Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts.
2018/12/24 03:09:49 fuzzer started
2018/12/24 03:09:51 dialing manager at 10.128.0.26:33943
2018/12/24 03:09:51 syscalls: 1
2018/12/24 03:09:51 code coverage: enabled
2018/12/24 03:09:51 comparison tracing: enabled
2018/12/24 03:09:51 setuid sandbox: enabled
2018/12/24 03:09:51 namespace sandbox: enabled
2018/12/24 03:09:51 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/24 03:09:51 fault injection: enabled
2018/12/24 03:09:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/24 03:09:51 net packet injection: enabled
2018/12/24 03:09:51 net device setup: enabled
03:12:12 executing program 0:
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x6c, 0x0, @empty=0x9000000, @broadcast}, @udp={0x0, 0x0, 0x8}}}}}, 0x0)

[  185.519444] IPVS: ftp: loaded support on port[0] = 21
03:12:12 executing program 1:
semget$private(0x0, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x400000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
pipe(&(0x7f0000000700)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setstatus(r0, 0x4, 0x2c00)
write(r3, &(0x7f00000001c0), 0xfffffef3)
read(r2, &(0x7f0000000540)=""/250, 0x446a6e69)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff)

[  185.794490] IPVS: ftp: loaded support on port[0] = 21
03:12:12 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = socket(0x10, 0x80002, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000f000600000016ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

[  186.186106] IPVS: ftp: loaded support on port[0] = 21
03:12:13 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10)
write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x263313e)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100)

[  186.522034] IPVS: ftp: loaded support on port[0] = 21
03:12:13 executing program 4:
r0 = socket$unix(0x1, 0x1, 0x0)
write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0xfffffffffffffc98, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
getgid()
listen(r1, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
accept4$inet(r1, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x0, 0x0)
connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

[  187.085670] IPVS: ftp: loaded support on port[0] = 21
[  187.103279] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.128941] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.136795] device bridge_slave_0 entered promiscuous mode
[  187.326129] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.356849] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.371681] device bridge_slave_1 entered promiscuous mode
03:12:14 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback})
ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000280)={0x0, 0x4000000000088, 0x0, 0x40, &(0x7f0000ffa000/0x4000)=nil, 0x10e15})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000300)={0x0, @time={0x0, 0x989680}, 0x6, {0x1}, 0x6, 0x0, 0x3})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000600)={0x1000, 0x2, 'client0\x00', 0x0, "f53f0094036c6c00", "63f91a3c787b91ec03f9fd428f0172e2c149b83499973de883ddba09a57dcc0e", 0x3, 0x33093e40})
userfaultfd(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
getresuid(&(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000380))
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB])
ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000006c0)=""/186)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200))
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB='z1'], 0x2)
process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
utime(&(0x7f0000000400)='./file0\x00', &(0x7f00000002c0))
read$FUSE(r1, &(0x7f00000030c0), 0x1000)
read$FUSE(r1, &(0x7f0000001000), 0x10da)
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffff9c, 0xa)
close(0xffffffffffffffff)
write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f67012", 0x1f7)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000340)='/dev/dri/card#\x00', 0x3, 0x200)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r3)
dup2(r3, r3)

