[info] Using makefile-style concurrent boot in runlevel 2. [ 26.546780] audit: type=1800 audit(1545647232.589:21): pid=5856 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.586820] sshd (5993) used greatest stack depth: 15728 bytes left Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts. 2018/12/24 10:27:24 fuzzer started 2018/12/24 10:27:26 dialing manager at 10.128.0.26:34681 [ 40.624880] ld (6018) used greatest stack depth: 15200 bytes left 2018/12/24 10:27:26 syscalls: 1 2018/12/24 10:27:26 code coverage: enabled 2018/12/24 10:27:26 comparison tracing: enabled 2018/12/24 10:27:26 setuid sandbox: enabled 2018/12/24 10:27:26 namespace sandbox: enabled 2018/12/24 10:27:26 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 10:27:26 fault injection: enabled 2018/12/24 10:27:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 10:27:26 net packet injection: enabled 2018/12/24 10:27:26 net device setup: enabled 10:29:43 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x0, 0x102, 0x1, 0x0, 0x0, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400, 0x0, 0x1}, 0x20) [ 177.831828] IPVS: ftp: loaded support on port[0] = 21 10:29:44 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r0) write$P9_RSTATu(r2, 0x0, 0x0) epoll_create1(0x0) pipe(&(0x7f0000000180)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) [ 178.064034] IPVS: ftp: loaded support on port[0] = 21 10:29:44 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x10}) ioctl$void(r0, 0xc0045c78) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, 0x7ffffffc, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0xe19}) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000300)={0x0, @time={0x0, 0x989680}, 0x6, {0x5, 0x5}, 0x6}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x6, 0x6}, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f00000003c0)={&(0x7f000066b000/0x1000)=nil, 0x1000}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) userfaultfd(0x80000) open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) close(0xffffffffffffffff) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) [ 178.431477] IPVS: ftp: loaded support on port[0] = 21 10:29:44 executing program 3: r0 = accept(0xffffffffffffff9c, 0x0, 0x0) ioctl$int_out(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x5c832, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @dev}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0xfffffc8f) splice(r1, 0x0, r4, 0x0, 0x100000000000a, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f00000001c0)=0x4, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000080)={0x0, 0xfa1e, 0x0, 0x5, 0x80000000}, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 178.870858] IPVS: ftp: loaded support on port[0] = 21 10:29:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) syz_open_procfs(0x0, &(0x7f0000000300)='net/sockstat\x00\x03aN\x06S\x1c\x13x\xe1\x83\x86\xcaG\xeb\x84!+\xbai\xffbbO5-\x0eF\xbd7\xdc\x1f\xe6\xf4$q \x96cKH`\xca\xf5\x14{dF\xcf\xc4\x8d{\xbft\xb6\x11(\x8b\v\xa0\xbc\x9ak\xbf\xad1\x9d\xc0\xd2\x11W\xf9G\b!\xd4\xcbq\x8d\x9d\xf5\xd3\x12\xe6\x82}U\x8a\t\xd8\xc0\x87s\x02q\xe4\xe07h\xca?\x1d\x00\xe9\xe4\xf3h\x96@i q&\x0e?\x1a>\x9a\xd3\xec\x84=:sK\xe2Qnj\xdc\xb5\x00\xd9\xd5\x9d\xd4\x8d\xd1O\xf68\xees\xd4;d\xa4\xfd\xea-\x8e\xa5\xb4O\xd4\xe9\xfd\xc0 ~\xd92k\xf6\x18\xab:c\xab\xe3\a\xf6\x04?\xc67\xcf\xda4\aN\xcd\r\a\bZ\xf35\x8b\x82\x92\xf7') close(r1) [ 179.209342] IPVS: ftp: loaded support on port[0] = 21 10:29:45 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000000)=""/123) [ 179.677109] IPVS: ftp: loaded support on port[0] = 21 [ 179.825395] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.835070] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.843147] device bridge_slave_0 entered promiscuous mode [ 179.923876] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.943656] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.968777] device bridge_slave_1 entered promiscuous mode [ 180.161461] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.298106] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.305285] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.313178] device bridge_slave_0 entered promiscuous mode [ 180.344241] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.472746] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.490628] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.498236] device bridge_slave_1 entered promiscuous mode [ 180.609669] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.653005] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.679862] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.687351] device bridge_slave_0 entered promiscuous mode [ 180.749721] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.826738] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.849214] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.856855] device bridge_slave_1 entered promiscuous mode [ 180.908440] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.009187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.031691] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.127305] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.140304] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.179912] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.186888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.255723] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.267991] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.287013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.438242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.449419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.520803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.530027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.564871] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.585211] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.612479] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.635728] device bridge_slave_0 entered promiscuous mode [ 181.661416] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.695964] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.725925] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.741029] device bridge_slave_0 entered promiscuous mode [ 181.761383] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.767823] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.788529] device bridge_slave_1 entered promiscuous mode [ 181.801352] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.838036] team0: Port device team_slave_0 added [ 181.865999] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.872513] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.890281] device bridge_slave_1 entered promiscuous mode [ 181.901259] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.952619] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.969998] team0: Port device team_slave_0 added [ 182.023628] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.075404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.083640] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.093818] team0: Port device team_slave_1 added [ 182.149468] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.156879] team0: Port device team_slave_1 added [ 182.193292] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.207858] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.221692] device bridge_slave_0 entered promiscuous mode [ 182.252587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.267502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.299907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.308261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.364080] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.370646] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.377559] device bridge_slave_1 entered promiscuous mode [ 182.386541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.396548] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.414570] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.431136] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.448481] team0: Port device team_slave_0 added [ 182.456938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.469909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.498391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.512856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.523741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.534747] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.547988] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.572398] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.583112] team0: Port device team_slave_1 added [ 182.590043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.615563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.653191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.673128] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.687415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.703788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.720200] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.739518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.747100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.780106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.802376] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.834470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.850041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.871963] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.885700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.899909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.926563] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.937725] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.030068] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.037506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.049784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.095019] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.126283] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.171143] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.179697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.216333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.252293] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.285119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.295640] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.336674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.359654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.412179] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.429237] team0: Port device team_slave_0 added [ 183.444803] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.471185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.564064] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.579969] team0: Port device team_slave_1 added [ 183.608715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.630103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.694009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.701017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.708889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.752409] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.760171] team0: Port device team_slave_0 added [ 183.789545] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.913997] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.927953] team0: Port device team_slave_1 added [ 183.940029] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.948038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.958844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.092445] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.106331] team0: Port device team_slave_0 added [ 