406.212764][T14048]  splice_direct_to_actor+0x1b6/0x540
[  406.218146][T14048]  do_splice_direct+0x161/0x1e0
[  406.223005][T14048]  do_sendfile+0x384/0x7f0
[  406.227429][T14048]  __x64_sys_sendfile64+0x12a/0x140
[  406.232641][T14048]  do_syscall_64+0xcc/0x3a0
[  406.237155][T14048]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  406.243039][T14048] 
[  406.245358][T14048] Reported by Kernel Concurrency Sanitizer on:
[  406.251624][T14048] CPU: 0 PID: 14048 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0
[  406.260289][T14048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  406.270341][T14048] ==================================================================
[  406.278429][T14048] Kernel panic - not syncing: panic_on_warn set ...
[  406.285034][T14048] CPU: 0 PID: 14048 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0
[  406.293697][T14048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  406.303856][T14048] Call Trace:
[  406.307169][T14048]  dump_stack+0x11d/0x181
[  406.311515][T14048]  panic+0x210/0x640
[  406.315434][T14048]  ? vprintk_func+0x8d/0x140
[  406.320046][T14048]  kcsan_report.cold+0xc/0x1a
[  406.325018][T14048]  kcsan_setup_watchpoint+0x3a3/0x3e0
[  406.327905][   T27] audit: type=1804 audit(1582277038.214:284): pid=14048 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir044562104/syzkaller.8qHxhe/159/file0/bus" dev="loop2" ino=66 res=1
[  406.330420][T14048]  __tsan_read8+0xc6/0x100
[  406.360074][T14048]  generic_file_read_iter+0x360/0x1440
[  406.365573][T14048]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  406.371845][T14048]  ? iov_iter_pipe+0xfa/0x120
[  406.376543][T14048]  generic_file_splice_read+0x35c/0x500
[  406.382122][T14048]  do_splice_to+0xf2/0x130
[  406.386547][T14048]  ? add_to_pipe+0x1c0/0x1c0
[  406.391141][T14048]  ? add_to_pipe+0x1c0/0x1c0
[  406.395762][T14048]  splice_direct_to_actor+0x1b6/0x540
[  406.401147][T14048]  ? generic_pipe_buf_nosteal+0x20/0x20
[  406.406717][T14048]  do_splice_direct+0x161/0x1e0
[  406.411595][T14048]  do_sendfile+0x384/0x7f0
[  406.416053][T14048]  __x64_sys_sendfile64+0x12a/0x140
[  406.421295][T14048]  do_syscall_64+0xcc/0x3a0
[  406.425926][T14048]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  406.431827][T14048] RIP: 0033:0x45c449
[  406.435738][T14048] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  406.455349][T14048] RSP: 002b:00007f3fe9706c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  406.463771][T14048] RAX: ffffffffffffffda RBX: 00007f3fe97076d4 RCX: 000000000045c449
[  406.471752][T14048] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000004
[  406.479731][T14048] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[  406.487819][T14048] R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000ffffffff
[  406.495889][T14048] R13: 00000000000008d0 R14: 00000000004cb335 R15: 000000000076bfcc
[  406.505302][T14048] Kernel Offset: disabled
[  406.509746][T14048] Rebooting in 86400 seconds..