[  187.517826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  187.597461] IPVS: ftp: loaded support on port[0] = 21
[  187.745719] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  187.906416] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.932112] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.941487] device bridge_slave_0 entered promiscuous mode
[  188.021179] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.034043] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.050827] device bridge_slave_1 entered promiscuous mode
[  188.132157] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  188.234465] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  188.307134] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  188.355859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  188.458398] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.469746] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.477155] device bridge_slave_0 entered promiscuous mode
[  188.615417] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.622706] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.631131] device bridge_slave_1 entered promiscuous mode
[  188.654591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  188.707659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  188.773359] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  188.807945] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  188.931176] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  188.942192] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  188.963896] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.978965] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.987168] device bridge_slave_0 entered promiscuous mode
[  189.109731] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.116198] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.128242] device bridge_slave_1 entered promiscuous mode
[  189.153045] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  189.168106] team0: Port device team_slave_0 added
[  189.277890] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.290696] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.300183] device bridge_slave_0 entered promiscuous mode
[  189.308791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  189.323765] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  189.331462] team0: Port device team_slave_1 added
[  189.350620] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.446418] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.455098] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.469483] device bridge_slave_1 entered promiscuous mode
[  189.478358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  189.522088] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  189.541280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  189.651767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  189.708258] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  189.716272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  189.730182] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  189.737587] team0: Port device team_slave_0 added
[  189.757628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  189.770834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  189.779016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  189.798891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  189.813577] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.829946] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  189.842558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  189.851304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  189.859254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  189.880385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  189.912258] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  189.926951] team0: Port device team_slave_1 added
[  189.942801] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  189.977446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  189.991916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  190.022050] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  190.061274] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  190.111926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  190.120436] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  190.130163] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.136525] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.146447] device bridge_slave_0 entered promiscuous mode
[  190.168561] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  190.201861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  190.208704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  190.230572] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  190.271825] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.278217] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.301314] device bridge_slave_1 entered promiscuous mode
[  190.335337] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  190.365880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  190.384086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  190.406276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  190.442443] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  190.455795] team0: Port device team_slave_0 added
[  190.469848] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  190.500233] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  190.508527] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  190.540647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  190.592584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  190.613279] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  190.643526] team0: Port device team_slave_1 added
[  190.651529] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  190.665841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  190.704485] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  190.712947] team0: Port device team_slave_0 added
[  190.788684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  190.795672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  190.809246] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  190.868174] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  190.897620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  190.907669] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  190.941580] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  190.948986] team0: Port device team_slave_1 added
[  190.970154] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  190.991899] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  191.000092] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.030465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  191.077270] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  191.126977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  191.144207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  191.160215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  191.172321] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  191.184413] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  191.207774] team0: Port device team_slave_0 added
[  191.220101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  191.240417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  191.256037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  191.372980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  191.390202] team0: Port device team_slave_1 added
[  191.399216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  191.435517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.446063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  191.503528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  191.566375] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  191.587181] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  191.599543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  191.639932] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  191.646987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  191.660926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  191.726658] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  191.751754] team0: Port device team_slave_0 added
[  191.809950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  191.817115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.840850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  191.883736] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.890273] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.897240] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.903666] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.918271] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  191.936162] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  191.944206] team0: Port device team_slave_1 added
[  191.968513] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  191.986235] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.992662] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.999308] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.005723] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.064201] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  192.071467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  192.079534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  192.098300] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  192.128157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  192.149218] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  192.313599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  192.433175] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  192.461045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  192.472635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  192.579819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.587411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.612997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  192.623624] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  192.670679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  192.693818] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.700258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.706928] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.713363] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.738024] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  193.105787] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.112226] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.118882] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.125309] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.142175] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  193.600086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  193.610623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  193.667684] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.674133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.681096] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.687469] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.720585] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  194.148023] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.154475] bridge0: port 2(bridge_slave_1) entered forwarding state
[  194.161986] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.168357] bridge0: port 1(bridge_slave_0) entered forwarding state
[  194.194526] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  194.640390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  194.647901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  196.950792] 8021q: adding VLAN 0 to HW filter on device bond0
[  197.245554] 8021q: adding VLAN 0 to HW filter on device bond0
[  197.362312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  197.750602] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  197.880479] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  197.886959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  197.897881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  198.267575] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  198.290430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  198.310451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  198.335711] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.347213] 8021q: adding VLAN 0 to HW filter on device team0
[  198.510812] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.749164] 8021q: adding VLAN 0 to HW filter on device team0
[  198.821328] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.885524] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  199.032721] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  199.270353] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  199.301381] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  199.307533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.317135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  199.442994] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.480247] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  199.486426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.510378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  199.820634] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  199.830667] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  199.837560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.851488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  199.886436] 8021q: adding VLAN 0 to HW filter on device team0
[  199.967677] 8021q: adding VLAN 0 to HW filter on device team0
[  200.240783] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  200.246970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  200.279987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  200.304730] 8021q: adding VLAN 0 to HW filter on device team0
[  200.671509] 8021q: adding VLAN 0 to HW filter on device team0
03:12:28 executing program 0:
socketpair(0x1, 0x0, 0x12ce, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = accept(r0, 0x0, &(0x7f0000000040))
socketpair(0x1, 0x2, 0x7, &(0x7f0000000080))
r2 = semget$private(0x0, 0x2, 0x88)
semctl$GETZCNT(r2, 0x3, 0x7, &(0x7f00000000c0)=""/158)
fsync(r1)
setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000180)="fa059645ff96667590b587ad9d92ecead6dd4863b26cb37b217aabd9f868cbbe62226b577a3c883de788035054904cc1b8b54d4090e1b13ff49b8de148eea922fc0db95a67afc291b46eae437bfdc89cc67d147d04f7e473389788ceb751b99f08edc8253927825e8512a06978b7ad7fbdea91f04a58d5a90b02a5a4f0567fc9b14dfcb04d10d8b30617fd3fbca8", 0x8e)
pipe2(&(0x7f0000000240)={<r3=>0xffffffffffffffff}, 0x10000)
r4 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0xebdacafa009aac6b)
renameat(r3, &(0x7f0000000280)='./file0\x00', r4, &(0x7f0000000300)='./file0\x00')
accept(r1, &(0x7f0000000340)=@in, &(0x7f0000000380)=0xc)
open(&(0x7f00000003c0)='./file0\x00', 0xb00, 0x31)
accept(r3, &(0x7f0000000400)=@in6, &(0x7f0000000440)=0xc)
fcntl$setflags(r0, 0x2, 0x1)
r5 = shmget(0x2, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r5, 0x3)
shmget(0x3, 0x3000, 0x80, &(0x7f0000ffb000/0x3000)=nil)
shmget$private(0x0, 0x2000, 0x20c, &(0x7f0000ffc000/0x2000)=nil)
faccessat(r4, &(0x7f0000000480)='./file0\x00', 0x18, 0x2)
semctl$SETVAL(r2, 0x0, 0x8, &(0x7f0000000540)=0x81a4)

03:12:28 executing program 0:
socket$inet6(0xa, 0x0, 0x6)
openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x0)
io_setup(0x0, &(0x7f0000000380))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz1\'u\xca\x1eV\xb8*k,\x96\x104[\xf0\x84\x1f\x9c\x01\x02\xea\x83\x17\xe1\xc2\xfdz\xd8\x19\xa4\xe09', 0x1ff)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)}], 0x1, 0x0, 0x0, 0x8044}, 0x440c4)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a45321, &(0x7f0000000480)={{0xffffffffffffffff, 0x6}, 'port1\x00', 0xf, 0x0, 0x7fffffff, 0x5, 0x7, 0x143c, 0x0, 0x0, 0x0, 0x2})
ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, 0x0)
capset(&(0x7f0000581ff8), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x40000000b30, &(0x7f0000000000)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000040)=[{}], &(0x7f0000000140)={0x0, 0x1c9c380}, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000300)={'ah\x00'}, &(0x7f0000000400)=0x1e)

[  201.661238] hrtimer: interrupt took 43164 ns
03:12:28 executing program 0:
socket$inet6(0xa, 0x0, 0x6)
openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x0)
io_setup(0x0, &(0x7f0000000380))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz1\'u\xca\x1eV\xb8*k,\x96\x104[\xf0\x84\x1f\x9c\x01\x02\xea\x83\x17\xe1\xc2\xfdz\xd8\x19\xa4\xe09', 0x1ff)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)}], 0x1, 0x0, 0x0, 0x8044}, 0x440c4)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a45321, &(0x7f0000000480)={{0xffffffffffffffff, 0x6}, 'port1\x00', 0xf, 0x0, 0x7fffffff, 0x5, 0x7, 0x143c, 0x0, 0x0, 0x0, 0x2})
ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, 0x0)
capset(&(0x7f0000581ff8), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x40000000b30, &(0x7f0000000000)=<r0=>0x0)
io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000040)=[{}], &(0x7f0000000140)={0x0, 0x1c9c380}, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000300)={'ah\x00'}, &(0x7f0000000400)=0x1e)