184.118524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.129787] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.149910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.190250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.268260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.280469] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.287893] team0: Port device team_slave_1 added [ 184.331718] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.339678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.349879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.392844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.438106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.470534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.489286] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.501975] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.508455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.515530] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.521925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.552034] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.579092] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.587087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.633405] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.651858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.661860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.703758] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.710243] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.716937] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.723376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.736790] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.751733] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.758138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.764858] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.771350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.790374] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.799772] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.808813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.839286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.970719] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.977873] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.995027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.277510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.296086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.313353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.879084] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.885521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.892288] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.899297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.931324] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.950532] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.956905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.963622] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.970057] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.978656] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.299802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.307104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.488509] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.494984] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.501795] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.508207] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.542248] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.369721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.729225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.901394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.042204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.207571] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.413218] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.593185] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.677561] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.686302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.701797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.926093] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.938739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.954356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.010636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.100112] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.106324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.117862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.167102] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.212490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.452432] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.559296] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.575320] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.602091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.684304] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.910464] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.916636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.939479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.053695] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.198505] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.239209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.249777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.442015] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.576794] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.583426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.619540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.660848] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.010221] 8021q: adding VLAN 0 to HW filter on device team0 10:30:00 executing program 0: mknod$loop(0x0, 0x0, 0xffffffffffffffff) chmod(0x0, 0x20) r0 = open(0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x101) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_elf64(r0, 0x0, 0xfffffffffffffc71) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, 0x0) chmod(&(0x7f0000000dc0)='./file0\x00', 0x88) write$binfmt_elf64(r1, 0x0, 0x0) getpeername$unix(r0, &(0x7f00000019c0), 0x0) accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000001b40)) [ 194.584275] hrtimer: interrupt took 35486 ns 10:30:00 executing program 0: r0 = socket$inet6(0x10, 0x1000000000000003, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) setrlimit(0x0, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="550000001e007f5300fe01b2a4a20006000000a8430891000000080009000a000c0000dc9b131338090000009b84136ef75afb83de448daa7227c43ab8221000060cec4fab91d40000000000000000000000009535", 0x55}], 0x1}, 0x0) [ 194.642438] kauditd_printk_skb: 9 callbacks suppressed [ 194.642451] audit: type=1800 audit(1545647400.689:31): pid=7519 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor2" name="file0" dev="sda1" ino=16528 res=0 [ 194.868255] netlink: 33 bytes leftover after parsing attributes in process `syz-executor0'. [ 194.882782] netlink: 33 bytes leftover after parsing attributes in process `syz-executor0'. 10:30:00 executing program 1: semget$private(0x0, 0x7, 0x0) 10:30:01 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x10}) ioctl$void(r0, 0xc0045c78) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, 0x7ffffffc, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0xe19}) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000300)={0x0, @time={0x0, 0x989680}, 0x6, {0x5, 0x5}, 0x6}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x6, 0x6}, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f00000003c0)={&(0x7f000066b000/0x1000)=nil, 0x1000}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) userfaultfd(0x80000) open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) close(0xffffffffffffffff) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 10:30:01 executing program 0: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x930xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_create(0x0, 0x0, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x1, &(0x7f0000000240)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000280)) 10:30:02 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x44000) io_setup(0x7, &(0x7f0000000040)=0x0) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141442, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x200000f, 0x11, r3, 0x0) truncate(&(0x7f0000000140)='./bus\x00', 0x10000d9) recvmmsg(0xffffffffffffffff, &(0x7f0000004300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:02 executing program 1: msgctl$IPC_STAT(0x0, 0x2, &(0x7f0000000000)=""/152) 10:30:02 executing program 2: syz_emit_ethernet(0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6093a74500100000fe800000000000000000000000005698995062a89700aaff0200000000000000000000000000010000cea0d5c20000c9"], 0x0) 10:30:02 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) close(r0) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)) setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000040), &(0x7f00000000c0)=0x10) 10:30:02 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ion\x00', 0x0, 0x0) 10:30:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x2}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(r0) 10:30:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udplite6\x00') dup2(0xffffffffffffffff, 0xffffffffffffffff) sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) keyctl$setperm(0x5, 0x0, 0x0) 10:30:02 executing program 1: r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file1\x00') write$FUSE_ENTRY(r0, 0x0, 0x0) 10:30:02 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000180)) 10:30:02 executing program 0: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, 0x0) 10:30:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/current\x00', 0x2, 0x0) write$smack_current(r0, 0x0, 0x0) 10:30:02 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) r1 = dup(r0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000140)={0x78}, 0x78) write$FUSE_ATTR(r1, &(0x7f0000000300)={0x78}, 0x78) [ 196.262956] Unknown ioctl -1069018509 10:30:02 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) close(r0) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0) write$P9_RSETATTR(r0, &(0x7f00000000c0)={0x7}, 0x7) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)) setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x6, 0x4) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) 10:30:02 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) r1 = dup(r0) read(r1, 0x0, 0x33) setsockopt$inet_opts(r1, 0x0, 0x0, &(0x7f0000000000)="7483bc5640da", 0x6) 10:30:02 executing program 4: r0 = socket$kcm(0xa, 0x522000000003, 0x11) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x6}, 0x20) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000300), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/103, 0x67}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x2a, &(0x7f0000000000), 0x1}, 0x0) 10:30:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udplite6\x00') dup2(0xffffffffffffffff, 0xffffffffffffffff) sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) keyctl$setperm(0x5, 0x0, 0x0) [ 196.424983] syz-executor3 (7636) used greatest stack depth: 10888 bytes left 10:30:02 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1ffffd, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 10:30:02 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) r1 = dup(r0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000140)={0x78}, 0x78) write$FUSE_ATTR(r1, &(0x7f0000000300)={0x78}, 0x78) 10:30:02 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) [ 196.633146] bond0: enslaved VLAN challenged slave lo. Adding VLANs will be blocked as long as lo is part of