03:12:29 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x3c)
memfd_create(&(0x7f0000000040)='proc,\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000002d40), 0x2bc}}, {{0x0, 0x0, &(0x7f0000000040), 0x361, &(0x7f0000000140)}}], 0x40001ab, 0x0)

03:12:29 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000001, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000140)={'bridge0\x00\x00\x00\x00\x80\x00', &(0x7f0000000000)=@ethtool_cmd={0xd, 0x0, 0x2}})

03:12:29 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000075040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x1800000000000d00, 0xe, 0x0, &(0x7f0000000440)="b90703e6680d698cb89e40f088a8", 0x0, 0x0, 0x6000}, 0x28)

03:12:29 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
setrlimit(0x7, &(0x7f000000f000))
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

[  202.763730] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
03:12:29 executing program 1:
r0 = getpgrp(0x0)
r1 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={0xfffffffffffffffe}, 0x0, 0x8)
rt_tgsigqueueinfo(r0, r1, 0x10000000036, &(0x7f0000000080))
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
read(r2, &(0x7f00000001c0)=""/128, 0x3ea)

03:12:30 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = socket(0x10, 0x80002, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000f000600000016ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

03:12:30 executing program 3:
syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

03:12:30 executing program 0:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x177586c)
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
lremovexattr(&(0x7f0000000280)='./file0\x00', &(0x7f0000000240)=@known='trusted.overlay.impure\x00')
write$P9_RLERROR(r0, 0x0, 0x0)
clone(0x0, 0x0, 0x0, 0x0, 0x0)

[  204.095084] XFS (loop3): Invalid superblock magic number
03:12:31 executing program 1:
r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
r1 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r1, 0x1000008912, &(0x7f0000000640)="0a5c2d023c126285718070")
write$apparmor_current(r0, &(0x7f0000000080)=@profile={'changeprofile ', '&]proc(\x00'}, 0xf)

03:12:31 executing program 4:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x0, 0x0)
write$FUSE_POLL(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, '\x9e\xdez\x8cZ\xe9^\xc8g,\x934\x0fd:fO\x13\xee\xabe\xc02)\x01\xdck\xd3l\xde,Q\xf0\x1b\x7f\v\x01O\x9f\x91\xee\xb7\xc3|r@\xf4v\xc8\xd7S\xd0\x00\xaa\x8f\xaf\x8f\xb5t\xdb\xcf\xa6\xdcM', 0x20000000000000})
futex(0x0, 0x0, 0x10000000000, &(0x7f0000000040)={0x77359400}, &(0x7f0000048000), 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0)
clock_gettime(0x7, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0)
write$cgroup_pid(r0, &(0x7f0000000080), 0xfffffe38)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x660c, 0x0)
open(&(0x7f0000000280)='./bus\x00', 0x141042, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f0000000000)={0x3, 0x7, 0x80000000, 0xffffffff})
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8, 0x4002091, 0xffffffffffffffff, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000300)={0x3}, 0x0, 0x8)
ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, 0x0)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x2f, 0x1, @thr={&(0x7f00000007c0)="26c56673640a7bef669933dec90ec53181f345b27f8e90361e1aaa368ef1dea19b432fb2c0699e15d2a983c6556afb2d0c8c844f06a9a1ba85b2de1323ba72b19b1635bd0127f3770a4e7e4a21a7af307ca56b1f3fb4b26dfcf8a5271d4647527fa1ada8aa5bccd407181e6af37d15e0f37f09ab2714dbdfa7770b3751742afcbb91c1cd9ed85fe619f27ef05e3e3ecbfd690a6168115ed11afe8973399c70b5d53a0cf5625b6ec3be45fa892cf1d49947d3aa397c4210dad2033397880a54c3e9d203660a53ad51da74aaab76a1ea38e522c22e02ea320cd57dfa7a39480f0b18a6cee864111e909cca701d155f0523dfda846e1be195396b5601509e6a8777d1bfc8c63f766105e6225d72c907f1699362ddab02e9613a50f4278f5ef775840b74001ea970f39a7cd71d1d502a197d4562b77da9edbd9f96af4971ff94ab03eeb39c80a31286bdb7fdb894334b75b489ddd1d43cd17344644bb1bc91d61ed4fb21c03acdca97901ac570347611beda426df0b9e15abad3f6f06e1f3c645e5a2a6172d27a695c8cb0490ba2d86cee74ac83bd10cb6bab44aa23052a7528e366e0e11cccd92d3bd570538ddfb42a278ef415e71bae00393bcf14680f96d58071e44c42ec0b2fe11cf332550d0ae6a4cdade27c83405242dec32e855fc3810d878895bb5b1e2b8d5a2ca8d5d7c9dab3f370f479cc91e4510a551e1f6487076ed3b7309cd6e3a2ef496e1976e67048aa4b8969f4ae0d364f705c6c1241c7228f0f93a5bed1b646f099e35d312c3a91095f4dbd17c71647dd914e25a82391704dabc51098548d13a7dcd9dcd167d2de63a5e7d2a6ce5013cd23e8353a3c47ad329b79ef5135dfb8c1dade972a7bca56089fc841d33fc85e00b6aac5fbff2655b35a1e711fb02380708c7d79b6c38a37926ae7aeb1797b1b24e13e8f5d2e5d4b1e8a8be140bf37bfe2b693296d26d225595f0b4c015b808b9a37cd167aab25fb7ca630a1bd92777bd44153ed7f5c8dacb673f1eef76a01e70f8894ff69a68135e2605e6fb01b5ca0395cd0421fe39e014d0af093f6246d7cfca859b61c0f743a90892d7deadc27ffa7104f4fa74c555ba1b6a762691919f47cc24ca1b0fef0c50c931d8dcffe02bb882ae5061788e3b25a753156d3c1bbe852c617ded86a75499d22051ba57cd835d87a5cbf42bd8296942d85497eb336224c1233da2c6fd15a563565af99e645b219b34645a703433917c5fe569b531e40f312ce062688733fdb1313c85f7dafbcf87d8dc8e24b2940d3f9bcd6eec99ee11f073cc6ebb658353b801e832e548b02d8dbdff723917ad2ffa7675cb57d90ab04470144e5fefdf0fa5581cb87ce26181cb5fd3d4bf1bce4d6be13205b9fec314eca31c20dbbc0eb07e0d563c171d45d73bfd29fa2421270a98fe31c7f7b8608e4e480d56c950c81672eec0c5fcf51a8516dfce696d03a9bc9849f159898dc603b7725b85e3d21d6cc8502ea4f7548fa1170f4a2afbbe59493b9769a11105144994c596a66da09f03ae30aedb2f1ec49427f6eedb5a145293d0d167fe737602a3f2e997b23c9c4f06a4c5e22206255256bbb2ca9c09db87ba5df9e595ea61d9422751f58876f26d348aa6abd2851990fdad66fff33611a7c9f28d12b8f76c58d4d47a236eb74bc77ec9809552a7bdc45bdf9e30d2dbe94bcdb2253c5527f685926c11019336b3ead6e7997b89194355285e2de2cc0b055068fc296540b4f2c27cec67af83c71466f3ef53033d17f1f5cbecb44e78697f35356ee8f87dd3d8cf83fb14e2fceff8d30fa357024dbb73a69be770deefc3ebb65e1737bed68df5becdf1f837691bbcbb742f9265ca81014b1a18f65a414ebead849be74f954505c5783a5705d4830f0c8f5f22926b56db18aa1698e784d04dc57fb2a7601121f6ee8f29b368afc2adcd5b26b8a005c0f37083a8f7d40c7792465a611aec83c3957d2e7b85cdca8b163c40fc36d6e586061a5be077b37e16a2281487a003e7ee33aecd5f2b44869a8abb79ea54477a867ab9d08a907e4f36d0a50a472e28809609e2858f1d3107dff18eaf141d1ecac9731810c6c06b81d77a455726cd0320bb0d5286454e905b533f0311aa38bf6d2bb0b25a45c8f5d4466b21968fbcb1efc6f603f64fa92309ddfcd2ed37571bedb683f65d41ea872c049d18dd7629125a16c633fb0c0bcf3edfa2eb5ba623f02bc8ef778a1dc5dcf684e9fa175561981fc9442627cd3527260d5d7f1b81f21356a29aecf17554412a05ba19a57d80ea9a23c75956e213ffa0e59864486e837d6d163c7c056ee82cc5b36c5a55a518123993870727f5f47dc7ee94ff1eba9fcfd3d84336843db5a0c988d46f67e855e7e7ea9a5fbf11771e211eb5b5c645368b32f6a2d7c6c44df6ae9afd1e9c5b5242cae0892eacba1252aaeb85e759d029402eb5e860ae3849a94ae367bbeca8f9a2f93c92c53f62cc58e28444aed00dd29f883a5bfb0ffd4531c67cfaf8f5aebcf1a6c9748596c46927ad101dd9eb27251f69ad8b51e384708c0ee319ba951263bc43d44c26526e437dcddfff63f066f1a23bad7bfe8218fec7ca34200bd7751b74a52e8b5c63f1bd59a41afbdde96a689eb011cf1002ec0bad80953292edf48a6fe72f722ed81668513112d8b9bd0c7fcea60dca6330d7b0f3b38c9bf67b701d5a0b62c4fa7dfda65138726ed089e80ae2934adea1202e4045cc868c199af60a2514d9adcb60db339a33d89563be8a7ac14eb303446647f90bee7ee425687db547ad29e531f18a2cedb94c684845550b6803ce511cc7a49e2eda4d21e05874bcbd13c42316dc24060424611fb8b8237fef390f46feb5a7263a6f84ac59368011ca8dcbe9294a2b31cbdc412874e349f62778217355103742b86e8dc52821095fa5a5739010d0f0c5886c0071c8dea2213e75b6ec5ced22d9d5553825569acd6a126d390ff233d0b95a1af94741a61024789055e0d5a22ce781a00f3c926da62c5855a615b55fbc1f158b8d782fca351068267b25df60b2ad8465de3ba63fd61ed9e57c41c56f4ca6efc36667f7acaf704922eaea4f0843da9cd6127c8635eb802aabe761066e5545664329f597ab8d1950d7afb6af40c52c5d9fede24ad14f7514e5060c5a368a47a9f186d32c83ebeb225dd995ea90d9b6e2a125a6cded5d7744fb9ac58902cc12560d6f3c409ae834808556fab74491d4cf9d08d077910e0b57d9d35ef6103cb55749154a62ae6d0b44b12093bfed8811e066c96fb4d0359cc117f140201f2299ed93e4751ef85a597e6b9dd43e591aaa106bc3bc5e71c8552a6b188c1bbfa98bbc5999d6f5647d6cf25cc9240fef89027fc715f24cf06301db4214eb87aa0b449491bde927b982b59605e0f80949d0381e0895380d323df1543c6291784da4306b6455323c1d21884a77516ad3de6e046123f3724f7cc8241567ae474e40c5ad7ea7c1f055f0ae7a303c6b0773f27a02d60b85bce38c25ed008059ce8eb5a9166d6078a79f47511e2b22bf794d31e77dfb269d8d5eaca145e68522d413d8372aff65000630b5f8400a8fda3bf5b75301eeec9988d736951d496a33226b92783c0898326c8f021bcf4a0add27b54e1948a3c62d4aa2d063a4a86e9652853a0a75db3cdf11a519db9da08f790e17c4ad51643ac5c4cd83a5076d428ea4b0625f2ece817b7c6481e1b78e39b21731c2e5e3fb4105e31d857637eabe35e27e3b2144eec0ff9ae596e69a7a0cb569fbbeecc3b32256e60a3109385b0995f1c90a1f68a41e7a6e06af637c671b28bf8eab1789859389bbdcf97743e5838753aea487c82f6a7b45286fa130b47b5883f96b28474d8de4646e0c1cf6dfe652206720018f8e5383b587289c9e138ba6292f41533d7c3bac2ed775663b03976474d889d8d741619e852a0e1cea68d16f71ec57b2c40111d1964c1c3612ebf1e0e09a4afcc95518d23124545ff5e4e910d26320bed5dbf68a7d4dde7730a45017375e3f85b33a2aa959de9ecb8602820470f35ef0fd1700e39d0f028110993b54f210d3e7035ec377066fb5b8259cc44d35e952372ebbd751f31d728d49816188b8277e783d3d008b78917a80baf90b41e5dff65d01bbb820b46b1b23b7b27b5ce5792e48da57979775de548a8793e8edc44ad3a42fc477dad8dfdef49dd78f97447f3826d3e31f7a7f104a667990bea7874327b7078f456cb8358b617c72c956d03df4bfbce90b670c2df0b1a2fcb0ee5b6a37681f88239b80e7c519f0ca762d2e66d371be91d16dd83c090db0b255023853469e4a0b44d3edf1e22232521728bdb2b1f5217bd3023786ea96765f56f964d3045dc2d4dad5c5cd5a4150863eb7af881c472c46549e29c4aeec925353c9646945bd80e9c7b807f67fe4b21b356628592a89e06227171442f7429ba073775ab963e5d5eff85c4e4d04c3018fcfe6a8c8619e4fc6ee43e0f53941c7545e894df630b72c035a5b3e48f52f29298f6dc72fea7c284e8ac9d5ce36b8c4472b7964aa267fbd151d6c64f9735bf7ca229d9e36a9f272b14ff43f5ac18682c78996d907651c1224e902880496824127d6a115c2647c95c87ee0424f2c25db893833529f1ac862df4fe1613d27291cbc82a2a75589900c3e0281a2305b31710bf325abd98e6cf7521b9d4ad1b34cf33439b8b0dcdb0ecdb47689fc4d9322e6adaaab1228daf942af50376033a3d1666ca1775084d493dc2658805cee69f854dc3c67e6e0eb49c357e273759f2ad9e039b7c8a1fe421d0ee2885cd216136a5d938aa752701bfe8af233bd5330891a3e8d915401a5a62d3aeec22980a29d0ab7faa09259d987476a36416b81bf6c69e6176b85d78d8be3e146bcb429dd148b31bb3e00512610d783392217d8e84f57520fac2d9a489129de708c23cc1ab1a8e8bc076886e07dc8be4a033301a1d80b17e45041be477fa24922b05193f285417b5c69bc711c1f76284de9234b6d62d3d846d61dac80e7f5100a76b5cfc5c7becd059a56fd8af9a9647408db618134e909009337a4e400624016cc9aad85382ceda1ebc0fbd883e29e03112ecf87af1fa5bff48ad916e897e24e166c5550e546de274afce197fcf42bffb1e97811f85ac2daf96adeca62a9db94c5baaf8e9cdb8c453be01be88c9c2843c6664ec43845bc64cc385a04753d6a5e047b344dc70f699586f62715f378f215c487e6daf3fd80e6a2502a6610a38dbed46b2030ac0ebd49e0dfff1d3b1cddb90eb4ba99b1d696671156698baff139aa40466ac03adaf7c576f6d6fe2e6719d6dcca60c0edb338a8a2b030f88ebd9fac8de4384ae3af5f667d9e37fefe9ba5a38deeaa9921be7b0aca30ec5b8837b4a317cef18226372af3c03ac7c300950a3d66dbbf4311bf88ef93288d978d6c5aa46848362317b7b092977c3f0a0022872919449f34077944b442f183605529ab1ce3636debad8a98ede35719f3ef4b77223f77a98c8a020350c9e2526b3809222e815419c3537956b600a5345d2769fbf732009c52db801fc60dfcccf6f75a409eddb2b3e1f72ee3670fee51350db7ecca8574aee82f3d6c1b1cd78b0bb9cfaf5a96116640d358d9bd5e994105bfe40b60324a0a5b1a9c38751282ce413a49ff5605d0cace040f6a110e63d6757a3af37d679376e3ea69588919789c8d2b6955dbf05d7cfddb95ade94b0c99c83fe8f3d1081f93a4b4d9c6cafc451bc3e2efe25267a7cbcf145369b90b2b66fd331b70e6cae0a730e97836c7216a8368fcef05865122f", 0x0}}, &(0x7f0000000240))
r1 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}})