bond bond0 [ 196.660814] bond0: lo is up - this may be due to an out of date ifenslave [ 196.680218] bond0: enslaved VLAN challenged slave lo. Adding VLANs will be blocked as long as lo is part of bond bond0 [ 196.717953] bond0: lo is up - this may be due to an out of date ifenslave 10:30:02 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xffffffffffffff5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:30:02 executing program 2: recvmmsg(0xffffffffffffff9c, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000000f80)=""/197, 0xc5}], 0x1, 0x0, 0x0, 0x7fffffff}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='cmdline\x00') preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x0) 10:30:02 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/packet\x00') mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x8) pipe2(0x0, 0x0) getuid() getuid() mount$9p_tcp(0x0, 0x0, 0x0, 0x0, 0x0) r1 = gettid() mkdirat(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ptrace$setsig(0x4203, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001640)={0xffffffffffffffff}) timer_create(0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000140)=""/73, 0x49}], 0x1}}], 0x1, 0x0, 0x0) inotify_init1(0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) 10:30:02 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:02 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) r1 = dup(r0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000140)={0x78}, 0x78) write$FUSE_ATTR(r1, &(0x7f0000000300)={0x78}, 0x78) 10:30:03 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240)='/dev/uinput\x00', 0x2, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00'}) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) read(r1, &(0x7f0000004d00)=""/4096, 0xfffffe91) rt_sigtimedwait(&(0x7f0000000100), 0x0, 0x0, 0x8) write$uinput_user_dev(r1, &(0x7f0000000880)={'syz1\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 196.962344] bond0: enslaved VLAN challenged slave lo. Adding VLANs will be blocked as long as lo is part of bond bond0 [ 196.975470] bond0: lo is up - this may be due to an out of date ifenslave [ 197.079902] input: syz1 as /devices/virtual/input/input5 [ 197.143802] input: syz1 as /devices/virtual/input/input6 10:30:03 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:03 executing program 0: r0 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000440)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, r0, 0x0) keyctl$set_timeout(0xf, r0, 0x0) 10:30:03 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) r1 = dup(r0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000140)={0x78}, 0x78) write$FUSE_ATTR(r1, &(0x7f0000000300)={0x78}, 0x78) 10:30:03 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x4, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f000074fffc)=0x3, 0x348) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x20) write$binfmt_elf64(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="7f45cf9d75d1f28bf69d4e3b4c46ba1e7346e4a0efa21e6d6701afc900001600000000000000000000000080000000000000004070f331d4561f1a9100000000000038000000000000001f7fe446002d4373e523cdea3000000000000000000000000000000000000000000000000000000000000000008673adc6a19ec88953cd17237cf6fcb9f47b77a0ab020987a4273accf22b33aae49391f96fbf000000000000000093a35ecfa07db0da344762f46fdbf84551974cef4c8870f61e77e85504093ae62741fb90a00f0ce5cf5ae4079f0b213b06e3d6c8e4ab4f7e622d69222592f932e1f6463a93556a63572bfbb0c38818fbd8a974aa0b465399a9e759dd63a7e6c65087d4b1a3e6af"], 0x10c) fallocate(r3, 0x20, 0x0, 0xfffffeff000) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc) quotactl(0x1, 0x0, 0x0, 0x0) readahead(r4, 0x9, 0x7ff) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000580)=""/200) ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) r6 = dup(r2) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000000440)="5892305743a274813f82526eb10ed31c1fe482a6eb9bdfc2e40033bc101741dcbff8ce94e527bf054013d9fb94c49910693d585f92c5c4f6bc57b599e2ea400bac11d2197398e7a6ccbbe9cb2313f2df8e5dcb0caae4d2a7c190396c4788b95bc6db965fb1c9255368a8bea5f81ad0255568fe809b46c734e49cbc34470137b66aea737a8f315c8c2cf199f70fb42718199f9f26dc0f517745c0254b1314fdd02bb674d2ac690e9d92eddf0f65eb411aa43ef70b4bbade47f7f120ec99ad638a3b75ac63f72c92a676990c574fac16b481", 0xd1, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000080)=0x5) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r5, 0x660c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0xeb2, @loopback}, 0x1c) r7 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000001300)={0x0, 0x0}) ppoll(&(0x7f00000012c0)=[{r6, 0x2}], 0x1, &(0x7f0000001340)={0x0, r8+10000000}, &(0x7f0000001380), 0x8) sendfile(r6, r7, &(0x7f0000d83ff8), 0x8000fffffffe) 10:30:03 executing program 2: syz_open_procfs(0x0, &(0x7f0000000080)='net/ip6_tables_targets\x00') 10:30:03 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) [ 197.294606] bond0: enslaved VLAN challenged slave lo. Adding VLANs will be blocked as long as lo is part of bond bond0 [ 197.342928] bond0: lo is up - this may be due to an out of date ifenslave 10:30:03 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x6, 0x0) write$binfmt_aout(r0, 0x0, 0x0) 10:30:03 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:03 executing program 0: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x269, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() r2 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x20420}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsetxattr(r1, &(0x7f00000010c0)=ANY=[@ANYBLOB="4d6dc3c7aa3fa1c234b06216348255c7d12936a34b0d85f8fe41e87a6f590d0482da26a4a5d2ea8b18541d4cb25d8a6054b025d9ce900d6edac0d862fba56d4c64775526ddbe6128133efb0746d4553db0c613d576e39b11cfbf4150f00167b558a858c381545e4ec28bd4afc4884549f9524327cbcd190743a65b35e6cff39113bfe0e1fbd50a00566088b7234b94d753fd730f0ade68585f1a6cdc08f31e89210a72f0ca0389e03895c1aeeca43b1e0d59136695e0e1ec", @ANYRES32=r2, @ANYRESDEC, @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYRES64=r0]], 0x0, 0x0, 0x1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x8000000) link(0x0, 0x0) unlink(0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x101000, 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'yam0\x00\x01\x17\x8b\x00', 0x8001}) tkill(0x0, 0x0) [ 197.394253] audit: type=1804 audit(1545647403.439:33): pid=7729 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir206541791/syzkaller.I8RsTD/6/bus" dev="sda1" ino=16539 res=1 10:30:03 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) r1 = dup(r0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000140)={0x78}, 0x78) 10:30:03 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:03 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) dup(r0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 10:30:03 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) [ 197.553779] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 197.607575] bond0: enslaved VLAN challenged slave lo. Adding VLANs will be blocked as long as lo is part of bond bond0 [ 197.619180] audit: type=1804 audit(1545647403.649:34): pid=7742 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir206541791/syzkaller.I8RsTD/6/bus" dev="sda1" ino=16539 res=1 [ 197.629183] bond0: lo is up - this may be due to an out of date ifenslave 10:30:03 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xa, &(0x7f0000000640)=ANY=[@ANYBLOB="bf1600000000000085100000050000003c00000000000000bf610000000000008510000002000000bf0100000000000095000000000000001501000000000000b7000000000000009500000000000000"], 0x0}, 0x48) close(r0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'vlan0\x00', &(0x7f00000002c0)=@ethtool_gstrings={0x1b, 0x6f9b, 0xe, "1e9f38f9fd3f323c43bce499006d"}}) 10:30:03 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) [ 198.096075] audit: type=1804 audit(1545647404.139:35): pid=7785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor4" name="/root/syzkaller-testdir206541791/syzkaller.I8RsTD/6/bus" dev="sda1" ino=16539 res=1 [ 198.120026] audit: type=1804 audit(1545647404.149:36): pid=7784 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir206541791/syzkaller.I8RsTD/6/bus" dev="sda1" ino=16539 res=1 [ 198.143528] audit: type=1804 audit(1545647404.149:37): pid=7783 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir206541791/syzkaller.I8RsTD/6/bus" dev="sda1" ino=16539 res=1 10:30:04 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x4, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f000074fffc)=0x3, 0x348) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x20) write$binfmt_elf64(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="7f45cf9d75d1f28bf69d4e3b4c46ba1e7346e4a0efa21e6d6701afc900001600000000000000000000000080000000000000004070f331d4561f1a9100000000000038000000000000001f7fe446002d4373e523cdea3000000000000000000000000000000000000000000000000000000000000000008673adc6a19ec88953cd17237cf6fcb9f47b77a0ab020987a4273accf22b33aae49391f96fbf000000000000000093a35ecfa07db0da344762f46fdbf84551974cef4c8870f61e77e85504093ae62741fb90a00f0ce5cf5ae4079f0b213b06e3d6c8e4ab4f7e622d69222592f932e1f6463a93556a63572bfbb0c38818fbd8a974aa0b465399a9e759dd63a7e6c65087d4b1a3e6af"], 0x10c) fallocate(r3, 0x20, 0x0, 0xfffffeff000) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc) quotactl(0x1, 0x0, 0x0, 0x0) readahead(r4, 0x9, 0x7ff) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000580)=""/200) ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) r6 = dup(r2) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000000440)="5892305743a274813f82526eb10ed31c1fe482a6eb9bdfc2e40033bc101741dcbff8ce94e527bf054013d9fb94c49910693d585f92c5c4f6bc57b599e2ea400bac11d2197398e7a6ccbbe9cb2313f2df8e5dcb0caae4d2a7c190396c4788b95bc6db965fb1c9255368a8bea5f81ad0255568fe809b46c734e49cbc34470137b66aea737a8f315c8c2cf199f70fb42718199f9f26dc0f517745c0254b1314fdd02bb674d2ac690e9d92eddf0f65eb411aa43ef70b4bbade47f7f120ec99ad638a3b75ac63f72c92a676990c574fac16b481", 0xd1, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000080)=0x5) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r5, 0x660c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0xeb2, @loopback}, 0x1c) r7 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000001300)={0x0, 0x0}) ppoll(&(0x7f00000012c0)=[{r6, 0x2}], 0x1, &(0x7f0000001340)={0x0, r8+10000000}, &(0x7f0000001380), 0x8) sendfile(r6, r7, &(0x7f0000d83ff8), 0x8000fffffffe) 10:30:04 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) dup(r0) 10:30:04 executing program 2: r0 = socket$inet(0x10, 0x2, 0x0) munlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) close(r0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) getrandom(0x0, 0x0, 0x0) msync(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) uname(0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0xfffffffffffffc50) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000001740)) 10:30:04 executing program 3: ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:04 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:04 executing program 0: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x80a010, 0x0) 10:30:04 executing program 3: ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:04 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:04 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x4, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f000074fffc)=0x3, 0x348) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x20) write$binfmt_elf64(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="7f45cf9d75d1f28bf69d4e3b4c46ba1e7346e4a0efa21e6d6701afc900001600000000000000000000000080000000000000004070f331d4561f1a9100000000000038000000000000001f7fe446002d4373e523cdea3000000000000000000000000000000000000000000000000000000000000000008673adc6a19ec88953cd17237cf6fcb9f47b77a0ab020987a4273accf22b33aae49391f96fbf000000000000000093a35ecfa07db0da344762f46fdbf84551974cef4c8870f61e77e85504093ae62741fb90a00f0ce5cf5ae4079f0b213b06e3d6c8e4ab4f7e622d69222592f932e1f6463a93556a63572bfbb0c38818fbd8a974aa0b465399a9e759dd63a7e6c65087d4b1a3e6af"], 