03:12:31 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = socket(0x10, 0x80002, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000f000600000016ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

03:12:31 executing program 3:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4)
connect$inet(r0, &(0x7f0000000440)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x40000000000002f, 0x0)

03:12:31 executing program 0:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x177586c)
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
lremovexattr(&(0x7f0000000280)='./file0\x00', &(0x7f0000000240)=@known='trusted.overlay.impure\x00')
write$P9_RLERROR(r0, 0x0, 0x0)
clone(0x0, 0x0, 0x0, 0x0, 0x0)

03:12:31 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback})
ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000280)={0x0, 0x4000000000088, 0x0, 0x40, &(0x7f0000ffa000/0x4000)=nil, 0x10e15})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000300)={0x0, @time={0x0, 0x989680}, 0x6, {0x1}, 0x6, 0x0, 0x3})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000600)={0x1000, 0x2, 'client0\x00', 0x0, "f53f0094036c6c00", "63f91a3c787b91ec03f9fd428f0172e2c149b83499973de883ddba09a57dcc0e", 0x3, 0x33093e40})
userfaultfd(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
getresuid(&(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000380))
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB])
ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000006c0)=""/186)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200))
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB='z1'], 0x2)
process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
utime(&(0x7f0000000400)='./file0\x00', &(0x7f00000002c0))
read$FUSE(r1, &(0x7f00000030c0), 0x1000)
read$FUSE(r1, &(0x7f0000001000), 0x10da)
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffff9c, 0xa)
close(0xffffffffffffffff)
write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f67012", 0x1f7)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000340)='/dev/dri/card#\x00', 0x3, 0x200)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r3)
dup2(r3, r3)

[  204.901553] audit: type=1400 audit(1545621151.614:31): apparmor="DENIED" operation="change_profile" info="label not found" error=-22 profile="unconfined" name="&" pid=7846 comm="syz-executor1"
[  204.947426] audit: type=1400 audit(1545621151.634:32): apparmor="DENIED" operation="change_profile" info="label not found" error=-22 profile="unconfined" name="&" pid=7846 comm="syz-executor1"
03:12:31 executing program 1:
r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
r1 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r1, 0x1000008912, &(0x7f0000000640)="0a5c2d023c126285718070")
write$apparmor_current(r0, &(0x7f0000000080)=@profile={'changeprofile ', '&]proc(\x00'}, 0xf)

03:12:31 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback})
ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000280)={0x0, 0x4000000000088, 0x0, 0x40, &(0x7f0000ffa000/0x4000)=nil, 0x10e15})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000300)={0x0, @time={0x0, 0x989680}, 0x6, {0x1}, 0x6, 0x0, 0x3})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000600)={0x1000, 0x2, 'client0\x00', 0x0, "f53f0094036c6c00", "63f91a3c787b91ec03f9fd428f0172e2c149b83499973de883ddba09a57dcc0e", 0x3, 0x33093e40})
userfaultfd(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
getresuid(&(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000380))
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB])
ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000006c0)=""/186)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200))
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB='z1'], 0x2)
process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
utime(&(0x7f0000000400)='./file0\x00', &(0x7f00000002c0))
read$FUSE(r1, &(0x7f00000030c0), 0x1000)
read$FUSE(r1, &(0x7f0000001000), 0x10da)
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffff9c, 0xa)
close(0xffffffffffffffff)
write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f67012", 0x1f7)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000340)='/dev/dri/card#\x00', 0x3, 0x200)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r3)
dup2(r3, r3)

03:12:31 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = socket(0x10, 0x80002, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000f000600000016ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

03:12:31 executing program 1:
syz_genetlink_get_family_id$ipvs(0x0)
clone(0xc02102000fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x5, &(0x7f0000000040))
seccomp(0x1, 0x0, &(0x7f0000000300)={0x1, &(0x7f00000002c0)=[{0x74, 0x0, 0x0, 0xdae6}]})
setsockopt$inet6_MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
getsockname(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={0x0, 0x80000, r0})
keyctl$set_timeout(0xf, 0x0, 0x0)

03:12:32 executing program 1:
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)

03:12:32 executing program 1:
syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0)
mknodat(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
creat(0x0, 0x0)

03:12:32 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10)
write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x263313e)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100)

03:12:33 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000080))
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
io_setup(0x6, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

03:12:33 executing program 1:
r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f00000002c0))

03:12:33 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

03:12:33 executing program 1:
r0 = socket$unix(0x1, 0x1, 0x0)
write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0xfffffffffffffc98, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
getgid()
listen(r1, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
r2 = accept4$inet(r1, 0x0, 0x0, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0)
accept(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
dup3(r2, 0xffffffffffffffff, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f00000001c0), 0x4)

03:12:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300140006000000000000000000000000000000000008000500ac14141a080003000100000f010008"], 0x1}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)={0x14, 0x0, 0x0, 0x0, 0x25dfdbfc}, 0x14}}, 0x0)
setxattr$security_evm(&(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x204080c8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, &(0x7f0000000140), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:12:34 executing program 4:

[  207.977145] ==================================================================
[  207.984665] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160
[  207.991253] Write of size 832 at addr ffff8881b0f7abc0 by task syz-executor5/7932
[  207.998868] 
[  208.000515] CPU: 0 PID: 7932 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172
[  208.009004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  208.018363] Call Trace:
[  208.020995]  dump_stack+0x244/0x39d
[  208.024638]  ? dump_stack_print_info.cold.1+0x20/0x20
[  208.029832]  ? printk+0xa7/0xcf
[  208.033132]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  208.037913]  print_address_description.cold.4+0x9/0x1ff
[  208.043284]  ? fpstate_init+0x50/0x160
[  208.047181]  kasan_report.cold.5+0x1b/0x39
[  208.051430]  ? fpstate_init+0x50/0x160
[  208.055338]  ? fpstate_init+0x50/0x160
[  208.059242]  check_memory_region+0x13e/0x1b0
[  208.063660]  memset+0x23/0x40
[  208.066777]  fpstate_init+0x50/0x160
[  208.070504]  kvm_arch_vcpu_init+0x3e9/0x870
[  208.074844]  kvm_vcpu_init+0x2fa/0x420
[  208.078761]  ? vcpu_stat_get+0x300/0x300
[  208.082850]  ? kmem_cache_alloc+0x33f/0x730
[  208.087192]  vmx_create_vcpu+0x1b7/0x2695
[  208.091351]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  208.096481]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  208.101099]  ? preempt_schedule+0x4d/0x60
[  208.105273]  ? preempt_schedule_common+0x1f/0xe0
[  208.110039]  ? vmx_exec_control+0x210/0x210
[  208.114414]  ? ___preempt_schedule+0x16/0x18
[  208.118851]  ? kasan_check_write+0x14/0x20
[  208.123090]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  208.128060]  ? wait_for_completion+0x8a0/0x8a0
[  208.132660]  ? print_usage_bug+0xc0/0xc0
[  208.136738]  ? migrate_swap_stop+0x8a0/0x8a0
[  208.141171]  kvm_arch_vcpu_create+0xe5/0x220
[  208.145593]  ? kvm_arch_vcpu_free+0x90/0x90
[  208.149934]  kvm_vm_ioctl+0x526/0x2030
[  208.153871]  ? kvm_unregister_device_ops+0x70/0x70
[  208.158848]  ? mark_held_locks+0x130/0x130
[  208.163112]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  208.168330]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  208.173445]  ? futex_wake+0x304/0x760
[  208.177299]  ? __lock_acquire+0x62f/0x4c20
[  208.181562]  ? mark_held_locks+0x130/0x130
[  208.185809]  ? graph_lock+0x270/0x270
[  208.189623]  ? do_futex+0x249/0x26d0
[  208.193348]  ? rcu_read_unlock_special+0x370/0x370
[  208.198310]  ? rcu_softirq_qs+0x20/0x20
[  208.202297]  ? unwind_dump+0x190/0x190
[  208.206207]  ? find_held_lock+0x36/0x1c0
[  208.210326]  ? __fget+0x4aa/0x740
[  208.213795]  ? lock_downgrade+0x900/0x900
[  208.217967]  ? check_preemption_disabled+0x48/0x280
[  208.223023]  ? kasan_check_read+0x11/0x20
[  208.227204]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  208.232495]  ? rcu_read_unlock_special+0x370/0x370
[  208.237445]  ? __fget+0x4d1/0x740
[  208.240915]  ? ksys_dup3+0x680/0x680
[  208.244648]  ? __might_fault+0x12b/0x1e0
[  208.248725]  ? lock_downgrade+0x900/0x900
[  208.252887]  ? lock_release+0xa00/0xa00
[  208.256871]  ? perf_trace_sched_process_exec+0x860/0x860
[  208.262335]  ? kvm_unregister_device_ops+0x70/0x70
[  208.267275]  do_vfs_ioctl+0x1de/0x1790
[  208.271179]  ? ioctl_preallocate+0x300/0x300
[  208.275613]  ? __fget_light+0x2e9/0x430
[  208.279596]  ? fget_raw+0x20/0x20
[  208.283059]  ? _copy_to_user+0xc8/0x110
[  208.287048]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  208.292593]  ? put_timespec64+0x10f/0x1b0
[  208.296751]  ? nsecs_to_jiffies+0x30/0x30
[  208.300915]  ? do_syscall_64+0x9a/0x820
[  208.304898]  ? do_syscall_64+0x9a/0x820
[  208.308886]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  208.313516]  ? security_file_ioctl+0x94/0xc0
[  208.317954]  ksys_ioctl+0xa9/0xd0
[  208.321428]  __x64_sys_ioctl+0x73/0xb0
[  208.325330]  do_syscall_64+0x1b9/0x820
[  208.329528]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  208.334915]  ? syscall_return_slowpath+0x5e0/0x5e0
[  208.339857]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  208.344749]  ? trace_hardirqs_on_caller+0x310/0x310
[  208.349775]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  208.354808]  ? prepare_exit_to_usermode+0x291/0x3b0
[  208.359869]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  208.364756]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  208.369943] RIP: 0033:0x457669
[  208.373130] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  208.392016] RSP: 002b:00007f0ce7382c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  208.399710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669
[  208.406966] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  208.414222] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  208.421477] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ce73836d4
[  208.428728] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff
[  208.436008] 
[  208.437619] Allocated by task 7932:
[  208.441236]  save_stack+0x43/0xd0
[  208.444670]  kasan_kmalloc+0xcb/0xd0
[  208.448365]  kasan_slab_alloc+0x12/0x20
[  208.452328]  kmem_cache_alloc+0x130/0x730
[  208.456458]  vmx_create_vcpu+0x110/0x2695
[  208.460588]  kvm_arch_vcpu_create+0xe5/0x220
[  208.464977]  kvm_vm_ioctl+0x526/0x2030
[  208.468846]  do_vfs_ioctl+0x1de/0x1790
[  208.472716]  ksys_ioctl+0xa9/0xd0
[  208.476155]  __x64_sys_ioctl+0x73/0xb0
[  208.480026]  do_syscall_64+0x1b9/0x820
[  208.483912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  208.489093] 
[  208.490710] Freed by task 0:
[  208.493705] (stack is not available)
[  208.497397] 
[  208.499024] The buggy address belongs to the object at ffff8881b0f7ab80
[  208.499024]  which belongs to the cache x86_fpu of size 832
[  208.511318] The buggy address is located 64 bytes inside of
[  208.511318]  832-byte region [ffff8881b0f7ab80, ffff8881b0f7aec0)
[  208.523086] The buggy address belongs to the page:
[  208.527998] page:ffffea0006c3de80 count:1 mapcount:0 mapping:ffff8881d50d5040 index:0x0
[  208.536137] flags: 0x2fffc0000000200(slab)
[  208.540371] raw: 02fffc0000000200 ffff8881d485e348 ffff8881d485e348 ffff8881d50d5040
[  208.548238] raw: 0000000000000000 ffff8881b0f7a040 0000000100000004 0000000000000000
[  208.556097] page dumped because: kasan: bad access detected
[  208.561788] 
[  208.563475] Memory state around the buggy address:
[  208.568391]  ffff8881b0f7ad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
03:12:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
clone(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000080))

03:12:35 executing program 0:

03:12:35 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

03:12:35 executing program 1:

03:12:35 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x3f, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000280))
close(r0)

03:12:35 executing program 1:

[  208.575734]  ffff8881b0f7ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  208.583075] >ffff8881b0f7ae80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  208.590414]                                            ^
[  208.595854]  ffff8881b0f7af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  208.603207]  ffff8881b0f7af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  208.610545] ==================================================================
[  208.617881] Disabling lock debugging due to kernel taint
[  208.670866] Kernel panic - not syncing: panic_on_warn set ...
[  208.676790] CPU: 0 PID: 7932 Comm: syz-executor5 Tainted: G    B             4.20.0-rc6-next-20181217+ #172
[  208.686669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  208.696202] Call Trace:
[  208.698378] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env
[  208.698803]  dump_stack+0x244/0x39d
[  208.698821]  ? dump_stack_print_info.cold.1+0x20/0x20
[  208.698846]  ? fpstate_init+0x30/0x160
[  208.709913] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[  208.713871]  panic+0x2ad/0x632
[  208.713888]  ? add_taint.cold.5+0x16/0x16
[  208.713906]  ? preempt_schedule+0x4d/0x60
[  208.713927]  ? ___preempt_schedule+0x16/0x18
[  208.742689]  ? trace_hardirqs_on+0xb4/0x310
[  208.747027]  ? fpstate_init+0x50/0x160
[  208.749569] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env
[  208.750920]  end_report+0x47/0x4f
[  208.750936]  kasan_report.cold.5+0xe/0x39
[  208.750950]  ? fpstate_init+0x50/0x160
[  208.750966]  ? fpstate_init+0x50/0x160
[  208.750988]  check_memory_region+0x13e/0x1b0
[  208.761759] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[  208.764810]  memset+0x23/0x40
[  208.764827]  fpstate_init+0x50/0x160
[  208.764843]  kvm_arch_vcpu_init+0x3e9/0x870
[  208.764865]  kvm_vcpu_init+0x2fa/0x420
[  208.780595] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env
[  208.786058]  ? vcpu_stat_get+0x300/0x300
[  208.786076]  ? kmem_cache_alloc+0x33f/0x730
[  208.786096]  vmx_create_vcpu+0x1b7/0x2695
[  208.796647] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[  208.797244]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  208.827833] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env
[  208.828838]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  208.828855]  ? preempt_schedule+0x4d/0x60
[  208.828880]  ? preempt_schedule_common+0x1f/0xe0
[  208.853483] kobject: 'loop3' (0000000045817152): kobject_uevent_env
[  208.853663]  ? vmx_exec_control+0x210/0x210
[  208.861269] kobject: 'loop3' (0000000045817152): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  208.864373]  ? ___preempt_schedule+0x16/0x18
[  208.864403]  ? kasan_check_write+0x14/0x20
[  208.882461]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  208.887407]  ? wait_for_completion+0x8a0/0x8a0
[  208.891963] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[  208.892186]  ? print_usage_bug+0xc0/0xc0
[  208.905246]  ? migrate_swap_stop+0x8a0/0x8a0
[  208.908495] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env
[  208.909669]  kvm_arch_vcpu_create+0xe5/0x220
[  208.909683]  ? kvm_arch_vcpu_free+0x90/0x90
[  208.909705]  kvm_vm_ioctl+0x526/0x2030
[  208.909726]  ? kvm_unregister_device_ops+0x70/0x70
[  208.917208] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[  208.920385]  ? mark_held_locks+0x130/0x130
[  208.920404]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  208.920425]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  208.957041]  ? futex_wake+0x304/0x760
[  208.960862]  ? __lock_acquire+0x62f/0x4c20
[  208.965114]  ? mark_held_locks+0x130/0x130
[  208.969377]  ? graph_lock+0x270/0x270
[  208.973207]  ? do_futex+0x249/0x26d0
[  208.974665] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env
[  208.976935]  ? rcu_read_unlock_special+0x370/0x370
[  208.976950]  ? rcu_softirq_qs+0x20/0x20
[  208.976964]  ? unwind_dump+0x190/0x190
[  208.976984]  ? find_held_lock+0x36/0x1c0
[  209.000074]  ? __fget+0x4aa/0x740
[  209.003546]  ? lock_downgrade+0x900/0x900
[  209.007703]  ? check_preemption_disabled+0x48/0x280
[  209.007964] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[  209.012726]  ? kasan_check_read+0x11/0x20
[  209.012743]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  209.012758]  ? rcu_read_unlock_special+0x370/0x370
[  209.012797]  ? __fget+0x4d1/0x740
[  209.039615]  ? ksys_dup3+0x680/0x680
[  209.043340]  ? __might_fault+0x12b/0x1e0
[  209.047434]  ? lock_downgrade+0x900/0x900
[  209.051589]  ? lock_release+0xa00/0xa00
[  209.055573]  ? perf_trace_sched_process_exec+0x860/0x860
[  209.061031]  ? kvm_unregister_device_ops+0x70/0x70
[  209.065966]  do_vfs_ioctl+0x1de/0x1790
[  209.069864]  ? ioctl_preallocate+0x300/0x300
[  209.074297]  ? __fget_light+0x2e9/0x430
[  209.076140] kobject: 'loop3' (0000000045817152): kobject_uevent_env
[  209.078314]  ? fget_raw+0x20/0x20
[  209.088180]  ? _copy_to_user+0xc8/0x110
[  209.092179]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  209.097722]  ? put_timespec64+0x10f/0x1b0
[  209.100965] kobject: 'loop3' (0000000045817152): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  209.101880]  ? nsecs_to_jiffies+0x30/0x30
[  209.115476]  ? do_syscall_64+0x9a/0x820
[  209.119467]  ? do_syscall_64+0x9a/0x820
[  209.123451]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  209.128047]  ? security_file_ioctl+0x94/0xc0
[  209.132500]  ksys_ioctl+0xa9/0xd0
[  209.135980]  __x64_sys_ioctl+0x73/0xb0
[  209.139878]  do_syscall_64+0x1b9/0x820
[  209.143782]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  209.149160]  ? syscall_return_slowpath+0x5e0/0x5e0
[  209.154097]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  209.158998]  ? trace_hardirqs_on_caller+0x310/0x310
[  209.164022]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  209.169044]  ? prepare_exit_to_usermode+0x291/0x3b0
[  209.174071]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  209.178948]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.184151] RIP: 0033:0x457669
[  209.187232] kobject: 'loop0' (00000000fc20fee9): kobject_uevent_env
[  209.187355] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  209.197999] kobject: 'loop0' (00000000fc20fee9): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  209.212636] RSP: 002b:00007f0ce7382c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  209.212651] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669
[  209.212659] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  209.212668] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  209.212676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ce73836d4
[  209.212691] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff
[  209.242580] kobject: 'loop2' (000000004de143cb): kobject_uevent_env
[  209.245338] Kernel Offset: disabled
[  209.277085] Rebooting in 86400 seconds..