0x10c) fallocate(r3, 0x20, 0x0, 0xfffffeff000) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc) quotactl(0x1, 0x0, 0x0, 0x0) readahead(r4, 0x9, 0x7ff) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000580)=""/200) ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) r6 = dup(r2) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000000440)="5892305743a274813f82526eb10ed31c1fe482a6eb9bdfc2e40033bc101741dcbff8ce94e527bf054013d9fb94c49910693d585f92c5c4f6bc57b599e2ea400bac11d2197398e7a6ccbbe9cb2313f2df8e5dcb0caae4d2a7c190396c4788b95bc6db965fb1c9255368a8bea5f81ad0255568fe809b46c734e49cbc34470137b66aea737a8f315c8c2cf199f70fb42718199f9f26dc0f517745c0254b1314fdd02bb674d2ac690e9d92eddf0f65eb411aa43ef70b4bbade47f7f120ec99ad638a3b75ac63f72c92a676990c574fac16b481", 0xd1, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000080)=0x5) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r5, 0x660c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0xeb2, @loopback}, 0x1c) r7 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000001300)={0x0, 0x0}) ppoll(&(0x7f00000012c0)=[{r6, 0x2}], 0x1, &(0x7f0000001340)={0x0, r8+10000000}, &(0x7f0000001380), 0x8) sendfile(r6, r7, &(0x7f0000d83ff8), 0x8000fffffffe) [ 198.344435] audit: type=1804 audit(1545647404.389:38): pid=7803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir206541791/syzkaller.I8RsTD/7/bus" dev="sda1" ino=16533 res=1 10:30:04 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x4, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f000074fffc)=0x3, 0x348) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x20) write$binfmt_elf64(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="7f45cf9d75d1f28bf69d4e3b4c46ba1e7346e4a0efa21e6d6701afc900001600000000000000000000000080000000000000004070f331d4561f1a9100000000000038000000000000001f7fe446002d4373e523cdea3000000000000000000000000000000000000000000000000000000000000000008673adc6a19ec88953cd17237cf6fcb9f47b77a0ab020987a4273accf22b33aae49391f96fbf000000000000000093a35ecfa07db0da344762f46fdbf84551974cef4c8870f61e77e85504093ae62741fb90a00f0ce5cf5ae4079f0b213b06e3d6c8e4ab4f7e622d69222592f932e1f6463a93556a63572bfbb0c38818fbd8a974aa0b465399a9e759dd63a7e6c65087d4b1a3e6af"], 0x10c) fallocate(r3, 0x20, 0x0, 0xfffffeff000) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc) quotactl(0x1, 0x0, 0x0, 0x0) readahead(r4, 0x9, 0x7ff) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000580)=""/200) ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) r6 = dup(r2) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000000440)="5892305743a274813f82526eb10ed31c1fe482a6eb9bdfc2e40033bc101741dcbff8ce94e527bf054013d9fb94c49910693d585f92c5c4f6bc57b599e2ea400bac11d2197398e7a6ccbbe9cb2313f2df8e5dcb0caae4d2a7c190396c4788b95bc6db965fb1c9255368a8bea5f81ad0255568fe809b46c734e49cbc34470137b66aea737a8f315c8c2cf199f70fb42718199f9f26dc0f517745c0254b1314fdd02bb674d2ac690e9d92eddf0f65eb411aa43ef70b4bbade47f7f120ec99ad638a3b75ac63f72c92a676990c574fac16b481", 0xd1, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000080)=0x5) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r5, 0x660c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0xeb2, @loopback}, 0x1c) r7 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000001300)={0x0, 0x0}) ppoll(&(0x7f00000012c0)=[{r6, 0x2}], 0x1, &(0x7f0000001340)={0x0, r8+10000000}, &(0x7f0000001380), 0x8) sendfile(r6, r7, &(0x7f0000d83ff8), 0x8000fffffffe) [ 198.476097] audit: type=1804 audit(1545647404.519:39): pid=7803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir206541791/syzkaller.I8RsTD/7/bus" dev="sda1" ino=16533 res=1 10:30:04 executing program 3: ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:04 executing program 5: write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) [ 198.599808] audit: type=1804 audit(1545647404.599:40): pid=7813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor2" name="/root/syzkaller-testdir147556257/syzkaller.E0g55U/11/bus" dev="sda1" ino=16556 res=1 [ 198.641290] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 198.757906] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 10:30:05 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f00000000c0)) 10:30:05 executing program 3: r0 = socket$inet_sctp(0x2, 0x0, 0x84) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:05 executing program 5: write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:05 executing program 1: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:05 executing program 5: write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:05 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:05 executing program 4: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/1}], 0x1000000000000027) 10:30:05 executing program 3: r0 = socket$inet_sctp(0x2, 0x0, 0x84) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:05 executing program 2: munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x41, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xae9d7d6f) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x10e84b}) write(r0, 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x1b43d2d9) 10:30:05 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x802, 0x0) write(r1, &(0x7f0000000000)="fc0000001c00071bab092500090007000aab08000a00000000004c93210001c045000000000008000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00020000036c6c256f1a272fdf0d11512fd633d44000000000008934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc836a74dd238ffe77e2444ef92e0e5bba4a463ae4f5566f91cf1902252522646952d68cf295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd3110175e63fb8d38a873cf1587c3b410000000000000000000000", 0xfc) 10:30:05 executing program 5: r0 = syz_open_dev$sg(0x0, 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:05 executing program 1: socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:05 executing program 3: r0 = socket$inet_sctp(0x2, 0x0, 0x84) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:05 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:05 executing program 5: r0 = syz_open_dev$sg(0x0, 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:05 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x802, 0x0) write(r1, &(0x7f0000000000)="fc0000001c00071bab092500090007000aab08000a00000000004c93210001c045000000000008000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00020000036c6c256f1a272fdf0d11512fd633d44000000000008934d07302ade01720d3d5bbc91a3e2e80772c05defd5a32e280fc836a74dd238ffe77e2444ef92e0e5bba4a463ae4f5566f91cf1902252522646952d68cf295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a60467b4d57155870258a10000c880ac801fe4af3d0041f0d48f6f0000080548deac270e33429fd3110175e63fb8d38a873cf1587c3b410000000000000000000000", 0xfc) 10:30:05 executing program 3: socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:05 executing program 5: r0 = syz_open_dev$sg(0x0, 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:06 executing program 4: clone(0x210007d9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) futex(0x0, 0x400000085, 0x0, 0x0, 0x0, 0xfffffffffffffffd) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) 10:30:06 executing program 3: socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:06 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="2e0000001c008183ad5de087185082cf0124b0eba06ec400002339a00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) 10:30:06 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:06 executing program 2: 10:30:06 executing program 2: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f00000026c0)) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) migrate_pages(0x0, 0x2, 0x0, &(0x7f0000000100)=0xdb51) 10:30:06 executing program 3: socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) [ 200.207146] futex_wake_op: syz-executor4 tries to shift op by -1; fix this program [ 200.246386] futex_wake_op: syz-executor4 tries to shift op by -1; fix this program 10:30:06 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:06 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:06 executing program 4: clone(0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="0b721244e302cdd611cddb8eaa9fd7d5789ed9b19a136f93ebec4feca0a26fa0479c326e43569ee46c674d652e4e8867921864d370fcacdfadbc09ce0c67c1ff5da8ccee2e4f26afd3b1bcb37417712b9b0f9f5bc628e3f093ba40be554ad8d17dfad0b50b4a1c") r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x80, 0x0) ioctl$TIOCEXCL(r0, 0x540c) r1 = fcntl$getown(r0, 0x9) wait4(r1, 0x0, 0x40000008, &(0x7f00000001c0)) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000280)=0x8) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000440)={0x0, 0x2710}, 0x10) 10:30:06 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:06 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x47, 0x40000000006, 0x6}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r0, &(0x7f0000000240), 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r0, &(0x7f0000000040)="787ed67e6a029b02e60f76d3ffc9ff1f32b7f108b214ae7abfb3cde6dd8ab9514977448ca6de3eaed1c56da43debdccab52252a8bf870e8954201b2000dc4e0521784232eacb1e9e2b9b13d2de8dc329f473e696dcb942d022617b0cf294a1f7680a89f61a14749dcdf805a32e9e856a4bc512468da18dea41a4951ab8f00c368ed222cee34b19eaf6fc65bf10f4212b2280c679f94b6fc167e06c0643dd04bbe2a580adec2f3002fb3cdc95e5864a419ddee913e31ac3536e83f6c6e50f5396e0bb38a7239bce7be884bdd555c60bd1912a7c3484cee6dc283bfe6e7d0d765c48a6d88b1f1e6a1efd9fe4657051", 0x0}, 0x18) 10:30:06 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:06 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x40802, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4006}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000140)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r0, &(0x7f0000000080), 0xfdef) 10:30:06 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:06 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000000)={'bond0\x00[\x01\x00\x00\x00\r\x00\x00\x00@', @ifru_names='lo\x00\x06\x06\x00\x00\x00l\x00`\x00\x03\a!\x00'}) 10:30:06 executing program 5: syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) [ 200.700494] device nr0 entered promiscuous mode 10:30:07 executing program 2: 10:30:07 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x8990, 0x0) 10:30:07 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:07 executing program 5: syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:07 executing program 0: 10:30:07 executing program 4: 10:30:07 executing program 2: 10:30:07 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x8990, 0x0) 10:30:07 executing program 5: syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a60"], 0x58) 10:30:07 executing program 0: 10:30:07 executing program 4: 10:30:07 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, 0x0, 0x0) 10:30:07 executing program 2: 10:30:07 executing program 3: r0 = socket$inet_sctp(0x2, 0x100000000000003, 0x84) ioctl$sock_ifreq(r0, 0x8990, 0x0) 10:30:08 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB]}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:08 executing program 0: 10:30:08 executing program 2: 10:30:08 executing program 4: 10:30:08 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, 0x0, 0x0) 10:30:08 executing program 3: 10:30:08 executing program 4: 10:30:08 executing program 2: 10:30:08 executing program 3: 10:30:08 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, 0x0, 0x0) 10:30:08 executing program 0: 10:30:08 executing program 4: 10:30:09 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000001000000"], 0xc}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:09 executing program 2: 10:30:09 executing program 3: 10:30:09 executing program 0: 10:30:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[], 0x0) 10:30:09 executing program 4: 10:30:09 executing program 0: 10:30:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[], 0x0) 10:30:09 executing program 3: 10:30:09 executing program 2: 10:30:09 executing program 4: 10:30:09 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000001000000"], 0xc}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:09 executing program 0: 10:30:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[], 0x0) 10:30:09 executing program 3: 10:30:09 executing program 4: 10:30:09 executing program 2: 10:30:09 executing program 0: 10:30:09 executing program 3: 10:30:09 executing program 4: 10:30:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0) 10:30:09 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000001000000"], 0xc}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:09 executing program 2: 10:30:09 executing program 4: 10:30:09 executing program 0: 10:30:09 executing program 2: 10:30:09 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661"], 0x12}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0) 10:30:09 executing program 3: 10:30:09 executing program 4: 10:30:09 executing program 2: 10:30:09 executing program 0: 10:30:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0) 10:30:09 executing program 3: 10:30:09 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661"], 0x12}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:09 executing program 0: 10:30:09 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661"], 0x12}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:09 executing program 2: 10:30:09 executing program 3: 10:30:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000"], 0x2c) 10:30:09 executing program 4: 10:30:10 executing program 3: 10:30:10 executing program 0: 10:30:10 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b"], 0x15}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000"], 0x2c) 10:30:10 executing program 4: 10:30:10 executing program 0: 10:30:10 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b"], 0x15}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:10 executing program 2: 10:30:10 executing program 3: 10:30:10 executing program 4: 10:30:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000"], 0x2c) 10:30:10 executing program 0: 10:30:10 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b"], 0x15}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:10 executing program 2: 10:30:10 executing program 3: 10:30:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa201684"], 0x42) 10:30:10 executing program 0: 10:30:10 executing program 4: 10:30:10 executing program 3: 10:30:10 executing program 2: 10:30:10 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548"], 0x17}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:10 executing program 0: 10:30:10 executing program 4: 10:30:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa201684"], 0x42) 10:30:10 executing program 3: 10:30:10 executing program 2: 10:30:10 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548"], 0x17}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa201684"], 0x42) 10:30:10 executing program 0: 10:30:10 executing program 4: 10:30:10 executing program 3: 10:30:10 executing program 2: 10:30:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af"], 0x4d) 10:30:10 executing program 0: 10:30:10 executing program 4: 10:30:10 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548"], 0x17}, 0x0) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:11 executing program 3: 10:30:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af"], 0x4d) 10:30:11 executing program 0: 10:30:11 executing program 2: 10:30:11 executing program 4: 10:30:11 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) 10:30:11 executing program 3: 10:30:11 executing program 0: 10:30:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af"], 0x4d) 10:30:11 executing program 4: 10:30:11 executing program 2: 10:30:11 executing program 0: 10:30:11 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) 10:30:11 executing program 3: 10:30:11 executing program 0: 10:30:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a008552"], 0x53) 10:30:11 executing program 2: 10:30:11 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) 10:30:11 executing program 4: 10:30:11 executing program 3: 10:30:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a008552"], 0x53) 10:30:11 executing program 0: 10:30:11 executing program 4: 10:30:11 executing program 2: socketpair$unix(0x1, 0x1000000003, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff9f}, [@ldst={0x7, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x265, &(0x7f000000cf3d)=""/195}, 0x48) 10:30:11 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001000000d661c80d8b9548d1"], 0x18}, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) 10:30:11 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x400000000004e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x8001, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYRES64], 0xffd1) read(r0, &(0x7f0000000140)=""/165, 0x1000000eb) 10:30:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a008552"], 0x53) 10:30:11 executing program 4: 10:30:11 executing program 0: 10:30:11 executing program 1: [ 205.698575] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 10:30:11 executing program 4: 10:30:11 executing program 1: r0 = socket$inet6(0xa, 0x802, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x0, 0xfffffffffffffffd) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000002400)=r2) ioctl(0xffffffffffffffff, 0x0, 0x0) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffff9c, &(0x7f00000031c0)=[{{&(0x7f0000000bc0)=@pptp, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000c40)=""/23, 0x17}, {&(0x7f0000000c80)}], 0x2, 0x0, 0x0, 0x8}}, {{&(0x7f0000002900)=@un=@abs, 0x80, &(0x7f0000002e80)=[{0x0}, {&(0x7f0000002a80)=""/155, 0x9b}, {&(0x7f0000002b40)=""/28, 0x1c}, {0x0}, {&(0x7f0000002c80)=""/248, 0xf8}, {0x0}], 0x6}, 0x2e}], 0x2, 0x101, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000440)=@known='trusted.overlay.nlink\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x181, &(0x7f0000000180)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000280)='net/route\x00') preadv(r3, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000000)={'veth1_to_bond\x00', {0x2, 0x4e21, @multicast2}}) 10:30:11 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x22800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) 10:30:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a008552778016"], 0x56) 10:30:11 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udplite6\x00') r3 = dup2(r0, r1) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040), 0x4) sendfile(r1, r2, &(0x7f0000000000)=0x100000, 0x10000) setsockopt$inet6_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) keyctl$setperm(0x5, 0x0, 0x0) 10:30:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000540)=0x5) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udplite6\x00') dup2(0xffffffffffffffff, r0) sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) keyctl$setperm(0x5, 0x0, 0x0) 10:30:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a008552778016"], 0x56) 10:30:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x400000000004e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x8001, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYRES64], 0xffd1) read(r0, &(0x7f0000000140)=""/165, 0x1000000eb) 10:30:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x400000000004e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x8001, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYRES64], 0xffd1) read(r0, &(0x7f0000000140)=""/165, 0x1000000eb) 10:30:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a008552778016"], 0x56) 10:30:12 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x80) 10:30:12 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) setxattr$trusted_overlay_opaque(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.opaque\x00', &(0x7f00000015c0)='y\x00', 0x2, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000080)) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) write$P9_RGETLOCK(r0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000001440)=0x0) write$P9_RGETLOCK(r0, &(0x7f0000001480)={0x35, 0x37, 0x2, {0x2, 0x0, 0x5, r1, 0x17, 'trusted.overlay.opaque\x00'}}, 0x35) preadv(r0, &(0x7f0000001540)=[{0x0}, {&(0x7f0000000100)=""/30, 0x1e}, {&(0x7f0000000140)=""/28, 0x1c}, {&(0x7f0000000280)=""/208, 0xd0}, {&(0x7f0000000180)=""/169, 0xa9}, {0x0}], 0x6, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000000c0)={0xf, 0x1f, 0x2, 0x3}, 0xf) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) 10:30:12 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt(r0, 0x6, 0x0, 0x0, 0x228) 10:30:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a"], 0x57) 10:30:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="480000001500190a20ffff7fffffff5602113b850e000000485e000000fe58a2bc4a03049164643e89720000de213ee23ffbf510040041feff5aff2b000000001000070000000000", 0x48}], 0x1) 10:30:12 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) close(r0) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)) setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x6, 0x4) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) 10:30:12 executing program 1: r0 = socket$inet6(0xa, 0x802, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x0, 0xfffffffffffffffd) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000002400)=r2) ioctl(0xffffffffffffffff, 0x0, 0x0) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffff9c, &(0x7f00000031c0)=[{{&(0x7f0000000bc0)=@pptp, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000c40)=""/23, 0x17}, {&(0x7f0000000c80)}], 0x2, 0x0, 0x0, 0x8}}, {{&(0x7f0000002900)=@un=@abs, 0x80, &(0x7f0000002e80)=[{0x0}, {&(0x7f0000002a80)=""/155, 0x9b}, {&(0x7f0000002b40)=""/28, 0x1c}, {0x0}, {&(0x7f0000002c80)=""/248, 0xf8}, {0x0}], 0x6}, 0x2e}], 0x2, 0x101, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000440)=@known='trusted.overlay.nlink\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x181, &(0x7f0000000180)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000280)='net/route\x00') preadv(r3, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000000)={'veth1_to_bond\x00', {0x2, 0x4e21, @multicast2}}) 10:30:12 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) socket$inet(0x2, 0x0, 0x0) semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getuid() r3 = geteuid() lstat(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f0000000140)) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f00000001c0)) geteuid() r5 = getuid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@dev, @in6}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f0000000380)=0xe8) fstat(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getgid() stat(&(0x7f0000000480)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, 0x0, &(0x7f0000000540)={{}, {}, [{0x2, 0x3}, {0x2, 0x1, r3}, {0x2, 0x5, r4}, {}, {0x2, 0x4, r5}, {}], {0x4, 0x1}, [{0x8, 0x0, r6}, {0x8, 0x2, r7}], {0x10, 0x4}, {0x20, 0x4}}, 0x64, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) creat(&(0x7f0000000340)='./bus\x00', 0x0) getegid() write$FUSE_CREATE_OPEN(r0, 0x0, 0x0) io_setup(0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, 0x0, 0xce6b8667) close(0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) 10:30:12 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/unix\x00') sync_file_range(r0, 0x0, 0x0, 0x3) [ 206.388343] netlink: 48 bytes leftover after parsing attributes in process `syz-executor0'. 10:30:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a"], 0x57) 10:30:12 executing program 3: clone(0x10003102003fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1b) ptrace$cont(0x18, r0, 0x0, 0x0) clock_adjtime(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xa5}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x21, r0, 0x0, 0x0) 10:30:12 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 10:30:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="5300000044a6aeabec2e02fc1772f684bc1bd0172d00000013db9820000000003bc3d4505956000008000000406eef4799ec00000000b8188e23061291cdaa2016846655b9c71d9760a14280af72dd9a0085527780168a"], 0x57) [ 206.638930] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities 10:30:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udplite6\x00') sendfile(r0, r1, &(0x7f0000000000)=0x100000, 0x10000) keyctl$setperm(0x5, 0x0, 0x0) 10:30:12 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fanotify_init(0x0, 0x0) readv(r0, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x301000, 0x0) ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = dup3(r1, r0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) shutdown(r2, 0x0) tkill(r3, 0x1000000000016) [ 206.755796] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 206.814508] Unrecognized hibernate image header format! 10:30:12 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f0000000080)) [ 206.838929] PM: Image mismatch: architecture specific data 10:30:12 executing program 0: pselect6(0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0), 0x0, &(0x7f0000000040)={&(0x7f0000000000), 0x8}) 10:30:12 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) socket$inet(0x2, 0x0, 0x0) semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getuid() r3 = geteuid() lstat(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f0000000140)) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f00000001c0)) geteuid() r5 = getuid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@dev, @in6}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f0000000380)=0xe8) fstat(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getgid() stat(&(0x7f0000000480)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, 0x0, &(0x7f0000000540)={{}, {}, [{0x2, 0x3}, {0x2, 0x1, r3}, {0x2, 0x5, r4}, {}, {0x2, 0x4, r5}, {}], {0x4, 0x1}, [{0x8, 0x0, r6}, {0x8, 0x2, r7}], {0x10, 0x4}, {0x20, 0x4}}, 0x64, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) creat(&(0x7f0000000340)='./bus\x00', 0x0) getegid() write$FUSE_CREATE_OPEN(r0, 0x0, 0x0) io_setup(0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, 0x0, 0xce6b8667) close(0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) 10:30:13 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) lremovexattr(0x0, 0x0) semget(0xffffffffffffffff, 0x0, 0x0) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) semop(0x0, 0x0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) syz_read_part_table(0x0, 0x0, 0x0) getxattr(0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000640)=[{{&(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) syz_open_pts(0xffffffffffffff9c, 0x0) ioctl$VT_RELDISP(0xffffffffffffffff, 0x5605) write$P9_RLERRORu(r1, 0x0, 0x0) 10:30:13 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 10:30:13 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f0000000080)) [ 207.036371] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities 10:30:13 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xffffffea) r3 = epoll_create(0xe2a3) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000280)) ppoll(&(0x7f0000000140)=[{r3}, {r1}], 0x2, 0x0, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) close(r2) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 10:30:13 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) socket$inet(0x2, 0x0, 0x0) semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getuid() r3 = geteuid() lstat(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f0000000140)) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f00000001c0)) geteuid() r5 = getuid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@dev, @in6}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f0000000380)=0xe8) fstat(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getgid() stat(&(0x7f0000000480)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, 0x0, &(0x7f0000000540)={{}, {}, [{0x2, 0x3}, {0x2, 0x1, r3}, {0x2, 0x5, r4}, {}, {0x2, 0x4, r5}, {}], {0x4, 0x1}, [{0x8, 0x0, r6}, {0x8, 0x2, r7}], {0x10, 0x4}, {0x20, 0x4}}, 0x64, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) creat(&(0x7f0000000340)='./bus\x00', 0x0) getegid() write$FUSE_CREATE_OPEN(r0, 0x0, 0x0) io_setup(0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, 0x0, 0xce6b8667) close(0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) [ 207.200761] __loop_clr_fd: partition scan of loop1 failed (rc=-22) 10:30:13 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) [ 207.324665] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities 10:30:13 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/fscreate\x00') write$selinux_attr(r0, 0x0, 0x0) 10:30:13 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) [ 207.532919] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 207.961910] __loop_clr_fd: partition scan of loop1 failed (rc=-22) 10:30:15 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fanotify_init(0x0, 0x0) readv(r0, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x301000, 0x0) ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = dup3(r1, r0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) shutdown(r2, 0x0) tkill(r3, 0x1000000000016) 10:30:15 executing program 2: setresuid(0x0, 0xee01, 0x0) add_key$keyring(&(0x7f0000000240)='keyring\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) setresuid(0x0, 0x0, 0x0) 10:30:15 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 10:30:15 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pselect6(0x40, &(0x7f0000000000)={0x9}, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x7, 0x2eaf8cec, 0x8, 0x8000, 0x3}, &(0x7f0000000140), &(0x7f0000000200)={&(0x7f0000000180)={0x8}, 0x8}) 10:30:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="0a0775b0d5e383e5b3c06639d476a0bf", 0x10) 10:30:15 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) close(r0) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)) setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000880)) setsockopt$inet_mreq(r0, 0x0, 0x27, &(0x7f0000000080)={@rand_addr, @rand_addr=0x4}, 0x8) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, 0x0, 0x0) 10:30:16 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fanotify_init(0x0, 0x0) readv(r0, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x301000, 0x0) ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = dup3(r1, r0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) shutdown(r2, 0x0) tkill(r3, 0x1000000000016) 10:30:16 executing program 3: r0 = socket$inet(0x10, 0x2, 0x0) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000001740)) 10:30:16 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0xe003000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x10}) ioctl$void(r0, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, 0x7ffffffc, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0xe19}) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x8000) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x6, 0x6}, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 10:30:16 executing program 0: symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/full\x00', 0x400, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x9) syz_open_dev$rtc(&(0x7f00000001c0)='/dev/rtc#\x00', 0x8001, 0x101400) getpid() memfd_create(0x0, 0x0) r1 = syz_open_dev$sndseq(0x0, 0x0, 0xffffffffffffffff) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) getsockname(r1, &(0x7f0000000100)=@hci={0x1f, 0x0}, &(0x7f0000000340)=0x80) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x811}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB="700000004300000229bd7000fbdbdf25020000000800030002000000540006000c000400150000000000000008000b00010000000c000500ffffff7fffffffff08000900040000000c00040001000000000000000c000f00060000000000000008000b00f400000008000100c792a6605f7a6480548e82636d47f38a1835c6cc34392315ca017a523e7bebb7c255e7229a10e92e50ae8b5bd250dbc0eae59c2762af1bc653b9e670c1a2e125781fda8f7029aeda98c457f32d281f72028aa2deacd38768aa3a906263a27d31aec7e15b23d85ae5bc755e97372645fe6f446dc3e783ea6a690d88316ec17986be84bbc4e6e9243f91be100d9f4dff010000000000003dc9fddfab9600cb850cc2b50000000000000000005121b40000000000000000000000", @ANYRES32=r4], 0x2}}, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, 0x0) memfd_create(0x0, 0x5) syz_open_procfs(0x0, 0x0) r5 = dup(r3) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000300)={0xa, 0x800004e20, 0x1, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x2000000b, &(0x7f00008d4fe4)={0xa, 0x2000000000004e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, &(0x7f0000d83ff8), 0x8000fffffffe) write$sndseq(r2, &(0x7f00000003c0)=[{0x0, 0x8000, 0x800000, 0x20, @tick, {0x0, 0x1}, {}, @raw32={[0x6, 0x7, 0x3]}}], 0x30) 10:30:16 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) [ 210.222407] kauditd_printk_skb: 3 callbacks suppressed [ 210.222420] audit: type=1800 audit(1545647416.259:44): pid=8480 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=16655 res=0 10:30:16 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, 0x0, 0x0) 10:30:19 executing program 5: symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/full\x00', 0x400, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x9) syz_open_dev$rtc(&(0x7f00000001c0)='/dev/rtc#\x00', 0x8001, 0x101400) getpid() memfd_create(0x0, 0x0) r1 = syz_open_dev$sndseq(0x0, 0x0, 0xffffffffffffffff) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) getsockname(r1, &(0x7f0000000100)=@hci={0x1f, 0x0}, &(0x7f0000000340)=0x80) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x811}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB="700000004300000229bd7000fbdbdf25020000000800030002000000540006000c000400150000000000000008000b00010000000c000500ffffff7fffffffff08000900040000000c00040001000000000000000c000f00060000000000000008000b00f400000008000100c792a6605f7a6480548e82636d47f38a1835c6cc34392315ca017a523e7bebb7c255e7229a10e92e50ae8b5bd250dbc0eae59c2762af1bc653b9e670c1a2e125781fda8f7029aeda98c457f32d281f72028aa2deacd38768aa3a906263a27d31aec7e15b23d85ae5bc755e97372645fe6f446dc3e783ea6a690d88316ec17986be84bbc4e6e9243f91be100d9f4dff010000000000003dc9fddfab9600cb850cc2b50000000000000000005121b40000000000000000000000", @ANYRES32=r4], 0x2}}, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, 0x0) memfd_create(0x0, 0x5) syz_open_procfs(0x0, 0x0) r5 = dup(r3) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000300)={0xa, 0x800004e20, 0x1, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x2000000b, &(0x7f00008d4fe4)={0xa, 0x2000000000004e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, &(0x7f0000d83ff8), 0x8000fffffffe) write$sndseq(r2, &(0x7f00000003c0)=[{0x0, 0x8000, 0x800000, 0x20, @tick, {0x0, 0x1}, {}, @raw32={[0x6, 0x7, 0x3]}}], 0x30) 10:30:19 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0xe003000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x10}) ioctl$void(r0, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, 0x7ffffffc, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0xe19}) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x8000) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x6, 0x6}, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 10:30:19 executing program 3: openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x6, 0x7d, 0x20000000000005}, 0x2dc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000000), 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r0, &(0x7f0000000000), 0x0}, 0x18) 10:30:19 executing program 0: symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/full\x00', 0x400, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x9) syz_open_dev$rtc(&(0x7f00000001c0)='/dev/rtc#\x00', 0x8001, 0x101400) getpid() memfd_create(0x0, 0x0) r1 = syz_open_dev$sndseq(0x0, 0x0, 0xffffffffffffffff) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) getsockname(r1, &(0x7f0000000100)=@hci={0x1f, 0x0}, &(0x7f0000000340)=0x80) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x811}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB="700000004300000229bd7000fbdbdf25020000000800030002000000540006000c000400150000000000000008000b00010000000c000500ffffff7fffffffff08000900040000000c00040001000000000000000c000f00060000000000000008000b00f400000008000100c792a6605f7a6480548e82636d47f38a1835c6cc34392315ca017a523e7bebb7c255e7229a10e92e50ae8b5bd250dbc0eae59c2762af1bc653b9e670c1a2e125781fda8f7029aeda98c457f32d281f72028aa2deacd38768aa3a906263a27d31aec7e15b23d85ae5bc755e97372645fe6f446dc3e783ea6a690d88316ec17986be84bbc4e6e9243f91be100d9f4dff010000000000003dc9fddfab9600cb850cc2b50000000000000000005121b40000000000000000000000", @ANYRES32=r4], 0x2}}, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, 0x0) memfd_create(0x0, 0x5) syz_open_procfs(0x0, 0x0) r5 = dup(r3) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000300)={0xa, 0x800004e20, 0x1, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x2000000b, &(0x7f00008d4fe4)={0xa, 0x2000000000004e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, &(0x7f0000d83ff8), 0x8000fffffffe) write$sndseq(r2, &(0x7f00000003c0)=[{0x0, 0x8000, 0x800000, 0x20, @tick, {0x0, 0x1}, {}, @raw32={[0x6, 0x7, 0x3]}}], 0x30) 10:30:19 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 10:30:19 executing program 3: symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/full\x00', 0x400, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x9) syz_open_dev$rtc(&(0x7f00000001c0)='/dev/rtc#\x00', 0x8001, 0x101400) getpid() memfd_create(0x0, 0x0) r1 = syz_open_dev$sndseq(0x0, 0x0, 0xffffffffffffffff) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) getsockname(r1, &(0x7f0000000100)=@hci={0x1f, 0x0}, &(0x7f0000000340)=0x80) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x811}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB="700000004300000229bd7000fbdbdf25020000000800030002000000540006000c000400150000000000000008000b00010000000c000500ffffff7fffffffff08000900040000000c00040001000000000000000c000f00060000000000000008000b00f400000008000100c792a6605f7a6480548e82636d47f38a1835c6cc34392315ca017a523e7bebb7c255e7229a10e92e50ae8b5bd250dbc0eae59c2762af1bc653b9e670c1a2e125781fda8f7029aeda98c457f32d281f72028aa2deacd38768aa3a906263a27d31aec7e15b23d85ae5bc755e97372645fe6f446dc3e783ea6a690d88316ec17986be84bbc4e6e9243f91be100d9f4dff010000000000003dc9fddfab9600cb850cc2b50000000000000000005121b40000000000000000000000", @ANYRES32=r4], 0x2}}, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, 0x0) memfd_create(0x0, 0x5) syz_open_procfs(0x0, 0x0) r5 = dup(r3) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000300)={0xa, 0x800004e20, 0x1, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x2000000b, &(0x7f00008d4fe4)={0xa, 0x2000000000004e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, &(0x7f0000d83ff8), 0x8000fffffffe) write$sndseq(r2, &(0x7f00000003c0)=[{0x0, 0x8000, 0x800000, 0x20, @tick, {0x0, 0x1}, {}, @raw32={[0x6, 0x7, 0x3]}}], 0x30) [ 213.323458] audit: type=1800 audit(1545647419.369:45): pid=8518 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=16663 res=0 10:30:19 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0xe003000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x10}) ioctl$void(r0, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, 0x7ffffffc, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0xe19}) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x8000) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x6, 0x6}, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 10:30:19 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', 0x0, 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 10:30:19 executing program 0: symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/full\x00', 0x400, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x9) syz_open_dev$rtc(&(0x7f00000001c0)='/dev/rtc#\x00', 0x8001, 0x101400) getpid() memfd_create(0x0, 0x0) r1 = syz_open_dev$sndseq(0x0, 0x0, 0xffffffffffffffff) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) getsockname(r1, &(0x7f0000000100)=@hci={0x1f, 0x0}, &(0x7f0000000340)=0x80) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x811}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB="700000004300000229bd7000fbdbdf25020000000800030002000000540006000c000400150000000000000008000b00010000000c000500ffffff7fffffffff08000900040000000c00040001000000000000000c000f00060000000000000008000b00f400000008000100c792a6605f7a6480548e82636d47f38a1835c6cc34392315ca017a523e7bebb7c255e7229a10e92e50ae8b5bd250dbc0eae59c2762af1bc653b9e670c1a2e125781fda8f7029aeda98c457f32d281f72028aa2deacd38768aa3a906263a27d31aec7e15b23d85ae5bc755e97372645fe6f446dc3e783ea6a690d88316ec17986be84bbc4e6e9243f91be100d9f4dff010000000000003dc9fddfab9600cb850cc2b50000000000000000005121b40000000000000000000000", @ANYRES32=r4], 0x2}}, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, 0x0) memfd_create(0x0, 0x5) syz_open_procfs(0x0, 0x0) r5 = dup(r3) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000300)={0xa, 0x800004e20, 0x1, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x2000000b, &(0x7f00008d4fe4)={0xa, 0x2000000000004e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, &(0x7f0000d83ff8), 0x8000fffffffe) write$sndseq(r2, &(0x7f00000003c0)=[{0x0, 0x8000, 0x800000, 0x20, @tick, {0x0, 0x1}, {}, @raw32={[0x6, 0x7, 0x3]}}], 0x30) [ 213.369684] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 10:30:19 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', 0x0, 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) [ 213.515011] audit: type=1800 audit(1545647419.559:46): pid=8532 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor2" name="file0" dev="sda1" ino=16641 res=0 10:30:19 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0xe003000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x10}) ioctl$void(r0, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, 0x7ffffffc, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0xe19}) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x8000) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x6, 0x6}, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 10:30:19 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', 0x0, 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000000c0)="4000000002000000190a0000dc0100002c000000010a0000020006000000000000200000002000004000e3ffffffffff3c5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) [ 213.891783] audit: type=1800 audit(1545647419.939:47): pid=8546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor2" name="file0" dev="sda1" ino=16656 res=0 10:30:20 executing program 5: socketpair$unix(0x1, 0x1000000003, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff9f}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 10:30:20 executing program 1: syz_open_dev$admmidi(0x0, 0x1, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x1c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000000040)={0x77359400}, &(0x7f0000048000), 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000fd7ff0)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1c0000000, 0x0) 10:30:20 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff}) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) close(r0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)) socket$unix(0x1, 0x5, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) accept4(r0, 0x0, &(0x7f00000003c0), 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) mlockall(0x7) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) llistxattr(0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) lsetxattr$security_evm(0x0, 0x0, 0x0, 0x0, 0x0) 10:30:20 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:30:20 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/unix\x00') read(r0, &(0x7f0000000080)=""/200, 0xc8) 10:30:20 executing program 3: socket$inet6(0xa, 0x1000000000003, 0x7) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) close(r0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$unix(0x1, 0x1, 0x0) r1 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x105082) r2 = memfd_create(&(0x7f0000000140)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0) sendfile(r1, r2, &(0x7f0000000000), 0x80003) 10:30:20 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r0, 0x0, r1) connect$bt_l2cap(r2, &(0x7f0000000080), 0xe) [ 214.201456] EXT4-fs (loop4): VFS: Can't find ext4 filesystem 10:30:20 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:30:20 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) getsockname(r0, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000140)=0x80) readv(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r0, r0) gettid() ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x86000, 0x0) sendto$unix(r0, &(0x7f00000001c0), 0x0, 0x1, 0x0, 0x0) fcntl$notify(r2, 0x402, 0x80000000) setsockopt$inet6_int(r2, 0x29, 0xc8, &(0x7f0000000100)=0x6, 0x4) [ 214.388195] EXT4-fs (loop4): VFS: Can't find ext4 filesystem 10:30:20 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="000068000000000000000000000000008128b14700000000d59863d20000000002000f2020cc00000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a6e94c0000055aa", 0x60, 0x1a0}]) 10:30:20 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x705, 0x5) r1 = dup(r0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_ATTR(r1, &(0x7f0000000140)={0x78}, 0x78) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) 10:30:20 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:30:20 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000080)={0x7b, 0x600000000000000, [0x40000073, 0x0, 0x1b], [0xc2]}) [ 214.604704] loop5: p1 < > p4 [ 214.611002] loop5: partition table partially beyond EOD, truncated [ 214.631988] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 214.636035] loop5: p1 size 2 extends beyond EOD, truncated [ 214.673628] loop5: p4 start 1854537728 is beyond EOD, truncated [ 214.700308] ================================================================== [ 214.707805] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 214.714396] Write of size 832 at addr ffff8881d2912bc0 by task syz-executor0/8607 [ 214.722017] [ 214.723664] CPU: 0 PID: 8607 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 214.729194] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 214.732156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.732181] Call Trace: [ 214.732202] dump_stack+0x244/0x39d [ 214.732224] ? dump_stack_print_info.cold.1+0x20/0x20 [ 214.732239] ? printk+0xa7/0xcf [ 214.732273] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 214.732313] print_address_description.cold.4+0x9/0x1ff [ 214.772566] ? fpstate_init+0x50/0x160 [ 214.776464] kasan_report.cold.5+0x1b/0x39 [ 214.780694] ? fpstate_init+0x50/0x160 [ 214.784613] ? fpstate_init+0x50/0x160 [ 214.788530] check_memory_region+0x13e/0x1b0 [ 214.792938] memset+0x23/0x40 [ 214.796033] fpstate_init+0x50/0x160 [ 214.799736] kvm_arch_vcpu_init+0x3e9/0x870 [ 214.804065] kvm_vcpu_init+0x2fa/0x420 [ 214.807980] ? vcpu_stat_get+0x300/0x300 [ 214.812043] ? kmem_cache_alloc+0x33f/0x730 [ 214.816377] vmx_create_vcpu+0x1b7/0x2695 [ 214.820519] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 214.825613] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.830236] ? preempt_schedule+0x4d/0x60 [ 214.834407] ? preempt_schedule_common+0x1f/0xe0 [ 214.839195] ? vmx_exec_control+0x210/0x210 [ 214.843516] ? ___preempt_schedule+0x16/0x18 [ 214.847913] ? kasan_check_write+0x14/0x20 [ 214.852156] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 214.857108] ? wait_for_completion+0x8a0/0x8a0 [ 214.861751] ? print_usage_bug+0xc0/0xc0 [ 214.865826] ? migrate_swap_stop+0x8a0/0x8a0 [ 214.870258] kvm_arch_vcpu_create+0xe5/0x220 [ 214.874687] ? kvm_arch_vcpu_free+0x90/0x90 [ 214.879013] kvm_vm_ioctl+0x526/0x2030 [ 214.882905] ? kvm_unregister_device_ops+0x70/0x70 [ 214.887851] ? mark_held_locks+0x130/0x130 [ 214.892102] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 214.897285] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 214.902377] ? futex_wake+0x304/0x760 [ 214.906208] ? __lock_acquire+0x62f/0x4c20 [ 214.910454] ? mark_held_locks+0x130/0x130 [ 214.914682] ? graph_lock+0x270/0x270 [ 214.918527] ? do_futex+0x249/0x26d0 [ 214.922280] ? rcu_read_unlock_special+0x370/0x370 [ 214.927242] ? rcu_softirq_qs+0x20/0x20 [ 214.931222] ? unwind_dump+0x190/0x190 [ 214.935115] ? find_held_lock+0x36/0x1c0 [ 214.939222] ? __fget+0x4aa/0x740 [ 214.942698] ? lock_downgrade+0x900/0x900 [ 214.946847] ? check_preemption_disabled+0x48/0x280 [ 214.951871] ? kasan_check_read+0x11/0x20 [ 214.956036] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 214.961321] ? rcu_read_unlock_special+0x370/0x370 [ 214.966260] ? __fget+0x4d1/0x740 [ 214.969709] ? ksys_dup3+0x680/0x680 10:30:21 executing program 1: syz_open_dev$admmidi(0x0, 0x1, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x1c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000000040)={0x77359400}, &(0x7f0000048000), 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000fd7ff0)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1c0000000, 0x0) 10:30:21 executing program 3: clone(0x210007d9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) futex(0x0, 0x400000085, 0x0, 0x0, 0x0, 0xfffffffffffffffd) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) [ 214.973414] ? __might_fault+0x12b/0x1e0 [ 214.977482] ? lock_downgrade+0x900/0x900 [ 214.981636] ? lock_release+0xa00/0xa00 [ 214.985615] ? perf_trace_sched_process_exec+0x860/0x860 [ 214.991055] ? kvm_unregister_device_ops+0x70/0x70 [ 214.996007] do_vfs_ioctl+0x1de/0x1790 [ 214.999949] ? ioctl_preallocate+0x300/0x300 [ 215.004379] ? __fget_light+0x2e9/0x430 [ 215.008370] ? fget_raw+0x20/0x20 [ 215.011829] ? _copy_to_user+0xc8/0x110 [ 215.015846] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.021398] ? put_timespec64+0x10f/0x1b0 10:30:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") writev(r0, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) read(r0, &(0x7f00000015c0)=""/4096, 0x1000) 10:30:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002740)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000001e000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000140)="b805000000b9008000000f01c1f080a4b000600000000fc3180f09c744240000000000c744240200080000c7442406000000000f0114240f08f3a5650f050f20da0f01cf", 0x44}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x80000001]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 215.025568] ? nsecs_to_jiffies+0x30/0x30 [ 215.029727] ? do_syscall_64+0x9a/0x820 [ 215.033715] ? do_syscall_64+0x9a/0x820 [ 215.037142] futex_wake_op: syz-executor3 tries to shift op by -1; fix this program [ 215.037705] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 215.048579] futex_wake_op: syz-executor3 tries to shift op by -1; fix this program [ 215.050020] ? security_file_ioctl+0x94/0xc0 [ 215.050042] ksys_ioctl+0xa9/0xd0 [ 215.050064] __x64_sys_ioctl+0x73/0xb0 [ 215.050098] do_syscall_64+0x1b9/0x820 [ 215.050130] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 215.050148] ? syscall_return_slowpath+0x5e0/0x5e0 [ 215.050161] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.050196] ? trace_hardirqs_on_caller+0x310/0x310 [ 215.050216] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 215.050234] ? prepare_exit_to_usermode+0x291/0x3b0 [ 215.050254] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.050274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.050285] RIP: 0033:0x457669 [ 215.050315] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.050323] RSP: 002b:00007f624ce9ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.050338] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 215.050346] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 215.050355] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 215.050365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f624ce9f6d4 [ 215.050374] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 215.050396] [ 215.050403] Allocated by task 8607: [ 215.050416] save_stack+0x43/0xd0 [ 215.050427] kasan_kmalloc+0xcb/0xd0 [ 215.050437] kasan_slab_alloc+0x12/0x20 [ 215.050452] kmem_cache_alloc+0x130/0x730 [ 215.050464] vmx_create_vcpu+0x110/0x2695 [ 215.050477] kvm_arch_vcpu_create+0xe5/0x220 [ 215.050488] kvm_vm_ioctl+0x526/0x2030 [ 215.050502] do_vfs_ioctl+0x1de/0x1790 [ 215.050515] ksys_ioctl+0xa9/0xd0 [ 215.050528] __x64_sys_ioctl+0x73/0xb0 [ 215.050541] do_syscall_64+0x1b9/0x820 [ 215.050555] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.050559] [ 215.050564] Freed by task 0: [ 215.050569] (stack is not available) [ 215.050572] [ 215.050598] The buggy address belongs to the object at ffff8881d2912b80 [ 215.050598] which belongs to the cache x86_fpu of size 832 [ 215.050611] The buggy address is located 64 bytes inside of [ 215.050611] 832-byte region [ffff8881d2912b80, ffff8881d2912ec0) [ 215.050615] The buggy address belongs to the page: [ 215.050628] page:ffffea00074a4480 count:1 mapcount:0 mapping:ffff8881d515a040 index:0x0 [ 215.050655] flags: 0x2fffc0000000200(slab) [ 215.050688] raw: 02fffc0000000200 ffff8881d483e248 ffff8881d483e248 ffff8881d515a040 [ 215.050705] raw: 0000000000000000 ffff8881d2912040 0000000100000004 0000000000000000 [ 215.050711] page dumped because: kasan: bad access detected [ 215.050715] [ 215.050720] Memory state around the buggy address: [ 215.050732] ffff8881d2912d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 215.050743] ffff8881d2912e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 215.050755] >ffff8881d2912e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 215.050761] ^ [ 215.050773] ffff8881d2912f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 215.050784] ffff8881d2912f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 215.050790] ================================================================== [ 215.050795] Disabling lock debugging due to kernel taint [ 215.052442] Kernel panic - not syncing: panic_on_warn set ... [ 215.374309] CPU: 0 PID: 8607 Comm: syz-executor0 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 215.384214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.393578] Call Trace: [ 215.396207] dump_stack+0x244/0x39d [ 215.399842] ? dump_stack_print_info.cold.1+0x20/0x20 [ 215.405036] ? fpstate_init+0x30/0x160 [ 215.408938] panic+0x2ad/0x632 [ 215.412120] ? add_taint.cold.5+0x16/0x16 [ 215.416304] ? preempt_schedule+0x4d/0x60 [ 215.420445] ? ___preempt_schedule+0x16/0x18 [ 215.424852] ? trace_hardirqs_on+0xb4/0x310 [ 215.429191] ? fpstate_init+0x50/0x160 [ 215.431106] kobject: 'kvm' (00000000882c9d1f): kobject_uevent_env [ 215.433114] end_report+0x47/0x4f [ 215.433128] kasan_report.cold.5+0xe/0x39 [ 215.433146] ? fpstate_init+0x50/0x160 [ 215.449158] kobject: 'kvm' (00000000882c9d1f): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 215.450872] ? fpstate_init+0x50/0x160 [ 215.450890] check_memory_region+0x13e/0x1b0 [ 215.450922] memset+0x23/0x40 [ 215.471399] fpstate_init+0x50/0x160 [ 215.471667] kobject: 'kvm' (00000000882c9d1f): kobject_uevent_env [ 215.475196] kvm_arch_vcpu_init+0x3e9/0x870 [ 215.475221] kvm_vcpu_init+0x2fa/0x420 [ 215.482546] kobject: 'kvm' (00000000882c9d1f): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 215.485887] ? vcpu_stat_get+0x300/0x300 [ 215.485906] ? kmem_cache_alloc+0x33f/0x730 [ 215.485925] vmx_create_vcpu+0x1b7/0x2695 [ 215.511338] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 215.516430] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 215.521003] ? preempt_schedule+0x4d/0x60 [ 215.525140] ? preempt_schedule_common+0x1f/0xe0 [ 215.529895] ? vmx_exec_control+0x210/0x210 [ 215.534217] ? ___preempt_schedule+0x16/0x18 [ 215.538622] ? kasan_check_write+0x14/0x20 [ 215.542882] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 215.547844] ? wait_for_completion+0x8a0/0x8a0 [ 215.552417] ? print_usage_bug+0xc0/0xc0 [ 215.556469] ? migrate_swap_stop+0x8a0/0x8a0 [ 215.560870] kvm_arch_vcpu_create+0xe5/0x220 [ 215.565310] ? kvm_arch_vcpu_free+0x90/0x90 [ 215.569635] kvm_vm_ioctl+0x526/0x2030 [ 215.573513] ? kvm_unregister_device_ops+0x70/0x70 [ 215.578444] ? mark_held_locks+0x130/0x130 [ 215.582682] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 215.587871] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 215.592962] ? futex_wake+0x304/0x760 [ 215.596753] ? __lock_acquire+0x62f/0x4c20 [ 215.600978] ? mark_held_locks+0x130/0x130 [ 215.605207] ? graph_lock+0x270/0x270 [ 215.608997] ? do_futex+0x249/0x26d0 [ 215.612709] ? rcu_read_unlock_special+0x370/0x370 [ 215.617642] ? rcu_softirq_qs+0x20/0x20 [ 215.621599] ? unwind_dump+0x190/0x190 [ 215.625472] ? find_held_lock+0x36/0x1c0 [ 215.629520] ? __fget+0x4aa/0x740 [ 215.632970] ? lock_downgrade+0x900/0x900 [ 215.637136] ? check_preemption_disabled+0x48/0x280 [ 215.642187] ? kasan_check_read+0x11/0x20 [ 215.646333] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 215.651608] ? rcu_read_unlock_special+0x370/0x370 [ 215.656545] ? __fget+0x4d1/0x740 [ 215.659986] ? ksys_dup3+0x680/0x680 [ 215.663686] ? __might_fault+0x12b/0x1e0 [ 215.667762] ? lock_downgrade+0x900/0x900 [ 215.671934] ? lock_release+0xa00/0xa00 [ 215.675897] ? perf_trace_sched_process_exec+0x860/0x860 [ 215.681378] ? kvm_unregister_device_ops+0x70/0x70 [ 215.686306] do_vfs_ioctl+0x1de/0x1790 [ 215.690267] ? ioctl_preallocate+0x300/0x300 [ 215.694706] ? __fget_light+0x2e9/0x430 [ 215.698682] ? fget_raw+0x20/0x20 [ 215.702188] ? _copy_to_user+0xc8/0x110 [ 215.706154] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.711693] ? put_timespec64+0x10f/0x1b0 [ 215.715829] ? nsecs_to_jiffies+0x30/0x30 [ 215.719985] ? do_syscall_64+0x9a/0x820 [ 215.723958] ? do_syscall_64+0x9a/0x820 [ 215.727927] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 215.732513] ? security_file_ioctl+0x94/0xc0 [ 215.736910] ksys_ioctl+0xa9/0xd0 [ 215.740353] __x64_sys_ioctl+0x73/0xb0 [ 215.744232] do_syscall_64+0x1b9/0x820 [ 215.748108] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 215.753483] ? syscall_return_slowpath+0x5e0/0x5e0 [ 215.758432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.763277] ? trace_hardirqs_on_caller+0x310/0x310 [ 215.768303] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 215.773306] ? prepare_exit_to_usermode+0x291/0x3b0 [ 215.778354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.783211] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.788395] RIP: 0033:0x457669 [ 215.791575] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.810483] RSP: 002b:00007f624ce9ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.818242] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 215.825494] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 215.832746] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 215.839999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f624ce9f6d4 [ 215.847250] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 215.855544] Kernel Offset: disabled [ 215.859182] Rebooting in 86400 seconds..